Document IIS-GOV-HR-001 • Version 1.0 • Effective 01 May 2026
Integrated IT Support Inc. (the “Company”) is a Canadian provider of enterprise IT support, managed services, AI automation, and consulting services to public-sector, enterprise, financial, legal, real estate, education, and private clients. The Company is committed to conducting its business with full respect for internationally recognized human rights, in alignment with the United Nations Guiding Principles on Business and Human Rights (UNGPs) and the OECD Guidelines for Multinational Enterprises.
This Policy sets out the Company’s commitments, governance structure, due-diligence procedures, preventive and remedial measures, grievance mechanism, and reporting practices regarding human rights in its own operations and across its business relationships.
This document constitutes the Company’s formal Policy Statement on human rights and serves simultaneously as its public Due Diligence Statement for the purpose of supplier qualification, public procurement registration (including the Government of Canada CanadaBuys vendor program), and third-party sustainability and compliance assessments (including SAP Ariba Business Network — Human Rights Assessment v2023.11).
This Policy applies to all directors, officers, employees, interns, and contractors of the Company, and to all subsidiaries, affiliates, joint ventures, suppliers, sub-contractors, and other business partners acting on behalf of, or in the supply chain of, Integrated IT Support Inc., regardless of geography.
Where local law differs from this Policy, the Company applies the higher standard. Where conflict arises, the Company shall seek means to honour internationally recognized human rights to the greatest extent possible without violating domestic law, and will document such conflicts and engage relevant stakeholders.
Ultimate accountability for human rights performance rests with the Chief Executive Officer and is overseen by the Executive Leadership / Board of Directors of Integrated IT Support Inc. A named member of the Executive is designated as the Human Rights Sponsor and is responsible for governance oversight of this Policy, its implementation, and the Company’s human rights risk register.
Board of Directors / Executive Leadership: approves the Policy; oversees implementation; reviews effectiveness annually; ensures human rights are integrated into the Company’s enterprise risk management framework.
Human Rights Sponsor (Executive level): designated executive accountable for the Policy commitment, including escalation, remediation oversight, and external reporting.
Governance, Risk & Compliance (GRC) Office: maintains the Policy, the risk register, training programs, the grievance mechanism, monitoring and reporting; coordinates third-party assessments.
Human Resources: implements anti-discrimination, equal opportunity, working hours, living wage, freedom of association, and grievance procedures within the Company’s own workforce.
Procurement & Vendor Management: integrates human rights criteria into supplier qualification, contracting, monitoring, and offboarding; administers the Supplier Code of Conduct.
All Employees and Contractors: required to comply with this Policy, complete mandatory training, and report concerns through the grievance mechanism without fear of retaliation.
Adherence to this Policy is an explicit component of executive performance review and the Company’s annual compliance and integrity attestation. Material human rights performance indicators (e.g., grievance volume and closure, training completion, supplier compliance) are reported to the Executive Leadership on a quarterly basis.
In formulating this Policy, the Company commits to respect, and align its practices with, the following internationally recognized human rights instruments and frameworks:
The International Bill of Human Rights, comprising the Universal Declaration of Human Rights (UDHR), the International Covenant on Civil and Political Rights (ICCPR), and the International Covenant on Economic, Social and Cultural Rights (ICESCR).
The International Labour Organization (ILO) Declaration on Fundamental Principles and Rights at Work and the ILO Core Conventions (freedom of association, collective bargaining, elimination of forced and child labour, non-discrimination).
The United Nations Guiding Principles on Business and Human Rights (UNGPs).
The OECD Guidelines for Multinational Enterprises and the OECD Due Diligence Guidance for Responsible Business Conduct.
The UN Convention on the Rights of the Child and ILO Convention No. 182 on the Worst Forms of Child Labour.
The UN Global Compact’s Ten Principles.
Canadian statutory frameworks relevant to human and labour rights, including the Canadian Charter of Rights and Freedoms, the Canadian Human Rights Act, the Employment Standards Act (Ontario), the Occupational Health and Safety Act (Ontario), the Pay Equity Act, the Accessibility for Ontarians with Disabilities Act (AODA), the Personal Information Protection and Electronic Documents Act (PIPEDA), and the Fighting Against Forced Labour and Child Labour in Supply Chains Act (S-211).
