I have only ever been involved with the maintenance aspects of an IOSA audit, but I would consider the following:
From the IOSA Standards Manual (Introduction)
Where an operator has chosen to outsource operational functions specified in IOSA provisions to external service providers, conformity with those provisions will be based on evidence provided by the operator that demonstrates acceptable processes are in place (i.e., documented and implemented) for monitoring such external service providers to ensure fulfilment of all requirements affecting the safety and security of operations. Auditing is recommended as an effective method for such monitoring of external service providers.
From Guidance Material
Guidance FLT 1.11.3
The purpose of such monitoring and control is to ensure databases and other internal and external sources of operational data provided for the support of flight operations are current, accurate and complete.
Based on the above, provided you ensure your suppliers have acceptable quality control systems in place and you periodically audit them, I would consider that you were compliant; although you would obviously need to document that.
Also note: this is a Recommended Practice, not a Standard; so even if you are non-compliant it will only generate an Observation, that you may chose to respond to or not, rather than a ‘Finding’ - see IOSA Standards Manual introduction.