Information Security Policy

carVertical is committed to the secure handling of the data of our clients, partners, and employees. This Information Security Policy (hereinafter - Policy) describes the tools and procedures the company has implemented to protect all verbal, written and electronic information received, sent, created, managed and used by cV Group from all possible threats: external, internal, intentional or accidental.

The combination of these tools and procedures constitutes the carVertical Information Security Management System (ISMS), created in compliance with official International Organization for Standardization (ISO) requirements, and holding the ISO/IEC 27001:2017 certification.

What is the scope of the ISMS?

This Policy establishes basic guidelines that all cV Group employees, contractors and other related parties doing business with cV Group undertake to comply with.

The ISMS applies to all cV Group business processes related to services provided. This covers all information technology products and related projects in the UAB “CV Group” and carVertical OÜ.

The ISMS applies to all:

  • Verbal and written information
  • Information systems
  • Computer networks
  • Physical environment
  • Virtual environment
  • Employees
  • Related parties
  • Partners
  • Contractors
  • Other persons working at cV Group
  • Persons working for third parties
  • Persons legally processing cV Group information

What is the purpose of the ISMS?

The purpose of the ISMS is to ensure the security of information assets, including client data received from various sources and third parties. Information security includes three main aspects:

  • Information confidentiality – protection of information from unauthorized disclosure.

  • Information integrity– protection of information from unauthorized or accidental change.

  • Information accessibility– ensuring that information is accessible when it is required for proper performance of cV Group activities.

The ISMS is created to ensure the security of both tangible (e.g., computer and communication devices, premises, etc.) and intangible (e.g., reputation, image) elements.

How is the ISMS implemented and maintained?

The implementation of cV Group information security requirements is ensured and managed through consistent planning, implementation, evaluation and improvement of the ISMS in accordance with the requirements of the standard ISO/IEC 27001 (as well as its latest versions).

To implement ISMS objectives, the following information security goals are set:


  • Ensure and manage compliance with external and internal information security requirements.
  • Ensure the resolution of information security violations and elimination of their reasons.
  • Ensure the appropriate selection and implementation of information security and processing measures.
  • Ensure the adequacy of the Business continuity management plan.


  • Perform periodic compliance assessment and eliminate identified discrepancies.
  • Implement information security incident management.
  • Perform annual risk assessments and implement the required information security measures.
  • Review ISMS documents at least once a year.
  • Periodically review and test the Business continuity management plan.