At TomTom Telematics, we’re committed to the security of information and data privacy. We invest continuously in our engineering, proven technologies, processes and people to make sure we can always provide you the most reliable telematics service on the market. As one of the world‘s largest providers of telematics services, continual investment in our service is important. We’re always improving to make sure that we are the best partner for your business – now and in the future.
The Information Security Management System (ISMS) including the risk management processes securing the informational assets that support our business objectives and operations of TomTom Telematics WEBFLEET Engineering, Quality Assurance, IT services as well as our Business and Information Security Continuity Programs provided to the TomTom Telematics BV, at our Technology Headquarters, Inselstrasse 22, 04103 Leipzig, Germany, and at our secure Data Center co-locations. This is in accordance with the ISO/IEC 27001:2013 Statement of Applicability version 2015.06, dated 30/06/2015.
“The ISO 27001 certification underpins that we’re in complete control of our processes and even more importantly, that our client data is in safe hands, which is crucial for us providing a business critical fleet management “Software as a Service” (SaaS) solution.”
The cornerstone of TomTom Telematics’ commitment to information security is our set of security policies and programmes. Based on our rigorous risk management programme our policy aligns security with operations across the following topics:
A detailed set of security policies designed to provide management direction and support of the information management system and all operational activities with respect to WEBFLEET®.
Information Security is everyone’s business.
Employment of a full-time information security team to provide compliance and governance of the ISO 27001 in addition to alignment with the German Data Protection Act is at the foundation of the organisation of information security. All of our employees play an integral part in supporting the information security management system.
Security in the employment life cycle is critical to ensure that security is emphasized prior, during, and after the termination of employment.
Inventory, ownership, and maintenance of all our assets throughout the life cycle is important to ensure that assets are categorised, labelled, and assigned risk owners to ensure that all assets including those with company IP or customer data are handled in a correct and secure way to maintain security.
Through authentication / authorisation controls and identity management, all access is limited to a need-to-have basis. Additional controls assist to prevent unauthorised access for example system logging and monitoring which provides real-time detection across our security perimeter.
We invest in state of the art hardware and software solutions including proven cryptographic technologies in order to protect the confidentiality, integrity and availability of our customer’s data as well as our operational systems.
We place great value on ensuring physical and logical separation is maintained in WEBFLEET®. This includes ensuring that the physical location in which information assets are located are protected from unauthorised access, and that equipment is protected from environmental conditions to prevent the failure of services to our customers.
The protection of physical and virtual assets is critical to a secure telematics solution. This also includes maintaining a secure communications network and the facilities from which the network is hosted for secure transfer of the data between your vehicle and our WEBFLEET® backend.
TomTom Telematics operates two independent data centres in the European Union due to the high level of data privacy standards required. Our active / active configuration also ensures the highest availability including full disaster recovery.
As a software company, all of our products depend on secure coding principles and processes to ensure an agile product life cycle.
The WEBFLEET (SSDLC) Secure Software Development Life Cycle includes:
In addition, we facilitate the following programmes to secure our engineering perimeter:
Securing the external risks on the edge of our scope helps to ensure that no additional risk is added to the organisation through our partners or suppliers. When possible, we select suppliers who are ISO 27001 certified, as well as actively monitor our suppliers in order to maintain a secure working relationship and to be aware of changes to their environments which could affect our secure operations.
Should a security incident occur, it is important to have an effective approach for managing the incident, which includes the communication to all interested parties, as well as the internal reporting of security weaknesses which help support a secure perimeter.
We manage a detailed Business and Information Security Continuity programme to ensure that WEBFLEET® will be available to our customers even in the event of a disaster. Through our Active/Active data centre configuration, the probability of a major disaster in both centres is unlikely as each centre can maintain our entire operation if necessary which means you can rely on the WEBFLEET® service being available when you need it.
TomTom Telematics is controlled and audited to ensure data privacy compliance by our external Data Privacy Officer (DPO) which is aligned with §4f Abs.1 of the German Federal Data Protection Act (BDSG).
Our ISMS Security team performs regular reviews of legal or security requirements which might have an effect on WEBFLEET® or our information security management system.
The WEBFLEET® Certified Information Security and Data Privacy technical document may be requested from TomTom Telematics by submitting the form below: