Data
protection

Procedural & Technical Information Security Controls employed by IRESS

In our capacity as both a data processor and a controller, we adopt and maintain a formal framework of procedural and technical Information Security controls. Our control set is aligned to and independently certified to ISO27001, the international standard for information security management. The table below lists the ISO27001 information security controls we apply, together with a description of how we apply them. The effectiveness of these controls is reviewed on an ongoing basis through internal and external assessments as well as automated health check metrics.

Iress has not appointed a Data Protection Officer in the UK and is not required to do so pursuant to Article 37 of the GDPR. The role and responsibilities that would typically be assumed by a Data Protection Officer are spread across our legal, information security, compliance and risk functions within Iress.  

Queries in relation to Iress’ processing operations should be directed to Iress’ Compliance Officer who can be contacted at compliance@iress.com.

Any actual or suspected privacy breaches should be reported to our information security team who will manage the incident in accordance with its incident management procedure.

If you are resident in the EU you may raise any issues or queries relating to our processing of your personal data with our EU representative (appointed pursuant to Article 27 of the GDPR).

Our EU representative is Iress SAS, a member of the Iress Group incorporated in France. Our EU representative can be contacted directly by emailing them at the following address: qhhr@iress.com