Certified

information security
and data privacy
telematics
 The purpose of this whitepaper is to provide detailed information to our business partners,
interested parties and customers regarding the ISO/IEC 27001 certified Webfleet Telematics
Service Platform. It contains the level of information required to support all interested parties
with due diligence and risk analysis activities, as well as support data protection officers and
work councils with their data privacy initiatives.

At Webfleet, we’re committed

to the security of information
and data privacy.
We invest continuously in our engineering, proven technologies, processes and people
to ensure that we can always provide the most reliable telematics service on the market.

The power of Webfleet Telematics Service Platform

ISO 27001 INFORMATION SECURITY CERTIFIED
Our service platform and our mature processes have been certified ensuring that our customers benefit
from the highest level of protection for information security and data privacy.

HIGHEST STANDARD EV SSL ENCRYPTION

Secure, encrypted login and data transfer to the service platform. You can trust your data is safe and secure.

LOCAL INSTALL ATION

Nationwide and international installers.

FIRST CL ASS SUPPORT

from local resellers and system integrators.

APP CENTER
Proven integrations and add-on apps available in App Center.

It’s no surprise we’re a global leader in fleet management and telematics.

As one of the world‘s largest providers of telematics services, continual investment in our
service is important. We’re always improving to make sure that we are the best partner for
your business – now and in the future.

2
Content

1 INFORMATION SECURIT Y MANAGEMENT SYSTEM 4

2 INFORMATION SECURIT Y POLICIES 5

3 ORGANISATION OF INFORMATION SECURIT Y 6

4 HUMAN RESOURCES SECURIT Y 7

5 ASSET MANAGEMENT 8

6 ACCESS CONTROL 8

7 CRYPTOGR APHY 10

8 PHYSICAL AND ENVIRONMENTAL SECURIT Y 11

9 OPER ATIONAL SECURIT Y 13

10 COMMUNICATIONS SECURIT Y 19

11 SYSTEM ACQUISITION, DEVELOPMENT AND MAINTENANCE 22

12 SUPPLIER REL ATIONSHIPS 27

13 INFORMATION SECURIT Y INCIDENT MANAGEMENT 27

14 INFORMATION SECURIT Y ASPECTS OF BUSINESS CONTINUIT Y MANAGEMENT 28

15 COMPLIANCE AND DATA PRIVACY 31

16 PL ATFORM SECURIT Y AND COMPLIANCE FEATURES 34

17 CONCLUSION 36

18 PL ATFORM SERVICE LEVELS 37

3
1 INFORMATION SECURITY MANAGEMENT SYSTEM

What is ISO/IEC 27001? Our ISMS certified scope

The ISO/IEC 27001 international standard was Our Information Security Management System
developed in order to provide a standard means (ISMS) covers all of our critical business
of protecting information assets. Information is processes necessary to secure the informational
defined as any physical or virtual asset which assets related to the Webfleet Telematics
can be deemed valuable to the organisation. Our Service Platform. This includes the architecture,
strategy for the continued protection of these engineering, quality assurance and IT services
assets as well as the data of our customers, provided to the Webfleet B.V at our Technology
are covered through our Information Security Headquarters in Germany, as well as our secure
Management System (ISMS). data center co-locations located within the
European Union. This is in accordance with the
As a management system, it ensures that all
ISO/IEC 27001 standard and implemented as
processes and information assets are regularly
detailed in our Statement of Applicability.
reviewed holistically throughout the organisation,
and aligned to the Webfleet baseline for We implemented an ISO/IEC 27001 compliant
acceptable risk. management system in 2012, and have maintained
this certification through yearly internal and
external assessments to ensure our compliance

with this international standard. The certification

is one of the most recognised management
“The ISO 27001
standards in the field of information security
certification underpins management incorporating or exceeding
that we’re in complete control most of the controls recommended by
of our processes and even more PCI or ISAE 3402 standards, which we
importantly, that our client data is believe makes Webfleet a best-in-class
in safe hands, which is crucial for provider of Software as a service (SaaS)
us providing a business critical for fleet management.

fleet management “Software as

a Service (SaaS) solution.”
Jan-Maarten de Vries,
President of Fleet Management Solutions,
Bridgestone Mobility Solutions The certification can be verified
on the certificate/client directory of the
certification body TÜV SÜD.

4
2 INFORMATION SECURITY POLICIES

Webfleet is committed to the security of the These policies are reviewed both internally and
Webfleet Telematics Service Platform, as well externally by non-partial authorities on a regular
as to that of our organisation. This includes all basis to ensure compliance with the ISO/IEC 27001
information assets involved in the development, standard as well as all relevant legislation, to ensure
testing, and operations as stated in our ISMS that they maintain their continued effectiveness
scope. and integrity.

This commitment is outlined in our Bridgestone

Group code of conduct:
All employees and suppliers of the Webfleet
Go to Bridgestone Code of Conduct Development Germany GmbH should comply with
the security policies or contractually established
and in our privacy policy:
requirements. Regular information security
Go to Webfleet Privacy Policy awareness training and documentation is provided
to our employees to maintain a high level of
The cornerstone of Webfleet’ commitment to information security awareness within the company.
information security is our set of security policies All aspects of security are covered in the scope of
and programmes which cover the documents and trainings and cover such issues
the organisation of information security as well as: as clean desk and safe use of the internet, secure
coding, working safely from remote locations, and
• Human resources security
the correct procedure for labelling and handling of
• Asset management sensitive data.

• Access control

• Cryptography Additional information is provided based on ad-

hoc skill trainings to ensure that all employees
• Physical and environmental security
are aware of their responsibilities to information
• Operations security security and are up to date with the latest
technologies and vulnerabilities related to the
• Communications security operations of Webfleet Telematics Service Platform
and the organisation for which they are responsible.
 ystem acquisition, development and
•S
All documentation is designed to be digestible in
maintenance
order to ensure the effectiveness of those policies.
• Supplier relationships

• Information security incident management

• I nformation security aspects of business

continuity management

• Compliance and data privacy

5
3 ORGANISATION OF INFORMATION SECURITY

Information security is everyone’s business

Webfleet employs a full-time information •P
 roviding continual feedback to top
security team, integrated in our engineering, management regarding the status of the
and IT departments, supported by some of the information management system and any risks
best and brightest talent within the industry in which might require a management review
information, application, and network security.
•M
 onitoring of all technical systems to ensure
This team is responsible for maintaining the
real-time reaction to all incidents whether
company’s information security shield, developing
security or information related
and reviewing our various security policies and
posture to ensure that all possible risks are •P
 roviding incident management services to
managed, aligned with the company strategies provide a tactical overview and analysis of
and appetite for risk management. For data information security assets and the threats to
privacy related topics, our external data privacy them
officer coordinates with the information security
team to ensure compliance and communication •M
 aintaining strict controls of our separated
with our interested parties and internal teams. network environments for development,
testing, and production through such
At Webfleet, some standard information security programmes as vulnerability management,
and data protection activities include: capacity management, patch management,
static code analysis and review, aligned with
•C
 ontinual review and improvement of
the best practices of such standards like ITIL
security policy and procedures related to
and ISO 20000 for service management
our high-availability network, redundant
systems, and world class services based •M
 aintaining contacts within the security
on the best practices and standards within community, local law enforcement, as well as
the international community as well as the Webfleet Group legal and HR teams to ensure
incorporation of custom designed controls legal and regulatory compliance and internal
through a multi-layered approach auditing

•C
 onducting regular technical security design •P
 roviding physical security review and
and implementation level reviews on all layers awareness in our office and data centre
of the organisation within the scope of the facilities
ISMS

