Suppliers at Iress

Iress collaborates with over 1000 suppliers globally across various sectors including technology infrastructure, market data, software, facilities, travel and associated services, as well as professional consultancy services in finance, legal, technology, marketing and communications.

Our Supplier’s Governance and Standards:

Iress expects high governance standards from its suppliers by requiring independently certified mechanisms for quality, security, availability, and processing integrity. This includes but is not limited to adherence to the following:

• ISO/IEC 27001 (International Organisation for Standardisation / International Electrotechnical Commission 27001): Information Security Management Systems (ISMS) – Specifies the requirements for establishing, implementing, maintaining, and continually improving an information security management system.
• ISO 9001 (International Organisation for Standardisation 9001): Quality Management Systems – Provides criteria for a quality management system, ensuring products and services consistently meet customer and regulatory requirements.
• SOC2 (Systems and Organisation Controls 2): designed to evaluate the effectiveness of an organisation's controls related to data security, availability, processing integrity, confidentiality, and privacy.
• SOC3 (Systems and Organisation Controls 3): offers a high-level overview of the organisation's controls related to security, availability, processing integrity, confidentiality, and privacy.

Maintaining a high standard of corporate governance is crucial for Iress’s long-term performance and value creation for all stakeholders and the communities in which we operate..

Our Supplier’s Legislative Compliance:

Iress ensures that its suppliers adhere to all applicable global and privacy information security legislation as well as modern slavery legislation. This may include but is not limited to the following:

• Modern Slavery Act 2015 (UK) and Modern Slavery Act 2018 (Cth): These acts require transparency and action to address and prevent modern slavery and human trafficking within supply chains. Suppliers must demonstrate compliance with these requirements to uphold ethical labour practices.
• General Data Protection Regulation (GDPR): The UK and EU regulations both regulate the processing of personal data within their domains and of their citizens. The regulations require stringent data protection measures and grant individual rights to individuals over their personal data.
• Personal Data Protection Act 2012 (PDPA): Regulates the collection, use, and disclosure of personal data in Singapore.
• Protection of Personal Information Act 2013 (POPI): Protects the personal information of individuals in South Africa, incorporating a constitutional right to privacy and supporting lawful processing of personal information.
• Australian Privacy Act 1988 (Cth): Governs the handling of personal information in Australia, including principles for collection, use, and disclosure.

Suppliers must ensure strict adherence to modern slavery regulations, uphold strong information security measures, and implement privacy protections to safeguard sensitive and personally identifiable data.

Our Supplier’s Internal Policies:

Iress reviews and ensures that its suppliers maintain robust internal policies such as:

• Acceptable Use Policy
• Asset Management Policy
• Data Classification Policy
• Data Deletion Policy
• Data Protection Policy
• Encryption Policy
• Information Security Policy
• Internal AP Acceptable Use Policy
• Vulnerability and Patch Management Policy
• Modern Slavery Statement
• Disaster Recovery Plan
• Incident Response Plan
• Privacy Policy

This ensures that Iress’s suppliers have had adequate processes in place to address any unforeseen circumstances.

Work with Iress

• Supplier Code of Conduct