Multilateral environmental agreements with human rights implications: the Stockholm Convention on Persistent Organic Pollutants, the Minamata Convention on Mercury, and the Basel Convention on the Control of Transboundary Movements of Hazardous Wastes.
The Company maintains a documented Human Rights Risk Analysis procedure (Reference: IIS-GOV-HR-PROC-001) that is applied at least annually and on an event-triggered basis (e.g., entry into new markets, onboarding of new suppliers, material change in services). The procedure operationalizes the UNGP “know and show” standard.
Risk analysis is conducted across:
Own operations — head office and remote workforce, including all directly employed and contracted personnel.
Upstream supply chain — Tier-1 suppliers (hardware OEMs and distributors, software vendors, cloud and SaaS providers, telecommunications carriers, logistics, professional services). For high-risk commodities (notably 3TG conflict minerals and electronics), the Company seeks visibility into Tier-2 and, where feasible, Tier-n suppliers via OEM disclosures (e.g., CMRT/EMRT).
Downstream — clients and end-users of the Company’s services, with attention to data privacy and human rights impacts of AI-enabled services.
Business relationships — channel partners, resellers, and subcontracted technicians.
The analysis explicitly considers potentially affected groups, including: own employees and contractors; supplier workers (including factory workers in electronics manufacturing); women; children; migrant and foreign workers; Indigenous peoples; persons with disabilities; LGBTQ+ persons; local communities near supplier facilities; and human rights defenders.
Issues assessed include, at minimum: child labour; forced, bonded, and prison labour; modern slavery and human trafficking; freedom of association and collective bargaining; discrimination, harassment, and workplace violence; gender equality and equal pay; wages and working hours; occupational health and safety; data privacy and the human rights impacts of AI systems; the responsible use of security services; community impacts including land, forest, and water rights; conflict-affected and high-risk areas; and access to remedy.
Identified risks are prioritised by severity (scale, scope, irremediability) and likelihood, consistent with UNGP Principle 17. Assessment is granular at the country, sector, commodity, and supplier-site level for higher-risk areas. The output of the analysis is recorded in the Company’s Human Rights Risk Register (Reference: IIS-GOV-HR-REG-001).
The Company draws on a combination of internal and authoritative external sources, including but not limited to: internal incident and grievance data; supplier self-assessment questionnaires; CSR and audit reports (TfS, SMETA, PSCI where available); the U.S. Department of Labor List of Goods Produced by Child or Forced Labour; the ITUC Global Rights Index; the Walk Free Global Slavery Index; the UN Guiding Principles Reporting Framework; OECD due-diligence guidance; the Responsible Business Alliance (RBA) Code of Conduct; the U.S. SEC and EU CSRD/CS3D disclosures of upstream suppliers; civil-society and trade-union reports; and country-level human-rights indices.
Where a risk is rated high, the Company obtains further information through one or more of the following: targeted supplier inquiries; on-site or remote audits; third-party social-compliance assessments; engagement with workers or worker representatives; consultations with civil-society organizations; commissioning of expert reports; and benchmarking against industry peers.
The Risk Analysis is updated at minimum annually and additionally on a “cause” basis when there is a material change in the Company’s business, products, geographies, suppliers, applicable regulation, or external information indicating new or heightened risk.
The Company is firmly committed to a workplace free of discrimination and harassment. The Company prohibits discrimination on the basis of race, colour, ancestry, ethnic or national origin, citizenship, religion or creed, sex, gender identity or expression, sexual orientation, age, marital or family status, disability, genetic characteristics, political opinion, social origin, union membership, or any other ground protected under applicable law, including the Canadian Human Rights Act and the Ontario Human Rights Code.
The Company further commits to:
Equal pay for equal work and equal pay for work of equal value, in alignment with the Pay Equity Act, monitored annually and with documented target rates for closing any gender pay gap.