6
4 HUMAN RESOURCES SECURITY

Information security is crucial prior to, during, and other relevant privacy legislation. Additionally,
after the termination of employment. This includes all employees are regularly trained and educated
selecting the right employees or contractors and with corporate security and data protection
providing them continual customised training. regulations which might affect them to reduce
the company’s overall operational risk. The
Human resources ensures that our most important
use of subcontractors in our development and
assets, our employees are protected aligned with
operational departments is kept to a minimum and
local and national working regulations, and to
additional controls are implemented to maintain a
communicate contractually their role in supporting
high security perimeter.
and maintaining information security within the
organisation in order to protect our customers’ The confidentiality and privacy of customer
data and our intellectual property. information and data is emphasised in our policies
and during new employee orientation where
Employees are required to conduct themselves
employees are provided with security training as
in a manner consistent with the company’s
part of the new hire orientation. In addition, each
guidelines regarding confidentiality, business
Webfleet employee is required to comply with the
ethics, appropriate usage, and professional
company’s code of conduct. The code outlines
standards. Upon hire, Webfleet verifies an
Webfleet’ expectation that every employee
individual’s education and previous employment,
will conduct business lawfully, ethically, with
and performs internal and external reference
integrity, and with respect for each other and the
checks. Where local labour law or statutory
company’s users, partners, and even competitors.
regulations permit, Webfleet may also conduct
Depending on an employee’s job role; additional
criminal, credit, immigration, and security checks
security training and policies may apply.
where appropriate for the role. The extent of
background checks is dependent on the desired Webfleet employees handling customer
position. data are required to complete additional
requirements in accordance with these policies.
Upon acceptance of employment at Webfleet,
Training concerning customer data outlines
all employees are required to execute a
the appropriate use of data in conjunction with
confidentiality agreement and must acknowledge
business processes as well as the consequences of
receipt of and compliance with policies in the
violations. Every Webfleet employee is responsible
Webfleet IT user manual and all other policies
for communicating security and privacy issues to
and procedures related to the scope of their
designated Webfleet security staff. The company
employment.
provides confidential reporting mechanisms to
In order to comply with legislation, our staff ensure that employees can anonymously report
are bound to data secrecy in their employee any ethics violation they may witness.
contracts which is aligned with the EU General
Data Protection Regulation (GDRP), as well as

7
5 ASSET MANAGEMENT

Responsibility and a media life cycle which includes the secure

handling and disposal of all relevant media in
classification of information scope.
At Webfleet, all informational assets are assigned
When any media is retired from Webfleet’
an asset owner as well as a risk owner.
systems, physical disks containing customer
The responsibility of these individuals is to information are subjected to a data destruction
identify and maintain the proper management process before leaving Webfleet’ premises. First,
and classification of Telematics assets aligned policy requires the disk be logically wiped by
with the various policies and procedures for authorised individuals. The erasure consists of
information security. During regular auditing of a full write of the drive with all zeroes (0x00)
our information systems, the information security followed by a full read of the drive to ensure that
team coordinates with all asset/risk owners to the drive is blank with a follow up inspection to
verify and maintain compliance. confirm that the disk has been successfully wiped.
These erase results are logged by the drive’s serial
number for tracking. Finally, the erased drive is
Media handling and disposal released to inventory for reuse and redeployment.

If the drive cannot be erased due to hardware

All media at Webfleet is subject to secure policies
failure, it must be securely stored until it can be
and procedures for proper handling. Media is any
sent for secure destruction. Secure destruction
format in which information might be contained
is performed through our ISO 27001 certified
including, but not limited to physical hard disks,
media destruction vendors which includes reviews
USB sticks, compact discs, paper, electronic
of protocols for all outgoing media. Webfleet
documentation and communications. We employ
performs regular internal audits for compliance
with our media disposal policy.

6 ACCESS CONTROL

User access management

and responsibilities
Webfleet has extensive controls and practices in platform customers (consumers, business, and
place to protect the security of our customer’s even our own data) is distributed amongst a
information. Our Platform runs in a multi-tenant, shared infrastructure composed of Webfleet’
distributed secure environment. Rather than many homogeneous machines and located across
segregating each customer’s data onto a single Webfleet’ Active/Active ISO/IEC 27001 compliant
machine or set of machines, the data from all data centres located in Germany.

8
Webfleet Telematics Service Platform uses a •P
 hysical security protection of the data centre
distributed file system designed to store large environment
amounts of data across large numbers of
• I ntegrity of the production operating system
computers. Structured data is then stored in a
environment
large distributed database built on top of the
file system. Data is chunked and replicated over •L
 imited, as-needed system administrator (root)
multiple systems such that no one system is a level access to production hosts granted to a
Single Point of Failure (SPOF). Data chunks are specialised group of employees whose access
given random file names and are not stored in is monitored
clear text so they are not humanly readable.
The layers of our platform require that requests These aspects of the Webfleet security practices
coming from other components are authenticated are covered in more detail in subsequent sections
and authorised. Service-to-service authentication of this document.
is based on a security protocol that relies on a
platform system to broker authenticated channels
between application services. In turn, trust Authentication controls
between instances of this authentication broker is
derived from x509 host certificates that are issued Webfleet requires the use of a unique user ID for
to each platform production host by a Webfleet each employee. This account is used to identify
internal certificate authority. each person’s activity on Webfleet’ network,
including any access to employee or customer
Access by production application administrative data. This unique account is used for every system
engineers to production environments is at Webfleet. Upon hire, an employee is assigned
similarly controlled. A centralised group and role the user ID by Human Resources and is granted a
management system is used to define and control default set of privileges described below. At the
engineers’ access to production services, using end of a person’s employment, policy requires
an extension of the above-mentioned security that the account’s access to Webfleet’ network be
protocol that authenticates engineers through the disabled from within the HR system.
use of a personal x509 certificate that is issued to
them. Policy requires that administrative access Where passwords or passphrases are employed
to the production environment for debugging and for authentication (e.g., login to workstations),
maintenance purposes be based on secure shell systems enforce Webfleet’ strong password
(SSH) public key authenticated connections. For policies, including password expiration,
both scenarios, group memberships that grant restrictions on password reuse, and sufficient
access to production services or accounts are password strength. Webfleet makes widespread
established on an as-needed basis. use of two-factor authentication mechanisms,
such as certificates and one-time password
The security controls described above rest on generators.
the foundation of the integrity of the production
platform. This platform in turn is founded on:

9
 of authorisation settings and the approval process
Authorisation controls to ensure consistent application of the approval
Access rights and levels are based on an policies. An employee’s authorisation settings are
employee’s job function and role, using the used to control access to all resources, including
concepts of least-privilege and need-to-know to Service Platform data and production systems.
match access privileges to defined responsibilities.
Our employees are only granted a limited set of
default permissions to access company resources,
such as email, Webfleet’s internal portal, and HR
System logging
information. Requests for additional access follow Webfleet’ policy is to log administrative access
a formal process that involves a request and an to all of our systems and data. These logs are
approval from a data or system owner, manager, reviewable by Webfleet security staff on an as-
or other executives, as dictated by Webfleet’ needed basis in order to support forensic activities
security policies. Approvals are managed by or in order to protect the perimeter of our security
workflow tools that maintain audit records of all countermeasures, and are mirrored on a separate
changes. These tools control both the modification server in which the logs are not editable.

7 CRYPTOGRAPHY

Webfleet invests in state-of-the-art hardware and SSL/TLS certificates are provided by an industry
software solutions including proven cryptographic leader for cryptographic security. 2048-Bit
technologies to ensure that informational certificates are provided for delivering the perfect
assets and confidential data are transferred and balance between performance and strong security
maintained via high encryption and in a secure and is also recommended by the National Institute
manner. This is critical in maintaining the security of Standards and Technology (NIST) and the
of our customer’s data, and operational integrity German Federal Office for Information Security
of our systems. (BSI).

