Fleet management you can trust

Let's drive business. Further.

Request callback Download datasheet

At Webfleet, we’re deeply committed to the security and privacy of information.

Our recent achievement - the ISO/IEC 27001:2022 certification - reflects our dedication to maintaining the highest standards in information security.

We continuously invest in our engineering, proven technologies, processes, and people to ensure we deliver the most reliable telematics services on the market. As one of the world’s largest providers of telematics solutions, ongoing improvement is essential.

We’re always evolving to remain the best possible partner for our clients - today and in the future.

Reasons for Webfleet

ISO/IEC 27001:2022 Certified Information Security

Learn more⁠

99,95% uptime

Local support

For over 25 years, Webfleet has prioritized data privacy and information security. Achieving ISO/IEC 27001:2022 certification demonstrates our commitment to a robust Information Security Management System (ISMS), ensuring risks are managed effectively and customer data remains confidential, integral, and available. This certification reflects our dedication to continuous improvement and safeguarding information assets.

Jan-Maarten De Vries, President of Webfleet

Information Security Management System

The cornerstone of Webfleet's commitment to information security is our set of security policies and programmes, supported by leadership and embedded across the organization. Based on a rigorous risk management programme, our policies align security with operations across key information security areas. These policies are regularly reviewed, communicated, and supported by training and documentation. We continuously monitor and improve our security posture through performance evaluations and feedback mechanisms, ensuring alignment with ISO/IEC 27001:2022 requirements.

Information Security Policies

Webfleet maintains a comprehensive set of information security policies that provide clear management direction and operational support for the Webfleet Telematics Service Platform. These policies are aligned with our risk management framework and are designed to meet the objectives of our ISMS. They are approved by senior leadership, regularly reviewed, and communicated across the organization to ensure awareness and compliance. The policies are accessible to relevant internal and external stakeholders, supporting transparency and accountability in our security practices.

Organisation of Information Security

At Webfleet, information security is a shared responsibility across the organization. We employ a dedicated, full-time information security team responsible for the governance and compliance of our ISMS, aligned with ISO/IEC 27001:2022, GDPR, and other applicable regulations. All employees and external partners are actively engaged in supporting the ISMS through clearly defined roles and responsibilities. We ensure segregation of duties to minimize risk, maintain contact with relevant authorities, and participate in industry groups to stay informed of emerging threats and best practices. Information security is embedded into our project management processes to ensure secure development and deployment of services.

Human Resources

Webfleet recognizes that security throughout the employment lifecycle is essential. We implement security measures prior to hiring, including role-based screening, and ensure that employment contracts include clear information security responsibilities. During employment, all staff and external partners receive regular training and awareness sessions to reinforce our information security principles. Upon termination, access rights are promptly revoked, and confidentiality obligations continue to apply. These practices help maintain a secure working environment.

Asset management

Webfleet maintains a comprehensive asset management process to ensure that all information and associated assets are inventoried, categorized, and assigned to responsible owners. This includes assets containing company intellectual property and customer data. Each asset is managed throughout its lifecycle (from acquisition to disposal) with appropriate labeling, classification, and risk ownership. We enforce acceptable use policies and ensure that assets are returned or securely disposed of when no longer needed.

Access Control

Webfleet enforces strict access control policies based on the principle of least privilege. Access to systems and data is granted only on a need-to-have basis through robust authentication and authorization mechanisms, supported by comprehensive identity management. Credentials are securely managed, and access rights are regularly reviewed to ensure alignment with role requirements. To prevent unauthorized access, we implement system logging and real-time monitoring across our security perimeter, enabling rapid detection and response to potential threats.

Cryptography

Webfleet employs state-of-the-art hardware and software solutions, including proven cryptographic technologies, to safeguard the confidentiality, integrity, and availability of customer data and operational systems. Cryptographic controls are applied to protect data both at rest and in transit, in accordance with our cryptographic procedure. We maintain robust key management practices to ensure secure generation, distribution, storage, rotation, and disposal of cryptographic keys.

Physical and Environmental Security

Webfleet places strong emphasis on maintaining both physical and logical separation within the Telematics Service Platform. Our physical locations are secured against unauthorized access through controlled entry systems and monitored perimeters. Equipment is protected from environmental threats such as temperature, humidity, and power fluctuations to ensure service continuity. Secure areas are governed by strict access procedures, and delivery zones are managed to prevent unauthorized handling of assets.