Equal opportunity in recruitment, hiring, promotion, training, compensation, discipline, and termination.
Reasonable accommodation for persons with disabilities and for religious observance, consistent with AODA and human rights legislation.
Active mitigation of unconscious bias through manager and recruiter training.
Annual workforce diversity and pay-equity review, with results reported to the Executive.
This section satisfies the Company’s policy commitment referenced in Section 4.7 of the Human Rights Assessment (non-discrimination management approach).
The Company respects applicable international standards concerning maximum working hours, minimum breaks, weekly rest, and paid leave, and aligns its practices with the Ontario Employment Standards Act, 2000 and ILO Conventions No. 1, 14, and 47.
The Company assesses the ability of its workers to comply with stated working-hour commitments when allocating work and setting targets. Overtime is voluntary, properly compensated, and monitored. Excessive working hours are prohibited, and managers are accountable for workload planning that does not require workers to exceed lawful limits to meet objectives.
Integrated IT Support Inc. publicly commits to pay all employees in its own operations no less than a living wage, defined as a wage sufficient to afford a decent standard of living for the worker and their family in the relevant geography. The Company benchmarks its compensation against credible living-wage references (including, in Canada, the Ontario Living Wage Network) and reviews compensation at least annually.
This commitment extends to expectations placed on suppliers via the Supplier Code of Conduct. This section satisfies the Company’s public commitment referenced in Section 4.9 of the Human Rights Assessment.
The Company recognizes and respects the right of all workers to freely form, join, or refrain from joining lawful trade unions and workers’ organizations, and to bargain collectively, in accordance with ILO Conventions 87 and 98 and applicable Canadian labour relations legislation.
The Company commits that:
Workers shall not be subject to discrimination, harassment, intimidation, or retaliation for exercising these rights.
Where the right to freedom of association and collective bargaining is restricted under local law, the Company will seek to facilitate parallel means of free, independent worker representation and dialogue.
The Company will engage in good-faith dialogue with any duly recognized worker representative body.
This section satisfies the Company’s management approach referenced in Section 4.10 of the Human Rights Assessment.
Although the Company does not, in the course of its IT services business, ordinarily engage public or private security forces, it nonetheless commits, where the use of security services becomes relevant (e.g., physical site protection for client engagements), to the following:
Engaging only reputable, vetted security providers that operate in accordance with the Voluntary Principles on Security and Human Rights and the UN Code of Conduct for Law Enforcement Officials.
Contractually requiring security providers to apply the principles of proportionality, necessity, and human rights training.
Investigating any allegation of misuse of force and cooperating with legitimate authorities in any subsequent enquiry.
This section satisfies the Company’s management approach referenced in Section 4.11 of the Human Rights Assessment.
As a service-based IT enterprise, the Company does not directly acquire, develop, or operate on land, forest, or water resources. The Company nonetheless commits not to engage in, contribute to, or knowingly benefit from unlawful eviction or unauthorized appropriation of land, forest, or water, including impacts on the rights of Indigenous peoples and local communities. The Company’s Supplier Code of Conduct extends these expectations to suppliers, including hardware manufacturers and data-centre operators in its value chain, with attention to the principle of free, prior and informed consent (FPIC) where relevant.
This section satisfies the Company’s management approach referenced in Section 4.12 of the Human Rights Assessment.
The Company has zero tolerance for child labour, forced or compulsory labour, debt bondage, human trafficking, and modern slavery in any form, in its own operations and across its supply chain, consistent with ILO Conventions 29, 105, 138, and 182, and the Canadian Fighting Against Forced Labour and Child Labour in Supply Chains Act (S-211).
Minimum-age verification at hiring (no person under the legal working age, and never under 15).
No retention by the Company or any supplier of original identity documents, work permits, or passports of workers.
Prohibition on recruitment fees being charged to workers (employer-pays principle).
Contractual flow-down clauses in every supplier agreement requiring compliance with this prohibition and the right of the Company to audit and terminate for non-compliance.
Annual training for all employees and procurement staff on indicators of forced labour and modern slavery.