Webfleet environments are optimally protected In addition, the SSL/TLS certificates support:
against any threats, and that our operations team
•2
 56-bit and 128-bit https AES encryption.
is alerted in real-time to any intrusion attempts
Https is used by default for accessing data
both internal and external.
using the UI or Platform API’s

•S
 HA-256 encryption which meets the highest
Secure data transfer EU government cryptographic standards

Webfleet provides a secure SSL/TLS data transfer •E

 xtended Validation (EV) authentication level
of Service Platform data (UI or Platform API’s). which is the highest possible achievable level

10
8 PHYSICAL AND ENVIRONMENTAL SECURITY

Webfleet maintains strict separation of its

Geographical/physical
physical, logical and environmental information
and infrastructure in order to provide the most
separations
secure experience possible for our customers and Webfleet’ data centres are geographically
their data. distributed and aligned with the requirements
This also includes the protection of information of the ISMS. They also employ a variety of
equipment involved in the processing perimeter of physical security measures to maintain our
our operations. security perimeter. The technology and security
Some examples of how physical and mechanisms used in these facilities may vary
environmental security are controlled: depending on local conditions such as building
location and regional risks; however we place high
•S
 ystem hardening based on the Center for value on our locations and vendors being ISO/IEC
Internet Security (CIS) standard for operating 27001 certified when possible.
system, database, and network device
The standard physical security controls
hardening
implemented at each of Webfleet’ data centres
•R
 egular review, testing and deployment are composed of well-known technologies and
through our patch management programme follow generally accepted industry best practices
such as:
•C
 entralised management of access control lists
based on role based access control (RBAC) •C
 ustom designed electronic card access
best practices to ensure all access is restricted control systems
only to those who require this access, and this
• Alarm systems
access is monitored and logged in order to
provide investigative evidence in the event of • Interior and exterior cameras
system tampering
• Security patrols
• Regular monitoring and audit including log files

•R
 eal-time monitoring and alert of all
operational systems both of physical and
virtual assets

• I ntrusion Prevention systems with real-time

alerting using Network-based (NIPS), Wireless
(WIPS), Network Behaviour Analysis (NBA)
and Host-based Intrusion Prevention Systems
(HIPS). By incorporating IP systems from
various vendors, we are able to use several
detection methods including signature-
based, statistical anomaly-based, and stateful
protocol analysis detection

11
Physical access to areas where systems, or
Environmental security
system components, are installed or stored is
segregated from general office and public areas Webfleet’ computing clusters are architected
such as lobbies. Cameras and alarms for each of with resiliency and redundancy in mind, helping
these areas are centrally monitored for suspicious minimise single points of failure and the impact
activity, and the facilities are routinely patrolled of common equipment failures and environmental
by security guards. Webfleet’ facilities use high risks. Dual circuits, switches, networks, and
resolution cameras with video analytics and other other necessary devices are utilised to provide
systems to detect and track intruders. Activity redundancy. Facilities infrastructure at the data
records and camera footage are kept for incident centres has been designed to be robust, fault
review, should it become necessary for forensic tolerant, and concurrently maintainable.
purposes. Additional security controls such as
thermal imaging cameras, perimeter fences
and biometrics may be used when necessary. Power
Access to all data centre facilities is restricted to
authorised Webfleet employees, approved visitors, To support Webfleet’ 24x7 continuous operations,
and approved third parties whose job it is to redundant electrical power systems are provided
operate the data centre. by the data centres. A primary and alternate
power source, each with equal capacity, is
provided for every critical component in the data
centre. Upon initial failure of the primary electrical
Webfleet also maintains a visitor access policy
power source — due to causes such as a utility
and set of procedures stating that data centre
brownout, blackout, over-voltage, under-voltage,
managers must approve any visitors in advance
or out-of-tolerance frequency condition — an
for the specific internal areas they wish to visit.
Uninterruptible Power Supply (UPS) or Diesel
The visitor policy also applies to any employees
Rotary Uninterruptible Power Supply (DRUPS)
of Webfleet who do not normally have access
are intended to provide power until the backup
to data centre facilities. Webfleet audits who
generators can take over. The diesel engine and
has access to its data centres on a regular basis
diesel rotary backup generators are capable of
to help ensure that only appropriate personnel
providing enough emergency electrical power to
have access to the Webfleet space as required
run the data centre at full capacity for a period of
to perform their job functions. Webfleet restricts
time until normal power can be restored.
access to its data centres based on role, not
position. As a result, even most senior executives
at Webfleet do not have access to Webfleet’ data
centres

12
Climate and temperature Fire detection and suppression

Air cooling is required to maintain a constant Automatic fire detection and suppression
operating temperature for servers and other equipment helps prevent damage to computing
computing hardware. Cooling prevents hardware. The fire detection systems utilise heat,
overheating and reduces the possibility of service smoke, and water sensors located in the data
outage. Computer room air conditioning units are centre ceilings and underneath the raised floor.
powered by both normal and emergency electrical In the event of fire or smoke, the detection system
systems. Additionally, oxygen reduction systems triggers audible and visible alarms in the affected
are in place to reduce the amount of oxygen zone, at the security operations console, and at the
available in the data centres to the minimum remote monitoring desk. Manually operated fire
required for our employees to work in the space, extinguishers are also located throughout the data
yet not enough that a fire may occur. This provides centres. Data centre technicians receive training
the perfect balance and security that we require on fire prevention and extinguishing of fires,
for our Service Platform systems. which also includes the use of fire extinguishers.
Most of our data centres also provide a nitrogen
reaction system which can be activated to remove
any remaining oxygen out of the air, thereby
neutralising the effects of possible fire risk.

9 OPERATIONAL SECURITY

Active/active data centre impacts to customers, therefore our services

are protected against disasters and business
setup overview contingency is ensured meeting the reliability
Webfleet is currently running two data centres needs of our customers.
in active/active setup. The multi-homing
infrastructure and the load balancing equipment
permit the utilisation of internet uplinks, Data centre security
application servers and services from both
locations simultaneously. Webfleet operates two independent data centres
in the European Union due to the high level of
Both data centres are connected via 3 redundant data privacy standards which are required for
gigabit connections to provide a performant and data centres located in the EU. Both centres are
stabile ring of communication channels between sited underground in two different cities within
services located in both centres. During normal Germany provided from two separate vendors
operations, both data centres are configured and operated in an active/active configuration
to share the load, but each data centre is able ensuring the highest availability and full disaster
providing all services without performance recovery capabilities even due to events related to
force majeure.

13
Both data centres provide very high levels of security and are detailed as followed:

Data centre 1 (Germany) Data centre 2 (Germany)

• Separated areas with secured access • Separated areas with secured access
only for authorised IT administrators only for authorised IT administrators of
team employees of Webfleet Webfleet

• ISO 27001 Certified • ISO 27001 Certified

• Three-stage access control for physical • Three-stage access control for physical
access access

• N+1 redundant high performance UPS • Redundant high performance UPS

• N+1 emergency power generator • Emergency power generator

• Regular monthly tests • Regular monthly tests

• N+1 independent air conditioning • M ultiple independent air conditioning

systems systems

• Permanent oxygen reduction for fire • 24x7 monitoring

prevention (~15%)
 ultiple house lead ins for wide area
•M
• Windowless underground facility network connectivity

• 24x7 monitoring •A
 lert sensors for humidity, smoke,
vibration, etc.
• M ultiple house lead ins for WAN
connectivity •V
 ideo surveillance with 30 day recording
to support security investigations
• Alert sensors for humidity, smoke,
vibration, etc.