Communications Security

Webfleet ensures the protection of both physical and virtual assets as part of our secure telematics solution. We maintain a secure communications network and hosting infrastructure to support the safe transfer of data between vehicles and the Webfleet Telematics Service Platform backend. Our network architecture incorporates physical and logical separation, secure protocols, and monitoring to prevent unauthorized access and ensure data integrity. Formal procedures and guidelines govern all data transfers.

Operational Security

Webfleet services are deployed redundantly across three AWS Availability Zones in Frankfurt, Germany, ensuring compliance with EU data protection standards. Each Availability Zone consists of at least one independent data center with redundant power, networking, and connectivity infrastructure. The zones are geographically separated to minimize the risk of a single local disaster affecting multiple zones. Our configuration guarantees high availability and supports full disaster recovery capabilities.

To maintain a secure and resilient operational environment, Webfleet implements the following security controls:

Malware Prevention
Monitoring
Vulnerability & Patch Management
Penetration Testing
Incident Management
Network Security
System Hardening

Systems Acquisition, Development & Maintenance

As a software company, all of our products depend on secure coding principles and processes to ensure an agile product life cycle.

1. Engineering

Software design analysis

2. Completed development

Static inspection of code

3. Quality assurance

Dynamic analysis of the application

4. Deployment

Deployment and stabilisation of the application

The Webfleet Telematics Service Platform follows a secure development lifecycle according to international best practices. This includes peer-reviewed design and coding practices, adherence to internal style guidelines, rigorous QA and load testing procedures. Our release management process ensures controlled and traceable deployments. Security is embedded throughout the lifecycle via static code analysis against the OWASP Top 10 and SANS Top 25 vulnerabilities, helping to proactively identify and remediate risks before release.

Supplier Relationships

Webfleet maintains strict controls over supplier relationships to ensure that third-party services and products meet our information security standards. All suppliers are subject to contractual security requirements aligned with ISO/IEC 27001:2022, including data protection obligations, access control, and incident reporting. We assess supplier risks during onboarding and conduct regular reviews to ensure continued compliance. Where applicable, we require suppliers to implement security controls equivalent to those used internally, especially when handling customer data or supporting critical infrastructure.

Information Security Incident Management

Webfleet maintains a structured and responsive incident management process to ensure timely detection, reporting, and resolution of security events. All incidents (whether suspected or confirmed) are logged and assessed by our security teams. We follow a defined workflow for containment, investigation, root cause analysis, and remediation. Communication protocols are in place to notify relevant stakeholders, including customers and authorities when required. Post-incident reviews are conducted to identify lessons learned and improve future response capabilities. This approach ensures the resilience of our Telematics Service Platform.

Information Security Aspects of Business Continuity Management

Webfleet ensures the resilience and availability of our services through a robust business continuity framework. Our infrastructure is designed to withstand disruptions, with services deployed across three AWS Availability Zones in Frankfurt, Germany. This configuration supports high availability and full disaster recovery, minimizing the risk of service interruption.

Business continuity planning includes:

Identification of critical business processes and dependencies
Disaster recovery procedures for infrastructure and data
Regular testing of failover and recovery capabilities
Integration of continuity planning with incident management
Ongoing review and improvement of continuity strategies

These measures ensure that Webfleet can maintain operations and protect customer data even in the event of unexpected disruptions.

Compliance and Data Privacy

Webfleet oversees compliance with the GDPR as well as other relevant local privacy legislation.
Our ISMS Security team performs regular reviews of legal or security requirements which might have an effect on the Webfleet Telematics Service Platform or our information security management system.

Maximum security and integrity

Your data is in safe hands with our ISO/IEC 27001:2022 certified system.

Data deletion

Data is marked as dereferenced and overwritten in the event of data deletion to prevent that the data should be accessible by any other parties.

Choose integrity. Protect the environment.

We do our part to provide you a secure platform, which allows you to save costs while doing your part for the environment.

Protecting driver privacy

With our focus on data protection, Webfleet has worked together with privacy groups and work councils to demonstrate our commitment to your privacy.

Data retention

Per default, Webfleet retains all detailed data including precise data tracks for up to ninety (90) days, and current year plus previous two (2) years for our logbook, dashboard and reporting. This may differ due to specific country related regulations.