Information Security Policy

CarTrust is committed to the secure handling of the data of our clients, partners, and employees. This Information Security Policy (hereinafter - Policy) describes the tools and procedures the company has implemented to protect all verbal, written and electronic information received, sent, created, managed and used by CarTrust Group from all possible threats: external, internal, intentional or accidental.

The combination of these tools and procedures constitutes the CarTrust Information Security Management System (ISMS), created in compliance with official International Organization for Standardization (ISO) requirements, and holding the ISO/IEC 27001:2017 certification.

What is the scope of the ISMS?

This Policy establishes basic guidelines that all CarTrust Group employees, contractors and other related parties doing business with CarTrust Group undertake to comply with.

The ISMS applies to all CarTrust Group business processes related to services provided. This covers all information technology products and related projects in the UAB “CarTrust Group” and CarTrust OÜ.

The ISMS applies to all:
  • Verbal and written information
  • Information systems
  • Computer networks
  • Physical environment
  • Virtual environment
  • Employees
  • Related parties
  • Partners
  • Contractors
  • Other persons working at CarTrust Group
  • Persons working for third parties
  • Persons legally processing CarTrust Group information

What is the purpose of the ISMS?

The purpose of the ISMS is to ensure the security of information assets, including client data received from various sources and third parties. Information security includes three main aspects:
Information confidentiality – protection of information from unauthorized disclosure.
Information integrity – protection of information from unauthorized or accidental change.
Information accessibility – ensuring that information is accessible when it is required for proper performance of CarTrust Group activities.

The ISMS is created to ensure the security of both tangible (e.g., computer and communication devices, premises, etc.) and intangible (e.g., reputation, image) elements.

How is the ISMS implemented and maintained?

The implementation of CarTrust Group information security requirements is ensured and managed through consistent planning, implementation, evaluation and improvement of the ISMS in accordance with the requirements of the standard ISO/IEC 27001 (as well as its latest versions).

To implement ISMS objectives, the following information security goals are set:

Objective

  • Ensure and manage compliance with external and internal information security requirements.
  • Ensure the resolution of information security violations and elimination of their reasons.
  • Ensure the appropriate selection and implementation of information security and processing measures.
  • Ensure the adequacy of the Business continuity management plan.

Goals

  • Perform periodic compliance assessment and eliminate identified discrepancies.
  • Implement information security incident management.
  • Perform annual risk assessments and implement the required information security measures.
  • Review ISMS documents at least once a year.
  • Periodically review and test the Business continuity management plan.

Join our newsletter

We'll keep you updated with exciting news, useful content and promotions.

You may opt out any time. For more details, review our Privacy Policy.

Contact Us

Mirage Towers - Off Waiyaki Way, Westlands, Nairobi

Reports

Opportunities

Company

PrivacyTerms & ConditionsSecurityRefund Policy

©2025 Developed byKisokolab. All rights reserved.