• Video surveillance with 30 day recording

to support security investigations

14
High level network overview

The following high level overview of our network configuration between both data centres helps
give an impression or our active/active data centre setup:

Redundant Uplink-Router Redundant Uplink-Router

(BGP4) (BGP4)
1 Gbit/s // BGP 4 1 Gbit/s // BGP 4

Redundant Virtual Private Redundant Virtual Private

Network (VPN) Router Network (VPN) Router

1 Gbit/s 1 Gbit/s
Next Generation Firewall Next Generation Firewall
Cluster EoDWDM Cluster

Ring
1 Gbit/s 1 Gbit/s
Platform Messaging Site 1 Site 2 Platform Messaging
Loadbalancer-Cluster Loadbalancer-Cluster

1x fully redundant Gbit EoDWDM Ring

UI & WEBFLEET.connect UI & WEBFLEET.connect
API Loadbalancer-Cluster API Loadbalancer-Cluster

Production Network
Firewall Cluster Firewall Cluster

Quality
of Service Standardized
High Availability - Pair Services
High Availability - Pair
10 Gbit/s 10 Gbit/s
Carrier
Layer-3 Switch Ethernet Layer-3 Switch
Service
Scalability
10 Gbit/s Management 10 Gbit/s

Layer-3 Switch Layer-3 Switch

Reliability

Data Center 1 Management, Backup & Monitoring Networks Data Center 2

1x fully redundant 10 Gbit Carrier Ethernet

Acronym legend

EoDWDM Ethernet over Dense Wavelength Division Multiplexing – high performance

connection for high bandwidth requirements

BGP4 Border Gateway Protocol – Standard gateway protocol to exchange routing and
reachability information between autonomous systems on the Internet. BGP4
allows for aggregation of routes including autonomous system paths

VPN Virtual Private Network – enables sending and receiving of data across shared
or public networks in a secure manner as if connected to a company network

UI User Interface

API Application Programming Interface – An interface which allows for users to

connect to the Service Platform over various methods

Gbit Gigabit

15
Logically separated operations environments
Development QA/Stage Pre-Production Production
QA-Servers Pre-Production Preview Production
(User Acceptance Testing) (Load Test) Server

UI UI
Developer
Local Server
CSV CSV

SOAP SOAP
DEV Team-Server
with WF-Stack
UI UI

CSV CSV

SOAP SOAP

Messaging

ENTERPRISE LEVEL ENTERPRISE LEVEL ENTERPRISE LEVEL ENTERPRISE LEVEL

DATABASE DATABASE DATABASE DATABASE
Development QA Production Production

Network security
Webfleet employs multiple layers of defence • Routing
 of all traffic through custom front-end
to help protect the network perimeter from servers that help detect and stop malicious
external and internal attacks. Only authorised requests
services and protocols that meet Webfleet’ •C
 reate internal aggregation points to enable
security requirements are permitted to traverse better monitoring
the company’s network. Unauthorised packets
are automatically dropped. Webfleet’ network •E
 xamination of logs for exploitation of
security strategy is composed of the following programming errors (e.g., cross-site scripting)
elements: and generating high priority alerts if an event
is found
•C
 ontrol of the size and make-up of the
network perimeter. Enforcement of network
Webfleet is operating approximately 50 HP
segregation using industry standard firewall
ProCurve switches per data centre with redundant
and Access Control List (ACL) technology
connections to each server (bonding) and
• Systematic management of network additional separated connections for Backup
firewalls and ACL rules that employs change and Management on dedicated switches. All
management, peer review, and automated connections take advantage of Gigabit technology
testing to provide optimal performance and almost no
•R
 estricting access to networked devices to noticeable network latency.
authorised personnel

16
Logically separated • Restrictive rules and policies

network environments • Daily reporting and regular audits

Webfleet ensures optimal protection against • Real-time monitoring and notifications

external and internal threats to our informational
• Different firewall vendors
assets. This is accomplished by separating the
networks, for example the Demilitarized Zone •T
 riple level protection against email threats
(DMZ), development, testing, production, and (viruses, SPAM, etc.)
office environments with Role Based Access
Control (RBAC), and deploying multiple Next-
Generation Firewall (NGFW) clusters for
separating the different zones:

• M ulti-tier architecture with firewall clusters System monitoring

to separate the network zones Webfleet operates a redundant and distributed
• Next-Generation firewalls (multiple active/ monitoring system to monitor all of our physical
active clusters per data centre) and virtual hosts and services. In addition to
technical monitoring solutions, we have also
 hreat and Intrusion Prevention
-T
incorporated checks within our system to enable
Systems (IPS)
us to achieve a near-replica of the user experience
• Application level firewall providing in regards to processing or http-response times.
protection against:
In addition, external monitoring is in place from
- Layer 7 DoS and DDoS multiple international locations to assist with
- Brute force the real-time identification of any connectivity
- Cross-Site scripting (XSS) or availability issues when reaching Webfleet’
services such as internet peering issues. This
- Cross-site request forgery
monitoring is measuring our services from a
- SQL injection
customer point of view such as with the login
- Web scraping to the User Interface and provides regular SLA
- Parameter and HPP tampering reporting for internal management of the services.
- Sensitive data leakage Additionally, the Webfleet operations team will be
notified through multiple communication channels
- Session hi-jacking
if any issues are detected
- Buffer overflows
- Cookie manipulation Webfleet maintains access logs for our web
and application servers related to the Service
- Various encoding attacks
Platform for up to ninety (90) days on our secure
- Broken access control
log servers. This allows customers may view user
- Forceful browsing sessions for up to ninety (90) days. The storage
- Hidden fields manipulation times may vary depending on local legislation.
- Request smuggling
- XML bombs/DoS

17
Monitoring Malware prevention
Webfleet’ security monitoring programme is Malware poses a significant risk to today’s IT
focused on information gathered from internal environments. An effective malware attack can
network traffic, employee actions on systems, lead to compromised accounts, data theft, and
and outside knowledge of vulnerabilities. At possibly additional undesired access to a network.
many points across our network, internal traffic Webfleet takes these threats to its networks and
is inspected for suspicious behaviour, such as its customers very seriously and uses a variety
the presence of traffic that might indicate botnet of methods to prevent, detect, and eradicate
connections. This analysis is performed using a malware.
combination of open source and commercial tools
Webfleet deploys Next-Generation Firewalls
for traffic capture and parsing.
(NGFW) and Intrusion Prevention Systems (IPS)
A proprietary correlation system built on top of to assist us in the prevention of malware and other
Webfleet technology also supports this analysis. anti-virus related scans. Our operations teams
Network analysis is supplemented by examining have been trained to deal with any security events
system logs to identify unusual behaviour, such which our systems detect, and require an incident
as unexpected activity in former employees’ response. We invest highly in this area to reduce
accounts or attempted access of customer data. our operational risks and the risk of data breaches
Webfleet security engineers look proactively for with our customers important data.
security incidents that might affect the company’s
All Service Platform production systems which
infrastructure. They actively review inbound
are protected from internal and external access
security reports and monitor public mailing lists,
provide built-in virus protection. The signatures
blog posts, and web bulletin board systems.
are updated daily and provided by the various
Automated network analysis helps determine
vendors. Some non-windows servers do not have
when an unknown threat may exist and escalate
anti-virus installed due to their high performance
these to Webfleet security staff, and network
demands, yet these systems have been hardened
analysis is supplemented by automated analysis of
using industry best practices and are verified
system logs.
using the Center for Internet Security (CIS)
benchmarking tools and other additional controls
which are not allowed to be shared outside of the
organisation, yet provide an extensive amount of
security protection.

All windows based servers and workstations

perform hourly checks for new signatures and
updates which are installed immediately and
automatically.

18
10 COMMUNICATIONS SECURITY

GPRS-connections
The Webfleet units, LINK (LINK 105 excluded)
and PRO devices, are connected via GPRS to
our infrastructure. The connections to the GSM-
providers are based on VPN and provide either a
256 or 128 bit encryption. The VPN connections
take advantage of the multi-homing configuration
supporting high availability with an automatic
failover. An example is the case of an outage to
the uplink.

