Thomson Reuters  Procurement Guide

This Procurement Guide answers several customer frequently asked questions regarding Thomson Reuters policies.

If you have any further or additional questions, please feel free to reach out to your account representative.

What is Thomson Reuters doing to keep data safe?

Thomson Reuters is committed to keeping data secure. We have a global team of privacy and security subject-matter experts dedicated to the protection of Thomson Reuters systems, the data we hold, and our products and services.

Thomson Reuters maintains Information Security policies which articulate our employees’ and affiliated third parties’ obligations to protect data and use computer systems securely. Our Information Security policies and standards are aligned to industry standards, and define the controls, practices and processes employed to protect the confidentiality, integrity, and availability of our products and services.

In addition, measures are in place to control access to Thomson Reuters facilities. Depending on the sensitivity of the facility, these measures may include some or all of the following: the use of on- site security staff, ID cards, electronic access control incorporating proximity card readers, PIN numbers or biometric devices, intruder alarms and recorded CCTV. Access approval is recorded and audited regularly.

For additional information about data security, please visit Thomson Reuters Security Information.

What are Thomson Reuters Data Privacy principles?

Thomson Reuters has a long history of providing reliable and trustworthy information to our customers. Integral to how we do this is our commitment to privacy and how we protect personal data. For more information on the Thomson Reuters General Data Protection Regulation (GDPR) program and our compliance with the California Consumer Privacy Act of 2018 (CCPA), please visit the Thomson Reuters Privacy Information page.

Does Thomson Reuters publish a Privacy Statement?

Thomson Reuters Privacy Statement provides important information about how Thomson Reuters and its worldwide affiliated companies and subsidiaries handle personal information. The Privacy Statement can be found at thomsonreuters.com/en/privacy-statement.html.

Does Thomson Reuters have a GDPR Program?

For general information on the Thomson Reuters GDPR program, visit our Thomson Reuters Privacy Information page.

What is Thomson Reuters disaster recovery plan?

Our Business Continuity Plan (BCP) prepares us to respond and recover from disruptive incidents (e.g., natural disaster, pandemics, transit shutdowns). The BCP itself is company confidential and not provided to customers, however, we are able to provide a high-level statement to customers about our BCP upon request. In many disaster scenarios, workforce disruptions are expected and our comprehensive plan accounts for this. Additionally, the business continuity risks that could impact operations continue to evolve, and we endeavor to stay current with industry best practices and the recommendations of the business communities in which we work. 

Does Thomson Reuters accept purchase orders? 

We can accept your purchase orders for billing purposes only. However, you will still need to sign our order forms and/or statements of work. These order forms and/or statements of work together with the Thomson Reuters Master Services Agreement (TRMSA) or the Thomson Reuters General Terms & Conditions will govern our relationship.

What is Thomson Reuters Code of Business Conduct and Ethics? 

The Thomson Reuters Code of Business Conduct and Ethics reflects Thomson Reuters ethical values as an organization and Thomson Reuters approach to doing business. It contains important company policies and also gives examples of what the policies mean, when to ask questions, where to go for help, and why ethical conduct is so important to us. The Thomson Reuters Code of Business Conduct and Ethics includes policies such as anti-bribery and corruption, data privacy, information security, gifts and entertainment and facilitation payments, and anti-modern slavery. The Code applies to all directors, officers, employees and contractors of Thomson Reuters and its subsidiaries. The Code can be found at ir.thomsonreuters.com/corporate-governance/code-conduct.

What other types of policies does Thomson Reuters have?

Our Code of Business Conduct and Ethics includes references to various policies such as anti-bribery and corruption, data privacy, information security, gifts and entertainment and facilitation payments and anti-modern slavery. The Code can be found at ir.thomsonreuters.com/corporate-governance/code-conduct.

What support and training does Thomson Reuters provide for its services?

Thomson Reuters provides phone and/or online access to its helpdesk as well as self-help tools and Reference Attorney support. Please reach out to your account manager or support representative if you have further questions or contact us at https://www.thomsonreuters.com/en/contact-us.html.

Can I request a third party security assessment for my products?

Customers may request a third party security assessment—e.g. SOC 1 or SOC 2 report, or ISO certification, to the extent available—by contacting their account representative.