Document IIS-GOV-SUP-001 • Version 1.0 • Effective 01 May 2026
Integrated IT Support Inc. (the “Company”) is committed to conducting business with suppliers who share its values and meet its standards for ethical, lawful, and socially responsible conduct. This Code defines the minimum standards that all suppliers — and their employees, agents, and sub-contractors — must meet when doing business with the Company or supplying goods and services that the Company resells, embeds, or otherwise relies upon.
Where local law differs from this Code, suppliers must comply with the higher standard. Compliance with this Code is a contractual requirement and a condition of continuing to do business with the Company.
This Code applies to all suppliers regardless of size, location, or contract value, including OEMs, distributors, software publishers, SaaS providers, telecommunications carriers, logistics providers, professional-service firms, sub-contractors, and individual contractors. Suppliers are required to cascade equivalent expectations to their own sub-tier suppliers and to take reasonable steps to monitor compliance.
Suppliers must comply with the Canadian Corruption of Foreign Public Officials Act (CFPOA) and any applicable anti-bribery laws (including the U.S. Foreign Corrupt Practices Act, the U.K. Bribery Act, and OECD Anti-Bribery Convention obligations). Suppliers must not, directly or indirectly, offer, give, request, or accept any bribe, kickback, or improper payment.
Suppliers must not offer the Company's personnel any gift, hospitality, or benefit that could create, or appear to create, a conflict of interest or improperly influence a business decision. Modest, transparent business courtesies are permitted within the limits set out in the Company's Code of Conduct.
Suppliers must comply with all applicable competition and antitrust laws and must not engage in price-fixing, bid-rigging, market-allocation, or other anti-competitive conduct.
Suppliers must comply with all applicable sanctions, export-control, and trade-compliance laws, including those administered by Global Affairs Canada and equivalent regimes in the U.S., EU, and U.K.
Suppliers must respect internationally recognised human rights consistent with the UN Guiding Principles on Business and Human Rights and the OECD Guidelines for Multinational Enterprises. Suppliers must apply human-rights due diligence proportionate to their size, sector, and risk profile, and must cooperate with the Company's human-rights due diligence requests.
Zero tolerance for forced labour, prison labour, bonded labour, indentured labour, slavery, and human trafficking.
Compliance with ILO Conventions 138 and 182 — no person under the legal working age and never under 15, and no hazardous work for anyone under 18.
No retention by the supplier of original identity, work, or migration documents of workers.
The employer-pays principle: no recruitment fees, deposits, or charges may be levied on workers.
Workers must be free to leave employment after reasonable notice in accordance with local law.
Suppliers must provide a workplace free of discrimination and harassment in employment decisions, consistent with ILO Conventions 100 and 111 and applicable law. Equal pay for equal work and for work of equal value is required.
Workers must be free to form, join, or refrain from joining lawful trade unions and workers' organisations, and to bargain collectively, without intimidation, harassment, or retaliation. Where this right is restricted by local law, suppliers must facilitate parallel means of free, independent worker representation.
Suppliers must pay at least the applicable minimum wage and, where higher, a living wage.
Wages must be paid in full, on time, in legal tender, with clear pay statements; deductions must be lawful and authorised.
Working hours must comply with applicable law and ILO Conventions; overtime must be voluntary and properly compensated.
Suppliers must provide their workers with an effective, accessible, and non-retaliatory grievance mechanism. Workers retain the right to raise concerns through the Company's grievance channels (see Section 13).
Suppliers must provide a safe and healthy workplace and comply with all applicable occupational health and safety laws.
Hazards must be identified and controlled in line with the hierarchy of controls; personal protective equipment must be provided at no cost to workers.
Suppliers performing on-site work for the Company or its clients must meet the Company's H&S contractual requirements, including incident-notification clauses.
Compliance with all applicable environmental laws and regulations.
Responsible management of hazardous materials, e-waste, and chemical use.
For applicable products, suppliers must support and provide evidence of conflict-minerals due diligence (3TG via CMRT, cobalt via EMRT, and other minerals as required) and Responsible Minerals Initiative alignment.
Adherence to the principles of the Stockholm, Minamata, and Basel Conventions.
End-of-life electronics returned to or sold by the Company must be handled by R2v3- or e-Stewards-certified recyclers.
Suppliers processing Company or client data must implement appropriate technical and organisational measures, proportional to the sensitivity and volume of the data.
Suppliers must comply with the Company's Information Security Policy (IIS-GOV-SEC-001) and execute Data Processing Agreements (DPAs) where personal information is involved.
Suppliers must notify the Company without undue delay (and in any event within 72 hours of awareness) of any security incident affecting Company or client data.
Suppliers must comply with all applicable privacy laws, including PIPEDA and equivalent international laws (e.g., GDPR, CCPA, where relevant), and with the Company's Privacy Policy (IIS-GOV-PRV-001). Suppliers must not process personal information beyond the purposes documented and authorised by the Company.
Suppliers must protect the Company's and its clients' confidential information, trade secrets, and intellectual property, both during and after the term of the supplier relationship, and in accordance with executed NDAs and service agreements.
Suppliers that provide AI-enabled services to, or for, the Company must comply with the principles set out in the Company's Acceptable Use of AI Policy (IIS-GOV-AI-001), including: model and vendor due diligence; data-handling and confidentiality controls; bias, fairness, and human-oversight requirements; transparency; and prohibition on the use of Company or client data to train models outside the contractually agreed scope.
Suppliers may not assign or sub-contract material obligations under their agreement with the Company without prior written consent.
Where sub-contracting is permitted, the supplier remains responsible for sub-contractor compliance with this Code and must flow down equivalent obligations.
Any worker, agent, or stakeholder of a supplier — and any third party — may report a suspected violation of this Code through the Company's grievance mechanism: confidential web intake at iisupp.net/ethics-grievance, e-mail to ahmad.wasee@iisupp.net, or direct contact with the Company's Human Rights Sponsor. The Company prohibits retaliation against any person raising a concern in good faith, and requires suppliers to apply the same standard.
Suppliers must, on reasonable notice, permit the Company (or its authorised auditors) to assess compliance with this Code, including by completing self-assessments, providing documentary evidence, and permitting on-site audits.
Material non-compliance triggers a corrective-action plan, performance reviews, and — where corrective action is not effective or where conduct is egregious — termination of the supplier relationship in accordance with the underlying agreement.
Suppliers demonstrating exemplary compliance and continuous improvement may be designated as Preferred Suppliers and benefit from increased order volumes, longer-term contracts, and joint capacity-building initiatives.
Each supplier is required to acknowledge, in writing, receipt and understanding of this Code and its commitment to comply. Acknowledgment is captured at on-boarding and re-affirmed at material contract renewals.
Approval and Authority
This document has been reviewed and approved by the Executive Leadership of Integrated IT Support Inc. and is issued under the authority of the Office of the Chief Executive Officer. The document is subject to periodic review and may be amended by the Approving Authority. Material amendments are communicated to all employees and key suppliers within thirty (30) days of issuance.
Signed for and on behalf of Integrated IT Support Inc.
Ahmad
Ahmad — Chief Executive Officer
Integrated IT Support Inc.
Date: 11 May 2026
Approved electronically by Ahmad, Chief Executive Officer, on 11 May 2026. This electronic signature is applied with the authority of the named signatory and is valid under the Personal Information Protection and Electronic Documents Act (PIPEDA) and the Ontario Electronic Commerce Act, 2000.