For the messaging servers where these units are

connecting to, we are running several dedicated
and high performance servers in each data
centre which can handle a full load without our
customers noticing a performance impact. All
messages and data are distributed using our
hardware load balancer clusters to maintain
performance and ensure availability.

Service Platform information

flow
Real-time fleet geo-location:
Webfleet provides a LINK tracking unit for some
of its solution packages which are fitted into
every vehicle within the fleet. The unit uses GPS
satellite technology to establish its location
every 10 seconds on average and then sends the
coordinates of its location using GPRS to the
secure Webfleet servers in Germany once every
minute which in turn plot this position against the
latest maps for viewing within Webfleet.

19
 Satellite
GPRS providor VPN tunnel
network Internet

VPN tunnel

GPRS position

GPRS
proprietary binary
protocol

Webfleet data centres

(Germany / EU)

Using this method, the customer is able to view Redundant Uplink Router (BGP4)
all of their vehicles on the screen at one time as Redundant Virtual
an overview, and they will also have the ability to Private Network (VPN)
drill down to an individual vehicle at street level
via the simple map control tools or mouse. To see Next-Generation Firewall Cluster
more detail of the vehicle and its location, a user
Service Platform Messaging
must simply increase the zoom level within the Loadbalancer-Cluster
application.
User interface & Webfleet.connect
API Loadbalancer-Cluster

Firewall Cluster

Message processing
The core message processing contains more
than 20 high-end servers, which are consuming
GPRS Servers
the messages from the JMS systems, processing
them and storing the data into a highly-available
Inbound Queue
Enterprise Edition database system.

On each messaging server, a locally running map Messaging Balancers

server is responsible for handling the reverse
geocoding which converts the longitude and Messaging Dispatchers
latitude to an existing address and enables our
customers to have the freshest Webfleet map
data.

The messaging servers including the JMS servers Enterprise Level Database

consist of more than 30 high performance servers

in each data centre and are able to handle a
full load continuously without experiencing
processing delays or performance impacts to
our customers.

20
Internet connectivity The hardware based load balancer infrastructure
is a proven solution from the global market leader
Webfleet operates multiple broadband internet for load balancing systems.
uplinks from different vendors.
This solution provides advanced features and
The internet uplinks for platform services are performance for load balancing such as:
physically separated from the uplinks to the
•U
 p to 10 Gbit/s L4/L7 Intelligent Traffic
internet for office use (web browsing, email
Throughput (per cluster node)
etc.) reducing any possible risk of impacts or
dependencies to performance or security. •M
 ore than 10 million concurrent connections at
1GB (per cluster node)
The redundant internet uplinks for the Service
Platform are implemented as a multihoming •M
 aximum SSL of 9,000 TPS (2k keys) for new
solution having a provider aggregated Address connections (per cluster node)
Space (AS).
•A
 pplication health knowledge
The benefit of having such a setup are the - health checks performed at the L7 Application
multiple internet uplinks from different vendors/ level and automatically disables any non-
ISPs, which use/route the same IP address healthy servers in the pool
range over all existing uplinks. This provides
additional security and reduces the risk from •R
 eal time fault detection for failing servers
physical problems with the ISP connections or providing IT Admins with detailed event
having the network as a potential single point of information for fault correction
failure, but also from ISP-wide failures and nearly
•F
 ast cache
all types of configuration problems that might
- Performance acceleration
affect just a single ISP. If one uplink should fail, an
automatic failover to one of the other uplinks is •A
 dvanced hardware compression
performed based on dynamic routing with BGP4 - Improves performance and reduces transfer
protocol. Failback works similarly and is also fully volume
automated.
• SSL hardware acceleration

Load balancing The implemented architecture allows Webfleet

Webfleet operates multiple load balancer clusters to quickly enhance our operating capacity and
per data centre, which is a standard networking prevent any future resource limitations at an
method for distributing workloads across multiple early stage through a combination of world-
computing resources. Additionally, the setup class hardware and our capacity management
separates load balancing environments from programme and our detailed monitoring
customer facing systems such as the website, UI capabilities before our customers experience any
and Service Platform APIs, and from messaging performance issues.
related systems for maximum performance and
availability and assists with removing possible
intersystem dependencies.

21
11 SYSTEM ACQUISITION, DEVELOPMENT AND MAINTENANCE

It is Webfleet’ policy to consider the security For the secure software development life
properties and implications of applications, cycle (SDLC), Webfleet has implemented a
systems, and services used or provided by methodology aligned with the secure coding
Webfleet throughout the entire project life cycle. guidance which brings the advantages of many
Webfleet’ security policies calls for teams and of the industry standard methodologies together,
individuals to implement appropriate security and developed a Project Creation Framework
measures in applications, systems, and services (PCF) which covers the major parts from the
which are developed or acquired, aligned with SDLC and other methodologies such as Waterfall
any identified security risks and concerns. The and Agile Software Development. These are used
policy states that Webfleet maintains a security for developing our platform and operating reliable
team chartered with providing security-related software with a focus on quality, integrity, security
guidance and risk assessment. Webfleet employs and reusability combined with customer demands
a variety of measures to ensure that the software and reasonable time to market as a competitive
products and services Webfleet offers to its advantage.
customers meets the highest industry standards
In regards to releases, Webfleet always focuses on
of software security. This section outlines
separating feature releases from bug fix releases.
Webfleet’ current approach to software security; it
All releases are integration and functionally tested
may adapt and evolve in the future.
by our dedicated QA testing team as well as load
tested to measure performance.

For our customer facing systems, we incorporate

Service Platform Secure the world class load testing tool Neoload to
Software Development Life generate a higher load than we experience in our
Cycle production environment with detailed monitoring
applied to all layers in order to evaluate any
Webfleet maintains as part of its service impacts to any involved components such as web
management portfolio, a change management servers, J2EE servers, or the database back-end.
programme following the best practices of
ITIL and ISO-20000. These processes are used
throughout the development and operations
landscape to ensure that not only our products
are planned, designed, tested, approved,
and implemented, but also all of our internal
operations hardware and software as well
as documentation related to the information
management system is controlled through
risk management, version control, change Engineering Completed Quality Deployment
development assurance
management and separated environments.
Software Static Dynamic Deployment and
design inspection analysis of the stabilisation of
analysis of code application the application

22
For bug fix releases, each bug is classified based Webfleet recognises that many classes of security
on customer/business impact and urgency and concerns arise at the product design level and
depending upon that classification, determines therefore must be taken into consideration and
how we will build and test a release for example addressed in the design phase of a product or
as an emergency change or adding to a normally service. Ensuring that such considerations are
scheduled bug fix version. All bugs reported taken into account is the primary purpose of
from customer as well as internally reported the product control framework which has the
for example from QA are logged and tracked following objectives:
accordingly.
•P
 rovide a high-level evaluation of the security
Our release frequency is aligned with a monthly risks associated with the project, based on an
release cycle for many components as we are exploration of relevant threats
adopting continuous delivery as a method
 quip the project’s decision makers with
•E
of controlling our development cycle and
the information necessary to make informed
maintaining risk.
risk management decisions and integrate
Due to our proven infrastructure including consideration of security into project
hardware load balancers, new releases can be objectives
deployed to our production environment with
•P
 rovide guidance on the choice and correct
little or no customer impact.
implementation of planned security controls,
authentication protocols or encryption

•H
 elp ensure that the development team is
adequately educated with regard to relevant
Security consulting classes of vulnerabilities, attack patterns, and
and review appropriate mitigation strategies