Where any indicator is observed, immediate escalation and remediation in accordance with the Remediation Framework (Section 17).
The Company is committed to providing a safe and healthy working environment for all workers, in alignment with the Ontario Occupational Health and Safety Act, ILO Conventions 155 and 187, and the principles of ISO 45001. The Company is working toward formal certification of its occupational health and safety management system.
Hazard identification, risk assessment, and control procedures, including for ergonomic, electrical, and psychological hazards relevant to IT work.
Incident, near-miss, and unsafe-condition reporting, with non-retaliation.
Mental-health support and an Employee and Family Assistance Program.
Workplace violence and harassment prevention program in compliance with Ontario Bill 168.
Pandemic preparedness and remote-work safety guidance.
The Company tracks and reviews the following metrics for employees, contractors, and (where reported) sub-contractors: lost-time injury frequency rate (LTIFR); total recordable incident rate (TRIR); near-miss reports; first-aid incidents; occupational illness cases; fatality count (target: zero); training-completion rate; and time-to-close on corrective actions.
Health and safety performance is a qualification criterion for suppliers performing on-site work for the Company or its clients. Contracts include H&S clauses, incident-notification requirements, and the right to audit.
The Company recognises the inter-dependence of environmental sustainability and human rights, including the right to a clean, healthy, and sustainable environment (UN HRC Resolution 48/13). The Company is committed to environmental responsibility in its own operations and procurement.
Responsible procurement of IT hardware, including preference for vendors with credible conflict-minerals (3TG) reporting (CMRT/EMRT) and Responsible Minerals Initiative (RMI) alignment.
End-of-life electronics handled exclusively through licensed and certified e-waste recyclers (R2v3 / e-Stewards) to prevent transboundary movement of hazardous waste to informal recycling sectors.
Energy efficiency in office operations and preference for cloud providers with credible decarbonisation commitments.
Restriction of hazardous substances in procured equipment (RoHS, REACH alignment).
The Company commits to the principles and objectives of:
The Stockholm Convention on Persistent Organic Pollutants — the Company prohibits the production and intentional use of POPs and requires supplier compliance where these substances could foreseeably be present.
The Minamata Convention on Mercury — the Company avoids procurement of mercury-added products beyond exempted uses and seeks suppliers aligned with the Convention.
The Basel Convention on the Control of Transboundary Movements of Hazardous Wastes — the Company ensures e-waste and other hazardous wastes are not exported in contravention of the Convention, and uses only certified, audited recyclers.
The Company maintains a Supplier Code of Conduct (Reference: IIS-GOV-SUP-001) that flows down all material human-rights commitments in this Policy, including prohibitions on forced and child labour, non-discrimination, freedom of association, wages and working hours, health and safety, environmental responsibility, anti-corruption, and the right to remedy.
Pre-qualification: suppliers are screened for human rights and environmental risk; high-risk suppliers complete an expanded self-assessment.
Contracting: all standard procurement agreements include human-rights, anti-modern-slavery, anti-bribery, data-protection, and right-to-audit clauses.
Performance management: human-rights and ESG criteria are included in supplier scorecards for strategic suppliers.
Incentives and consequences: confirmed compliance and continuous improvement is rewarded with preferred-supplier status, increased order volumes, and longer-term contracts; material non-compliance triggers corrective-action plans and, ultimately, termination.
Capacity building: the Company offers guidance materials and, for strategic suppliers, joint improvement plans rather than immediate disengagement, in line with the UNGPs.
The Company maintains a formal, accessible grievance mechanism through which any individual or organisation may raise a concern regarding actual or potential human-rights impacts associated with the Company’s operations or business relationships.
The grievance mechanism is available to:
The Company’s own employees, interns, and contractors.
Workers in the Company’s supply chain, including supplier and sub-contractor personnel.
Clients and end-users of the Company’s services.
Affected community members and third parties, including civil-society organizations acting on behalf of affected persons.
Confidential web intake form available at iisupp.net/ethics-grievance (also linked from the Company’s public Privacy and Trust pages).
