Wejo Ltd ISMS Policy v2.2

Context of the Organisation

Wejo Limited is a company that creates an industry-leading car data marketplace and innovates with global brands to reimagine driver experiences and deliver brilliant insights that transform how the world moves. The company is focussed on the connected car vertical within the motor industry.

Security Objectives

Listed below are Wejo’s security objectives, in line with the strategic direction of the company. The objectives have been approved by the Information Security Steering Group (ISSG). The security objectives for Wejo Limited are:

  • Comply with all security policies, processes and procedures.
  • All employees will be fully aware of their security responsibilities facilitated by annual training.
  • Consider Information Security at the outset of all activities.
  • Report on the progress of the ISMS program.
  • Comply with the requirements of the ISO 27001:2013 for Information Security.
  • Continually improve security processes and controls using tangible KPIs and metrics.
  • Meet all regulatory and legislative requirements.
  • Ensure the availability of all information and systems where required.
  • Ensure the integrity of all information and systems.
  • Ensure the confidentiality of all information and systems.
  • Communicate this policy statement to the public, through our website and on request.

ISMS Scope

The scope of Wejo’s ISMS encompasses all of its people, whether that be employees, contractors and sub-contractors. It also covers the Wejo ADEPT platform and all other Wejo services and products.

All internal business support processes and customer service processes are covered, alongside Wejo’s technology and information assets – virtual and physical. This takes the guise of end user computing devices, all IT and physical network infrastructure and assets controlled by Wejo according to the cloud service provider’s shared responsibility model.

It is the responsibility of the Wejo Board of Directors to ensure that sufficient resources are made available to enable this policy statement to be effective and enduring and that all employees affected by the policy and ISMS have the proper training, awareness, and competency.

The Board has also appointed a Director of Information Security and SVP Risk & Compliance who will assist Wejo in meeting the requirements of specific provisions and advising on Information Security matters generally. This statement is supported by our ISMS manual, which details the organisation, arrangements, and the standards to be achieved in our operations. This statement will be made available to all stakeholders on request. This policy statement is reviewed and, approved by the company via the ISSG annually.

Wejo Ltd.

May 2023