With regards to the design, development,

deployment and operation of applications and
In cases where projects involve innovative features
services, the Webfleet product and engineering
or technologies, it is the responsibility of the
teams provide the following primary categories of
information security team to research and explore
services in respect to secure coding.
security threats, potential attack patterns, and
•S
 ecurity design reviews — design-level technology-specific vulnerability classes related to
evaluations of project security risks and such features and technologies.
corresponding mitigating controls, as well as
Where appropriate, Webfleet contracts with third
their appropriateness and effectiveness
party security consulting firms to complement our
• I mplement security reviews — implementation existing information security skill set and to obtain
level evaluation of code artefacts to assess independent third party review to validate in-
their robustness against relevant security house security reviews.
threats

23
Security in the context The above mandates embody Webfleet’ software
engineering culture, where key objectives include
of Webfleet’s software software quality, robustness, and maintainability.
development life-cycle While the primary goal of these mandates is to
foster the creation of software artefacts that excel
Security is at the core of our design and
in all aspects of software quality, the Webfleet
development process. Webfleet’ engineering
engineering and security team’s experience also
organisation requires that product development
suggests that they represent significant and
teams follow a specific software development
scalable drivers toward reducing the incidence of
process which is part of the historical culture
security flaws and defects in software design:
of Webfleet and its software design success.
Webfleet’ security review processes are adapted •T
 he existence of adequately detailed design
to work within the product control framework. documentation is a prerequisite of the security
The success of this process relies upon Webfleet’ design review process, since in early project
quality-driven engineering culture and a few stages it is generally the only available artefact
requirements defined by engineering management on which to base security evaluations
for project development processes:
•M
 any, if not most, classes of implementation-
• Peer-reviewed design documentation level security vulnerabilities are fundamentally
no different from low-risk, common
• Adherence to coding style guidelines
functional defects. Most implementation-level
• Peer code review vulnerabilities are caused by fairly straight-
forward oversights on the developer’s part
• Multi-layered security testing
 iven developers and code reviewers who
•G
• OWASP Top 10 and SANS Top 25 Static are educated with respect to applicable
Code Review vulnerability patterns and their avoidance, a
peer review-based development culture that
emphasises the creation of high-quality code is
a very significant and scalable driver towards a
secure code base

Webfleet software engineers collaborate

with other engineers across Webfleet on the
development and vetting of reusable components
designed and implemented to help software
projects avoid certain classes of vulnerabilities.
Examples include database access layers designed
to be inherently robust against query-language
injection vulnerabilities or HTML template
frameworks with built-in defences against cross-
site scripting vulnerabilities.

24
Security education Implementation-level security
Recognising the importance of an engineering testing and review
work force that is educated with respect to secure Webfleet employs a number of approaches to
coding practices, the Webfleet security team further reduce the incidence of implementation-
maintains an engineering outreach and education level security vulnerabilities in its products and
programme that currently includes: services:

• Security training for all new employees, • I mplementation-level security reviews:

especially engineering and operations teams Conducted by members of the Webfleet
security team, typically in later stages of
 he creation and maintenance of extensive
•T
product development, implementation level
documentation on secure design and coding
security reviews aim to validate that a software
practices
artefact has indeed been developed to be
• Targeted, context-sensitive references to robust against relevant security threats. Such
documentation and training material. reviews typically consist of a re-evaluation of
For example, automated vulnerability testing threatsand countermeasures identified during
tools provide engineers with references to security reviews
training and background documentation
•A
 utomated testing for flaws in certain relevant
related to specific bugs or classes of bugs
vulnerability classes. We use both in-house
flagged by testing tools
developed tools and some commercially
• Technical presentations on security-related available tools for this testing
topics
•S
 ecurity testing performed by software quality
• Corporate security workshop, a recurring engineers in the context of the project’s overall
internal conference that brings together software quality assessment and testing efforts
engineers from various teams at Webfleet who
work in security-related fields and that offers
in-depth technical presentations on security
topics to our engineering teams

25
System hardening Webfleet performs vulnerability checks against
all systems on a regular basis and should any
Hardened in-house from the ground up, Webfleet’ gaps be detected, an incident is raised for our
production servers are based on a stripped patch management team and corresponding
and hardened version of Linux that has been change management procedures are followed
customised to include only the components for scheduling the package either for the
necessary to run the Service Platform, such as next scheduled maintenance cycle or through
those services required for administering the emergency change procedures to patch security
system and serving user traffic. The system is risks.
designed for Webfleet to be able to maintain
Webfleet also maintains relationships and
control over the entire hardware and software
interfaces with members of the security research
stack and to help provide a secure application
community to track reported issues and Common
environment.
Vulnerabilities and Exposures (CVE).
Webfleet’ production servers are built on a
standard Linux operating system (OS), hardened
based on industry standard controls, and security
fixes are uniformly deployed to the company’s
entire infrastructure. Using a robust change Penetration testing
management system to provide a centralised
mechanism for registering, approving, and Webfleet performs regular penetration testing
tracking changes that impact all systems, both internally and externally to fulfil the
Webfleet minimises the risks associated with requirements of the ISO 27001 standard and to
making unauthorised modifications to our prove that standard changes do not create any
standard installed OS. unknown security access which has not been
requested. Internally we perform network scans
on a daily basis with full vulnerability scans weekly
to ensure that we are alerted to any vulnerability
in real time.

Vulnerability/patch We also work with our external security expert

management vendors whom perform regular external audits of
our systems which includes black and grey box
Webfleet maintains all of its information assets
testing for our externally facing systems.
through our extensive patch management policy
for security and virus patches. Security patches
for Linux, JDK or other components are installed
first in a test environment before being rolled out
to our production environment. This means that
patches are functionally tested by our QA teams
and load tested as well to ensure that security and
performance are measured.

26
12 SUPPLIER RELATIONSHIPS

Security in supplier relationships Supplier service delivery

Webfleet invests heavily in protecting its internal In addition to establishing background checks and
informational systems, yet our risk analysis advises identifying risks with our suppliers, we actively
that we must also be aware of the security levels perform regular reviews of the our agreed services
on the perimeter of our management system. which are delivered to us, especially in response to
Therefore, we take care to perform security risk the agreed security agreements in place in order
analysis on our potential suppliers in order to to establish and control that the selected controls
establish the level of risk which we need to manage in place are adequate to maintain a secure
on the boundaries of our system. perimeter for all of our informational assets and
When possible, we select vendors who also your data.
have been certified against the ISO 27001 or These regular reviews are also independently
similar management systems, or who have been audited during our regular ISO 27001 certification
determined to have sufficient security controls in audits to maintain that these are aligned with best
place to not increase our risk or risk appetite. practice, and our determined risk acceptance.
We also actively monitor our suppliers so that we
are notified of any changes in their security profiles
which in turn has a potential effect on our level of
protection, and our ability to manage our risks.

13 INFORMATION SECURITY INCIDENT MANAGEMENT

Identify, analyse, correct To help ensure the swift resolution of security

incidents, the Webfleet security team is available to
Webfleet has an incident management all employees. When an information security incident
process for security events that may affect the occurs, Webfleet’s security team responds by logging
confidentiality, integrity, or availability of our and prioritising the incident according to its severity.
systems or data. This process specifies courses Events that directly impact customers are treated with
of action, procedures for notification, escalation, the highest priority. An individual or team is dedicated
mitigation, and documentation. Key personnel to remediating the problem and enlisting the help of
are trained in forensics and handling evidence product and subject experts as appropriate. Other
in preparation for an event, including the use responsibilities are deferred until the issue is resolved.
of third party and proprietary tools. Testing Webfleet security engineers conduct Post Incident
of incident response plans is performed for Reviews (PIR) when necessary to determine the root
key areas, such as systems that store sensitive cause for single events, trends spanning multiple events
customer information. These tests take into over time, and to develop new strategies to help prevent
consideration a variety of scenarios, including reoccurrence of similar incidents.
insider threats and software vulnerabilities.

