wejo Ltd ISMS Policy

Context of The Organisation

wejo Limited is a company that creates an industry-leading car data marketplace, and innovates with global brands to reimagine driver experiences and deliver brilliant insights that transform how the world moves. The company is focused on the connected car vertical within the motor industry.

Security Objectives

Listed below are wejo’s established security objectives, in line with the strategic direction of the company. The objectives have been endorsed by top management via the Information Security Steering Group (ISSG). The security objectives for wejo Limited are:

  • Comply with all security policies, process and procedures
  • Employees attend annual awareness training
  • Consider information security at the outset of all activities
  • Report on progress of the ISMS program
  • Comply with the requirements of ISO 27001:2013 for information security
  • Continually improve security processes and controls, using tangible KPIs and metrics
  • Meet all regulatory and legislative requirements
  • Keep compliant with the certified TISAX labels as per OEM requirements
  • Ensure the availability of all information and systems where required
  • Ensure the integrity of all information and systems
  • Ensure the confidentiality of all information and systems
  • Communicate this policy statement to the public, through our website and on request

ISMS Scope

The scope of wejo’s ISMS encompasses all of it’s people, whether that be employees, contractors and sub-contractors. It also covers the wejo ADEPT platform and all other wejo services and products.

All internal business support processes and customer service processes are covered, alongside wejo’s technology and information assets – virtual and physical. This takes the guise of end user computing devices, all IT and physical network infrastructure and assets controlled by wejo according to the cloud service provider’s shared responsibility model. The locations that wejo operate in are Manchester and Chester in the UK, and San Jose and Austin in the USA.

It is my responsibility as CEO to ensure that sufficient resources are made available to enable this policy statement to be effective and enduring and that all employees affected by the policy and ISMS have the proper training, awareness, and competency. The Board has also appointed a Head of Information Security and Head of Security, Risk and Compliance who will assist us in meeting the requirements of specific provisions and advising us on Information Security matters generally. This statement is supported by our ISMS Policies and Procedures Manual, which details the organisation, arrangements and the standards to be achieved in our operations. A copy of this manual is held on our intranet site and will be brought to the attention of all personnel, along with this Policy Statement and any revisions to it. This statement will be displayed prominently at all of our premises and made available to other stakeholders - on request. This policy has been approved by the company management and shall be reviewed by the ISSG annually.

Richard Barlow, CEO, Wejo Ltd.

12th December 2019

v1.0/24th September 2019