SIA pays particular attention to be comply with laws and sector specific regulations.
To achieve this objective, SIA has developed and maintains a compliance management system as integral part of company internal management system in order to prevent not compliant risks.
Pertains on the compliance with the standard ISO 9001 which provides for the implementation and monitoring of a Quality Management System for the definition, implementation and control of a system of company processes aimed at improving customer satisfaction.
Pertains on the compliance with the standard ISO / IEC 27001 which provides for the implementation and monitoring of an Information Security Management System for the definition, implementation and monitoring processes to ensure the objectives of confidentiality, integrity, availability and compliance of the corporate information.
Pertains on the the compliance with the standard ISO 22301 which provides for the implementation and monitoring of a Business Continuity Management System for the definition, implementation and control processes to ensure the continuity of business services.
Pertains on the compliance with the PCI DSS security standard that provides for the protection of information relating to debit cards and credit cards issued by the international VISA, MasterCard, Amex, JCB and Discover.
SIA compares in the list of certificated companies published on VISA Europe Member Agent Weblisting in Service Providers and in MASTERCARD website, as follows: Compliant Service Provider List
SIA has two ISAE 3402 Type II reports which express a positive opinion on the effectiveness and effective functioning of controls in place during the period of verification with reference to the control objectives defined. The contents are verified by an indipendent auditor (currently Deloitte):
ISAE 3402 Type 2 SIA Issuing, Acquiring & Supporting Services
ISAE 3402 Type 2 T2S Connectivity Services
SIA / COLT
Currently SIA has the following approvals:
- 103020 - Data preparation authorization and PIN printing
- 402010 - Acquiring and ATM terminal management
- 403010 - Authorization for company ATM’s
- 404010 - Authorization for not company ATM’s
- 405010 - Acquiring and POS terminal management
- 407010 - Authorization for not company POS’s