27
14 INFORMATION SECURITY ASPECTS OF BUSINESS
CONTINUITY MANAGEMENT

Webfleet operates its Service Platform and its In addition to the redundancy of data and
services aligned with the ISO 27001 standard separately located data centres, Webfleet also
which encompasses the incorporation of a maintains a business and information security
disaster recovery plan for various contingencies. continuity plan for its technology headquarters
We perform regularly audits and tests of our in Leipzig, Germany. This plan accounts for major
systems to ensure that any recovery activities are disasters, such as a natural disaster or a public
successful and efficient to re-store services to our health crisis, and it assumes people and services
customers. may be unavailable for up to thirty (30) days. This
plan is designed to enable continued operations
Due to our active/active data centre configuration,
of our services for our customers. We conduct
the probability of a major disaster affecting both
regular testing of our disaster recovery plan.
data centres has been determined by our risk
management team to be very unlikely, although
disaster recovery plans have been created to
cover such events regard-less of likelihood.

To minimise service interruption due to hardware High availability

failure, natural disaster, or other catastrophes,
Webfleet Telematics Service Platform is based
Webfleet implements a disaster recovery
on a distributed and scalable architecture with
programme at all of its data centres. This
multiple redundancies, load balancing and clusters
programme includes multiple components to
to support capacity management for a maximum
minimise the risk of any single point of failure,
of scalability and high availability.
including the following:
The production environment currently has the
•D
 ata replication and backup: To help ensure
following capacities:
availability in the event of a disaster, platform
data is replicated to multiple systems within a •M
 ore than 100 up-to-date multicore servers
data centre, and also replicated to a secondary containing (gross capacity)
data centre - > 50 Terabytes of local disc storage
- > 140 multi core CPUs
•W
 ebfleet operates a geographically distributed
- > 4 Terabytes of RAM
set of data centres that is designed to maintain
service continuity in the event of a disaster or •6
 Fibre Channel Network Storages (SAN)
other incident in a single region. High-speed - Approx. 200 Terabytes gross capacity
connections between the data centres help
ensure swift failover. Management of the data
centres is also distributed to provide location-
independent, around-the-clock coverage, and
system administration

28
In addition to the production environment,
Database back-end data
Webfleet operates fully separated and
redundant development, stage and pre-
protection
production environments to provide for an Webfleet operates a highly-available Enterprise
optimal configuration for developing and testing level database backend which runs on high
of our world class Platform solution to ensure performance server and SAN hardware.
the maximum quality and performance, with
approximately another fifty (50) servers which are This configuration is implemented at each of our
dedicated to these environments. data centres for our database servers, redundant
SAN switches and SAN storage using our
enterprise level backup solution to provide our
customers with the highest level of availability.
Each release is functionally tested by a dedicated
team of quality assurance experts including, but Platform data as well as all confidential data are
not limited to static code analysis, regression stored within the database, which is the leading
testing, and load testing using bleeding edge enterprise class database with industry leading
simulation software. This allows for the forecasting performance, security, reliability and scalability.
of workloads which deviate from that which is Additionally, all database storage on our Storage
currently experienced within the production Area Network (SAN) is secured with RAID-
environment. This and other combined efforts protection.
assist us to ensure that our service platform
remains performant and stable under all loads
and that our code is tested against known
vulnerabilities and approved through our change
management processes before being deployed to Enterprise Level Database Backup Solution
production.

Primary Standby
Database Database
Redo
Transport

Server data protection

All servers are running with disk mirroring enabled ENTERPRISE
DATABASE
using RAID-1, RAID-5, or RAID-10 in order to NETWORK

prevent data loss in the event that a hard disk

should fail. All-important data including log or
configuration files are backed up daily to our
secure network storage in addition to our tape
Enterprise level Enterprise level
backup systems. For network storage, these files HA Database HA Database
are stored for ninety (90) days to tape without (Mirror)

limitation for monthly backups based on our

secure backup policies.

29
To ensure high availability of our database back-
Data protection and backup
end, we operate a managed standby within
our second data centre. This also enables us to
security
have a minimum impact in case of a scheduled Webfleet ensures that the risk of data loss or data
maintenance on our database back-end or data corruption of our customers’ data is managed
centre infrastructure of Webfleet. All transactions to an absolute minimal risk level for issues which
from our Master database are immediately may be caused by technical issues or human
synchronised and committed to our managed error. Webfleet has implemented state-of-the-
standby. This setup allows us to conduct a fast art hardware and software including a battery of
(automatic and/or forced) failover which is controls to ensure the maximum level of protection
performed automatically or forced to the standby to customer data and informational assets. Various
controls have been implemented within the
system with minimal customer impact.
architecture of the Service Platform to support our
The managed standby system located in our information security strategy and compliance to
second data centre runs on a similar dedicated regulations.
server and SAN storage as is in the primary data For example:
centre and the identical security controls provide
protection within both locations. • Two-step verification

Daily full backups of the database including the •C

 ustomer determined Password length and
transaction logs are stored on network storage strength
(NAS) and redundantly to tape (B2D2T).
• Secure browsing connections (HTTPS)
By having full backups of our data including
the transaction logs, it is possible to perform a
point in time recovery. Using these recovery sets,
we perform a monthly restore test of the data
to ensure its integrity. On our NAS, we archive
backups from the past seven (7) days while tape
backups are archived for a longer period based on
our backup policy.

Secure off-site backup

tape storage
Webfleet stores our secure backup tapes in a high
security offsite location provided by our security
vendor who provides a regular pickup and
delivery service approximately 40 kilometres away
from the Webfleet location in Germany.

30
15 COMPLIANCE AND DATA PRIVACY

Legal information relevant privacy legislation, and our internal

policies. Webfleet maintains several physical,
access process electronic and procedural controls for example:
Webfleet follows standard legal processes in
responding to third party requests for user
information. Information can only be obtained Maximum security and integrity
by third parties through legal processes such
•Y
 our data is in safe hands. We use proven
as search warrants, court orders, subpoenas,
security measures to safeguard your valuable
through a statutory exemption, or through user
data, so you can be confident that it’s isolated
consent. Upon receipt of a request for information
and secure. All confidential data is stored
disclosure, Webfleet’ legal team reviews the
within our secure data centres located in
request for compliance with applicable law.
Germany to provide the maximum level of
Any data such as telemetry or location data
protection
is protected under data privacy laws and
regulations, and we enforce the requirement that  ext-Generation Firewalls (NGFW) and other
•N
no data is provided to any third parties unless it is security investments for protection against
mandated by law. All data is stored and processed external and internal data breaches including
within the European Union in regards to legal data monitoring
privacy regulations, and protects our international
customer data. •U
 nique Platform user credentials or customer
logins which are stored with the highest level
of encryption in our secure data centres

•H
 ighest Standard Extended Validation SSL
Encryption for data transfer and digital
Data Privacy certificates to authenticate that users are
Webfleet is committed to protecting its transacting with Webfleet
customers’ data and any further informational •R
 egular internal and external audits of our
assets with the highest security controls available. information management systems, data
To provide our tracking and tracing services, centres, and our data privacy processes
we need to collect and maintain numerous
amounts of confidential data based on regulated •E
 mployee access to Personally Identifiable
data privacy regulations for each of the various Information (PII) must be formally approved
collection methods which are regularly reviewed through our change management processes,
by our data privacy officer and an internationally and those who are authorised to process
accredited auditing body during certification data are under employee agreement which
audits. In order to meet and exceed the data is aligned with the requirements of the EU
privacy expectations of our customers and the GDRP and relevant privacy legislation for the
legal regulations such as the EU GDPR, other assurance of confidentiality