Dedicated ethics e-mail address: ahmad.wasee@iisupp.net.
Direct contact with the Human Rights Sponsor or the GRC Office via published mailing address.
Anonymous reporting option, with multilingual support upon request.
The grievance mechanism is designed to be legitimate, accessible, predictable, equitable, transparent, rights-compatible, a source of continuous learning, and based on engagement and dialogue. The Company maintains a strict non-retaliation guarantee for any person raising a concern in good faith.
The mechanism accepts grievances on any human-rights or labour-rights matter, including but not limited to: discrimination, harassment, retaliation; wages, hours, and benefits; forced and child labour; freedom of association; health and safety; data privacy; environmental impacts; community impacts; and supplier and sub-contractor practices.
Based on the Risk Analysis, the Company implements preventive and mitigating measures proportionate to the identified risks. Measures include: targeted training; contractual safeguards; supplier capacity-building; engagement with potentially affected stakeholders; pre-qualification of higher-risk suppliers; and revisions to internal procedures.
Where the Company causes or contributes to an adverse human-rights impact, it provides for, or cooperates in, legitimate remediation. The Remediation Framework includes:
Acknowledgment of the issue and immediate cessation of any contributing conduct.
Investigation by the GRC Office, with independent expertise as required.
Engagement with the affected person(s) to understand their preferred remedy, including via the grievance mechanism.
Provision of appropriate remedy, which may include apology, restitution, restoration, compensation, behavioural-change measures, and assurances of non-repetition.
Where the Company is directly linked to an impact through a business relationship, it uses its leverage to seek remediation from the responsible party and, if leverage is insufficient or remediation is refused, considers responsible disengagement.
Documentation of the case, the remedy, and lessons learned, with anonymised reporting to the Executive.
This Framework satisfies the Company’s commitment referenced in Section 4.16 of the Human Rights Assessment.
The effectiveness of preventive and remedial measures is reviewed at least annually, and additionally on an event-triggered basis. Effectiveness review draws on grievance data, audit findings, supplier scorecards, employee survey results, and dialogue with potentially affected stakeholders, in line with UNGP Principle 20.
The Company delivers role-based human-rights training to ensure that personnel understand the risks relevant to their roles and how to mitigate them. Training programs include:
All employees and contractors: annual general training on the Company’s Code of Conduct, human-rights commitments, anti-discrimination and anti-harassment, anti-bribery, modern slavery awareness, data privacy (PIPEDA), and use of the grievance mechanism.
Procurement and Vendor Management: enhanced training on supplier human-rights due diligence, modern-slavery indicators, conflict-minerals reporting, and responsible disengagement.
Human Resources and people managers: training on equal opportunity, accommodation, pay equity, workplace investigations, and handling grievances.
Leadership and Board: annual briefing on emerging human-rights and ESG regulatory developments and the Company’s risk profile.
Client-facing technical staff: training on responsible-AI and privacy-by-design, given the human-rights implications of AI-enabled services delivered to clients.
The GRC Office maintains key human-rights performance indicators including: training-completion rates; grievances received, accepted, and resolved; mean time-to-close; supplier-assessment coverage and findings; corrective-action closure; and incident counts. These indicators are reviewed quarterly by Executive Leadership.
The Company publishes a Human Rights Due Diligence Report on an annual basis, addressing:
The Policy commitment and any updates.
Governance and resourcing of the human-rights function.
The risk-analysis methodology, scope, and salient risks identified.
Preventive and remedial measures undertaken and their outcomes.
Operation and outputs of the grievance mechanism.
Stakeholder engagement undertaken during the reporting period.
Effectiveness monitoring and planned improvements.
The annual report is publicly available on the Company website at iisupp.net/governance/human-rights, free of charge, and is provided to clients and prospective clients on request, including in response to vendor and procurement assessments such as the SAP Ariba Business Network Human Rights Assessment and CanadaBuys vendor qualification submissions.
