��������

This Procurement Guide answers several customer frequently asked questions regarding �������� policies.

If you have any further or additional questions, please feel free to reach out to your account representative.

What is �������� doing to keep data safe?

�������� is committed to keeping data secure. We have a global team of privacy and security subject-matter experts dedicated to the protection of �������� systems, the data we hold, and our products and services.

�������� maintains Information Security policies which articulate our employees’ and affiliated third parties’ obligations to protect data and use computer systems securely. Our Information Security policies and standards are aligned to industry standards, and define the controls, practices and processes employed to protect the confidentiality, integrity, and availability of our products and services.

In addition, measures are in place to control access to �������� facilities. Depending on the sensitivity of the facility, these measures may include some or all of the following: the use of on- site security staff, ID cards, electronic access control incorporating proximity card readers, PIN numbers or biometric devices, intruder alarms and recorded CCTV. Access approval is recorded and audited regularly.

For additional information about data security, please visit �������� Security Information.

What are �������� Data Privacy principles?

�������� has a long history of providing reliable and trustworthy information to our customers. Integral to how we do this is our commitment to privacy and how we protect personal data. For more information on the �������� General Data Protection Regulation (GDPR) program and our compliance with the California Consumer Privacy Act of 2018 (CCPA), please visit the �������� Privacy Information page.

Does �������� publish a Privacy Statement?

�������� Privacy Statement provides important information about how �������� and its worldwide affiliated companies and subsidiaries handle personal information. The Privacy Statement can be found at thomsonreuters.com/en/privacy-statement.html.

Does �������� have a GDPR Program?

For general information on the �������� GDPR program, visit our �������� Privacy Information page.

What is �������� disaster recovery plan?

Our Business Continuity Plan (BCP) prepares us to respond and recover from disruptive incidents (e.g., natural disaster, pandemics, transit shutdowns). The BCP itself is company confidential and not provided to customers, however, we are able to provide a high-level statement to customers about our BCP upon request. In many disaster scenarios, workforce disruptions are expected and our comprehensive plan accounts for this. Additionally, the business continuity risks that could impact operations continue to evolve, and we endeavor to stay current with industry best practices and the recommendations of the business communities in which we work. 

Does �������� accept purchase orders? 

We can accept your purchase orders for billing purposes only. However, you will still need to sign our order forms and/or statements of work. These order forms and/or statements of work together with the �������� Master Services Agreement (TRMSA) or the �������� General Terms & Conditions will govern our relationship.

What is �������� Code of Business Conduct and Ethics? 

The �������� Code of Business Conduct and Ethics reflects �������� ethical values as an organization and �������� approach to doing business. It contains important company policies and also gives examples of what the policies mean, when to ask questions, where to go for help, and why ethical conduct is so important to us. The �������� Code of Business Conduct and Ethics includes policies such as anti-bribery and corruption, data privacy, information security, gifts and entertainment and facilitation payments, and anti-modern slavery. The Code applies to all directors, officers, employees and contractors of �������� and its subsidiaries. The Code can be found at .

What other types of policies does �������� have?

Our Code of Business Conduct and Ethics includes references to various policies such as anti-bribery and corruption, data privacy, information security, gifts and entertainment and facilitation payments and anti-modern slavery. The Code can be found at .

What support and training does �������� provide for its services?

�������� provides phone and/or online access to its helpdesk as well as self-help tools and Reference Attorney support. Please reach out to your account manager or support representative if you have further questions or contact us at /en/contact-us.html.

Can I request a third party security assessment for my products?

Customers may request a third party security assessment—e.g. SOC 1 or SOC 2 report, or ISO certification, to the extent available—by contacting their account representative.