31
Protecting driver privacy Data deletion
1. Safe data After a Webfleet user or administrator deletes

Webfleet can only be accessed with a information within their account, the data in
registered account name, user name and question is removed and no longer accessible
password from that user’s Webfleet interface. The data is
then dereferenced and will be overwritten on
2. You
 decide who sees what
With Webfleet, you can restrict the information the Webfleet back-end with other customer data
each user can access on a ‘need to know’ basis over time. No customer data will be retrievable
by a different customer should that previously
3. Drivers control their own privacy allocated space be dereferenced and has been
Once they’re off-duty, drivers can switch to determined by our data protection officer to not
private mode on their Webfleet devices so the pose a risk to our customers.
vehicle’s location can’t be tracked

4. We put your drivers first, just like you

All of our solutions are driver-centric, so you Furthermore, data privacy is part of the legal
can reassure your drivers that they’ll be the compliance of the ISO 27001 standard and the
first to feel the benefit of your investment in Webfleet Group.
Webfleet

The Platform environments are completely

separated from other systems or environments, Data retention schedule
such as the office or development environments,
and access to productive servers is strictly limited Webfleet uses the following schedule for its data
to the Webfleet IT admins, and protected by retention. This is important information that most
multiple firewall layers using different vendors/and work councils or data protection officers will be
or platforms. Any access is securely logged and interested in when reviewing the Service Platform.
archived for supporting forensics procedures.

32
 Webfleet Telematics Service Platform
Previous ninety (90) days: all detailed data including precise
position data tracks

Webfleet Dashboard & Reporting

Current year plus previous two (2) calendar years: logbook,
dashboard and reporting

Webfleet.connect API
Previous ninety (90) days: all detailed data including precise
position data tracks

Webfleet.connect – API – Message Queue Service

Previous two (2) days: messages acknowledged, Previous 14
days: messages not acknowledged. Data is only stored if the
customer creates a subscription for that service.

Webfleet Mobile
Previous ninety (90) days*: all detailed data including precise
position data tracks

* Retention times may differ based on specific country related regulations.

Digital Trust / Contact Info

Data Protection Officer For more information on on Digital Trust,
Webfleet technology is fully compliant with the Information Security and Data Protection
EU General Data Protection Regulations as well please contact:
as other global privacy legislation. Our full time [email protected]
certified Digital Trust and Data Protection Officer Alternatively you can write to:
monitors compliance and provides guidance
to the business, supported by the Digital Trust Bridgestone Mobility Solutions B.V.
Management team. Legal Dept.
Beethovenstraat 503, 1083 HK Amsterdam,
Netherlands

33
16 PLATFORM SECURITY AND COMPLIANCE FEATURES

In addition to the various security controls described previously, which Webfleet has put in place to help
protect the security and privacy of customer data, the Webfleet Telematics Service Platform provides
several additional security options that can be utilised by a customer’s administrators. We are always
working to give customers more choices when managing their security control needs.

Webfleet UI

Telematics
Service
Platform

OFFICE SOLUTIONS IN-VEHICLE & MOBILE SOLUTIONS

Web interface (UI)

and Platform APIs
Webfleet fleet management can be integrated With Webfleet fleet management, you can tap
seamlessly with your current software and into the industry’s richest set of integrated
applications, giving you a comprehensive and applications. Which means you don’t have to
fully connected fleet and workforce management transform the way you work – just improve it.
solution. This means you can access all data, from Visit our App Center to find out how you can
mobile workforce, traffic and vehicle information integrate Webfleet fleet management with your
to data from mobile devices, through your existing current solutions. Or learn more about how
systems. You can work faster, smarter and more integration works.
efficiently.
Webfleet operates for the UI and API’s several
We have a wide network of reliable and trusted dedicated and high performance servers. The
software and hardware alliance partners that have various applications are separated into different
integrated Webfleet fleet management into their zones on the server for performance and security
applications. With the help of Webfleet and our reasons.
partners, you can:
The server resources in each data centre can
• Access dozens of existing partner apps handle their full load capacity without any
noticeable performance impacts to our customers.
• Implement your solution quickly and easily All requests are load balanced using our hardware
load balancer clusters.
• Benefit from Webfleet’s world-class API –
Webfleet.connect

34
Webfleet Mobile
Additionally, the opportunities to connect to
Webfleet have expanded allowing you instant
access to the information you need to stay in
control of your entire operation, no matter if you
are trying to manage your dispersed business
from the road or in the office.

It offers the same great level of security in a

flexible package allowing you to:

• Manage on the move

• Offer better service

• Stay in control

Webfleet Mobile is available from the Google Play

Store as well as the Apple App Store.

Global leader in fleet management services:

The largest number of active subscriptions in Europe.

• EASE OF USE

• RELIABILTY

• FAST ROI

• FUTUREPROOF

35
Choose integrity. Can your organisation
Protect the environment become ISO 27001 certified
Last but not least, we would like to remind you by association?
that not only is the importance to the protection ISO 27001 covers an agreed and approved scope
of informational assets a priority for Webfleet, achieved and reviewed during the certification
but knowing that we provide you the means process. If you or your organisation are looking
with which to increase the protection of your to become certified, then having Webfleet as
informational assets, enabling you to protect your certified supplier will help you to reduce risk, and
employees‘ data, as well as the world and the may make it easier for you to become certified.
environment we live in.
If you are already certified, then having Webfleet
as a strong partner will align with your existing
information management systems, and further
reduce your operational risk.

17 CONCLUSION

Webfleet is committed to maintaining the reflected throughout the organisation, and our
highest levels of information security on its Webfleet Telematics Service Platform provides
computer systems, data centres, personnel, multiple layers of controls at each level of data
and customer data. This document has covered storage, access, and transfer.
some of the standard highlights of our security
Webfleet invests in the trust of our customers on a
implementation. Some controls however have not
daily basis. You can be assured of the value placed
been mentioned and are not made public in order
on privacy and the professional protection of the
to help maintain the highest level of security.
confidentiality, integrity, and availability of your
These controls however do not have any negative data.
impact on the protection of our customers‘ data,
nor do they violate any regulation or legislation Webfleet
within the European Union. Our strategy is www.webfleet.com

36
18 PLATFORM SERVICE LEVELS

Availability Parameters
Webfleet provides a minimum client observable According to the table below which defines
average availability of 99.95% per month. the service level parameters, unavailability
notices received by Webfleet will be answered
Unavailability in terms of this document is defined
or acknowledged within the maximum time to
as beginning with the time of notification of
respond.
Webfleet by the client and the ending with the
time when
Scheduled maintenance
• Webfleet is available again, or
• announced on the Webfleet login screen
•W
 ebfleet has provided
• Max. 4h downtime per maintenance activity
a reasonable workaround
• Max. 8h downtime per month
Unavailability caused by planned maintenance
• Notification provided at least 5 business days
work that has been announced with a notice
before scheduled maintenance
period as defined below does not contribute to
• Performed during non-business hours (business
the calculation of unavailability.
days between 22:00 – 06:00 MESZ, weekends
or public holidays)
Exceptions
Availability, reaction and recovery times are Unavailability of the Service
only valid for services and components under Unavailability of Service Platform components
the direct control of Webfleet. Therefore, the (communication and messaging, database,
following exceptions apply: application servers or other modules, developed
by and under Webfleet’ control).
•T
 elecommunications or network connection
failures (including but not limited to peering
problems at the internet backbone) Unavailability of the Infrastructure
•D
 enial-of-Service (DoS) attacks originating Unavailability of the local network infrastructure,
from the internet internet connection, firewalls, gateways, servers,
• Hacking attempts or attacks against Webfleet‘ or other critical hardware and equipment.
infrastructure
• Force majeure
• Changes in applicable legislation

SLA GMT Time to respond Time to repair

Unavailability of Monday to Friday
30 Minutes 4 Hours
the service 08:00 - 17:00
Unavailability of Monday to Friday
30 Minutes 12 Hours
the infrastructure 08:00 - 17:00

37