Information security summary and controls

Procedural & Technical Information Security Controls employed by IRESS

In our capacity as both a data processor and a controller, we adopt and maintain a formal framework of procedural and technical Information Security controls. Our control set is aligned to and independently certified to ISO27001, the international standard for information security management. The table below lists the ISO27001 information security controls we apply, together with a description of how we apply them. The effectiveness of these controls is reviewed on an ongoing basis through internal and external assessments as well as automated health check metrics.

Model clauses

If you have entered into a data processing addendum/ variation with us to reflect the requirements of Article 28 of the GDPR, then these clauses form part of our agreement with you.  They apply where we transfer personal data (in relation to which you are a Controller) to members of the Iress group based outside of the European Union in the course of providing our solutions and services to you. 

Controller to Processor Model Clauses - Iress Portal Limited
Controller to Processor Model Clauses - Iress FS Limited

Compliance contact

Iress has not appointed a Data Protection Officer in the UK and is not required to do so pursuant to Article 37 of the GDPR. The role and responsibilities that would typically be assumed by a Data Protection Officer are spread across our legal, information security, compliance and risk functions within Iress.  

Queries in relation to Iress’ processing operations should be directed to Iress’ Compliance Officer who can be contacted at compliance@iress.com.

Any actual or suspected privacy breaches should be reported to our information security team who will manage the incident in accordance with its incident management procedure.

EU representative

If you are resident in the EU you may raise any issues or queries relating to our processing of your personal data with our EU representative (appointed pursuant to Article 27 of the GDPR).

Our EU representative is Iress SAS, a member of the Iress Group incorporated in France. Our EU representative can be contacted directly by emailing them at the following address: qhhr@iress.com

Iress is a technology company providing software to the financial services industry.

Join us

Trust

About

Social

© 2024 Iress. All rights reserved.