Rules, policies and certifications
In order to prove the consistency of our processes with the best domestic and international standards, Intesa Sanpaolo obtained various types of certification from recognised external organisations.
CERTIFICATION | YEAR LAUNCHED | SCOPE OF APPLICATION | |
PCI/DSS 3.2.1. Service Provider |
Date of last certification (February 2020) |
Certification of security in the processing of payment cards. The standard applies to all entities that store, process, transmit card holders' data and/or sensitive authentication data. In the case of the Intesa Sanpaolo Group, certification covers the systems managed in service for Mercury Payment Services S.p.A. |
|
ISO 37001 | 2019 | International standard of reference for organisations in relation to the prevention of corruption and operational tool that adds to the anti-corruption measures already envisaged, at the regulatory level, by individual countries. |
|
ISO 22301 |
Date of last certification (December 2019) |
Gross settlement processes in Central Bank currency. |
|
ISO 27001 |
Date of last certification (November 2019) |
Supply and management of technological infrastructure to support the operation of foreign banks at data centers in the Italian territory of Intesa Sanpaolo. |
|
Regulation (EU) 910/2014 eIDAS |
Date of last certification (September 2019) |
For the delivery of the digital document retention service. | |
Regulation (EU) 910/2014 eIDAS |
Date of last certification (May 2019) |
For Qualified Trustees. For the Certification Authority service. | |
UNI ISO 45001:2018 | 2017 | With the aim of enhancing the health and safety protection of its employees, since 2017 the Occupational Health and Safety Management System has undergone an annual inspection by an independent third party which certifies its compliance with current legislation and industry standards. In 2018 has been extended to all branches and in 2019 the transition from the previous standard (BS OHSAS 18001) to the current one has been made. |
|
ISO 26000 | 2014 | International standard dedicated to the integration of corporate social responsibility in business practice. These are not certifiable guidelines, in keeping with the concept of responsibility that does not provide obligations but guidance. The areas covered by ISO 26000 are: organisation governance, human rights, workers’ protection, environment, fairness in operating practices, customer issues, community involvement and development |
|
ISO/IEC 27001:2013 | 2013* | Development, delivery and management of applications by Risk Technology group, in support of business processes managed by the Infrastructure IT Market Risk Management Unit of the Market and Financial Risk Department. | |
UNI CEI EN ISO 50001:2018 |
2012 | Energy Management System (SGE) certification | |
ISO/IEC 27001:2013 | 2012* | Analysis, design, development, maintenance and provision of Electronic Signature on Digital Tablet service (Intesa Sanpaolo) | |
ISO/IEC 27001:2013 | 2010* | Analisys, design, development, maintenance and provision of services for Corporate Internet Banking (Intesa Sanpaolo) | |
ISO/IEC 27001:2013 | 2005* | Analysis, planning, development, maintenance and provision of services for Internet and Phone Banking Retail (Intesa Sanpaolo) | |
ISO/IEC 27001:2013 | 2005* | Analysis, planning, development, maintenance and provision of Bankidentity service (Intesa Sanpaolo) | |
UNI EN ISO 14001:2015 | 2005 | Environment management system certification |
* certification initially standard ISO/IEC 27001:2005, upgraded to version 2013
In addition to the certifications listed above, there are other areas which, while not having a certificate issued by an independent body, are in any case subject to conformity assessment ("self-certification") conducted by the Cybersecurity and Business Continuity Management function in compliance with international standards of reference:
TARGET 2: is the technical platform for the Europagamenti, launched in November 2007. The Critical Participants (including Intesa Sanpaolo) have a commitment to self-certify annually that the security of TARGET2 infrastructure is aligned with ISO / IEC 27002:2005 standard.
CAI: the Banca d’Italia regulation requires that the Banks must ensure the security of the computer archive, called Centrale d’Allarme Interbancaria (Interbank Alarm HEADQUARTERS); this result is obtained through the verification of compliance of the archive with the standard ISO / IEC 27002 : 2005.
EONIA/EURIBOR: are the two codes of Conduct issued by EMMI Eonia and Self-Discipline issued by EBF Euribor that define the rules that govern the process of determining and contributing the Eonia index, to which all banks contributing must comply ("Panel Banks") and the general rules and safety levels applicable to the Euribor index calculation process, as well as the specific rules applicable to banks contributing to the calculation of the Euribor (Panel Banks) index. Intesa Sanpaolo self-certifies for the FCHUB Infrastructure perimeter used for the contribution of EURIBOR / EONIA rates.
CSP SWIFT: the Customer Security Programme (CSP) introduced by SWIFT to combat cyber threats, in particular possible fraud, includes a series of controls to increase the security of SWIFT users and the entire financial ecosystem, who are required to self-certify their compliance with these controls. Intesa Sanpaolo self-certifies the SWIFT Messaging Management Infrastructure.
Last updated 22 January 2021 at 14:56:47