{"clientID":"2b71d197-0c21-4234-ba98-2689b888f985","signature":"664610f33aa0503128c41216cec8b65f079ea4ee9ece982d6c7d6715d0fc4e88","encryption":"68cad83b4246825bd81d4bc1059d4620","keyID":"183b753b-7f28-af43-f453-4bd93774f44a","user":"C1AAFC8C323DFDA567B3CD7D0E48C3DD"}

Policies and certifications

CERTIFICATION SCOPE OF APPLICATION
 
ISO 26000
International standard to which the bank adheres since 2014 dedicated to the integration of social responsibility in corporate practice. These are non-certifiable guidelines, in line with the concept of responsibility which does not include obligations but guidance. The areas covered by ISO26000 are: governance of the organization, human rights, worker protection, environment, fairness of management practices, issues relating to customers, community involvement and development
ISO 37001 International standard of reference for organisations in relation to the prevention of corruption and operational tool that adds to the anti-corruption measures already envisaged, at the regulatory level, by individual countries. Certification active since 2019
UNI ISO 45001:2018 Since 2017 the Occupational Health and Safety Management System has undergone an annual inspection by an independent third party which certifies its compliance with current legislation and industry standards. In 2018 has been extended to all branches and in 2019 the transition from the previous standard (BS OHSAS 18001) to the current one has been made.
UNI CEI EN
ISO 50001:2018
Energy Management System (SGE) certification. Certification active since 2012
UNI EN ISO 14001:2015 Environment management system certification. Certification active since 2005
GEEIS-Diversity
Gender Equality European & International Standard is an international certification of the Arborus Association issued through Bureau Veritas and aimed at evaluating the commitment of organizations to include and foster all forms of diversity. The certificate, obtained in June 2021, refers to all the banks and companies of the Group in Italy. 
ISO 27001
The ISO / IEC 27001: 2013 standard specifies the requirements for a correct definition, implementation, management and improvement over time of an Information Security Management System.
ISO 22301
The ISO standard specifies the requirements for effectively designing, implementing and managing a Business Continuity Management System.
eIDAS (Standard Conservation)
In Italy, AgID has decided to include the digital preservation system (Documentary Conservation in accordance with the law) within the eIDAS.
eIDAS (Trust Services)
The EU eIDAS (Electronic IDentification Authentication and Signature) Regulation aims to provide a regulatory basis at EU level for trust services and electronic identification instruments of member states.
PCI DSS Service Provider
The PCI-DSS standard is a standardized set of security requirements that organizations handling payment card data must comply with.
PCI PIN Security
PCI PIN Security includes a comprehensive set of requirements (based on industry standards) for the secure management, processing and transmission of personal identification data (PIN) during card transaction processing payment machines participating in the online and offline International Circuits at automatic teller machines (ATMs and CSAs) and point of sale terminals (POS), to which Intesa Sanpaolo periodically certifies the relative compliance.
EURIBOR The Corporate Governance Code issued by EBF and its annex define the general rules and safety levels applicable to the calculation process of the Euribor index, as well as the specific rules applicable to banks that contribute to the calculation of the Euribor index.
TARGET2 TARGET2 is the new technical platform for Europayments, launched in November 2007. Critical Participants (including Intesa Sanpaolo) have a commitment to self-certify annually that the security of the TARGET2 infrastructure is aligned with the ISO / IEC 27001: 2013 standard.
CAI The creation of an IT archive, defined as the Interbank Alarm Center, is required in Legislative Decree no. 507 of 12/30/99. The subsequent Regulation of the Governor of the Bank of Italy of 29/01/02 defines the requirements that the Banking Institutions must comply with to ensure the security of the information system of the archive itself.
SWIFT
SWIFT has introduced the Customer Security Program (CSP) for its customers to combat Cyber ​​threats, in particular possible fraud.
   
{"toolbar":[{"label":"Refresh","url":"","key":"update-page"},{"label":"Print","url":"","key":"print-page"},{"label":"Alert","url":"","key":"enable-alert"},{"label":"Request for Annual Reports","url":"/en/investor-relations/request-for-annual-reports","key":"business-budget"},{"label":"Financial Calendar","url":"/en/investor-relations/financial-calendar","key":"financial-calendar"}]}