The Company has identified all material Tier-1 suppliers and, for key product and service categories (notably IT hardware and electronics), has partially mapped the supply chain below Tier-1 through OEM disclosures, conflict-minerals reporting, and third-party data. The Company commits to extending Tier-n visibility as part of its multi-year program.
The Company retains documentation and data relating to its human-rights risk analysis, preventive and remedial measures, training, grievance cases, and supplier assessments for a minimum period of seven (7) years from the date of creation or last action, in line with leading enterprise practice and Canadian record-keeping requirements (including those under S-211, CRA, and applicable privacy legislation).
The Company commits to ongoing dialogue with potentially affected stakeholders as part of effectiveness monitoring. Engagement formats include: employee surveys and listening sessions; supplier roundtables; client feedback channels; participation in industry associations; and consultation with civil-society organisations and subject-matter experts. Findings from engagement are documented and inform updates to this Policy and supporting procedures.
This Policy is supported by, and read in conjunction with, the following Company documents (the “AEGIS Governance Library”):
IIS-GOV-COC-001 — Code of Conduct & Business Ethics.
IIS-GOV-SUP-001 — Supplier Code of Conduct.
IIS-GOV-HR-PROC-001 — Human Rights Risk Analysis Procedure.
IIS-GOV-HR-REG-001 — Human Rights Risk Register.
IIS-GOV-AD-001 — Anti-Discrimination & Equal Opportunity Policy.
IIS-GOV-OHS-001 — Occupational Health & Safety Policy.
IIS-GOV-ENV-001 — Environmental Policy.
IIS-GOV-PRV-001 — Privacy Policy (PIPEDA).
IIS-GOV-AI-001 — Acceptable Use of Artificial Intelligence Policy.
IIS-GOV-INC-001 — Incident & Grievance Response Procedure.
IIS-GOV-MS-001 — Modern Slavery & Forced Labour Statement (S-211).
This Policy has been reviewed and approved by the Executive Leadership of Integrated IT Support Inc. and is issued under the authority of the Office of the Chief Executive Officer. The Policy is subject to periodic review and may be amended by the Approving Authority. Material amendments are communicated to all employees and key suppliers within thirty (30) days of issuance.
Signed for and on behalf of Integrated IT Support Inc.
Ahmad
Ahmad — Chief Executive Officer
Integrated IT Support Inc.
Date: 11 May 2026
Appendix A — Mapping to SAP Ariba Human Rights Assessment (v2023.11)
The following table maps the Company’s responses to the SAP Ariba Human Rights Assessment to the relevant sections of this Policy, for ease of reference by procurement and qualification authorities, including CanadaBuys.
| Question | Topic | Reference in This Policy |
| 1.1 | Policy statement on human rights | Sections 1–4 |
| 1.2 / 1.3 / 1.4 | Board / executive governance and accountability | Section 3 |
| 2.4 / 2.5 | Monitoring of policy and supplier incentives | Sections 15, 17, 19 |
| 2.6 – 2.15 | Risk analysis procedure, scope, sources, cadence | Section 5 |
| 3.4 – 3.7 | Environmental risks and multilateral conventions | Section 14 |
| 4.2 – 4.5 | Training, child/forced labour, H&S in procurement | Sections 12, 13, 15, 18 |
| 4.6 / 4.7 | Equal pay and non-discrimination | Section 6 |
| 4.8 | Working hours and rest | Section 7 |
| 4.9 | Living wage commitment | Section 8 |
| 4.10 | Freedom of association and collective bargaining | Section 9 |
| 4.11 | Use of security forces | Section 10 |
| 4.12 | Land, forest, and water rights | Section 11 |
| 4.13 – 4.21 | Implementation of measures and effectiveness | Sections 15, 17, 18, 20 |
| 5.1 – 5.4 | Grievance mechanism | Section 16 |
| 6.1 – 6.6 | Reporting, supply-chain visibility, records retention | Section 19 |
Approved electronically by Ahmad, Chief Executive Officer, on 11 May 2026. This electronic signature is applied with the authority of the named signatory and is valid under the Personal Information Protection and Electronic Documents Act (PIPEDA) and the Ontario Electronic Commerce Act, 2000.