ISO 27001: safety at an international level

What is ISO? It is the acronym for the International Organization for Standardization, which defines standards for products, services and management systems. ISO, which has a membership of more than 160 national standards bodies, was established in London in 1947. One of the founders was the Polish Standards Committee.

There is no obligation to meet the standards set by ISO, which is an NGO and thus operates on a line between government organisations and businesses. Nonetheless, ISO’s standards are universally accepted as a testimony of high quality. One reason for this is the fact that they are established on the basis of consensus between its members.
One of the certificates MakoLab holds is the ISO 27001, meaning that our information security management system meets the requisite standards. In short, we are a trustworthy partner to international companies which set the bar extremely high when it comes to secure software production. ISO 27001 sends a clear signal that a client who works with MakoLab is a client with absolutely no need to lose sleep over the protection of their commercial secrets or respect for procedures!
That, in turn, gives rise to a responsibility which actually rests on the shoulders of each and every one of us.
But let’s begin at the beginning.
To do that, Insights talked to Włodzimierz Mrozek, the Management Board’s Personal Data Protection Proxy. When we were preparing for the ISO certification process, he was one of the people involved.

What lay behind MakoLab’s decision to apply for ISO certification?

Some years ago, we started collaborating with Toyota Financial Services (TFS). They sent us a form with a series of security requirements which basically corresponded to those for the ISO 27001 standard. We undertook to go through the certification process. Working with a consultancy firm, we compiled the relevant documents and we also underwent an audit organised by the client. That involved four auditors. They came from Brussels, Frankfurt and London and spent four days at MakoLab. In the end, we began collaborating with TFS and, at the same time, continued working towards certification.
Next, we turned to Marcin Kowalczyk, process and security expert and the head of our Compliance Unit.

What does ISO 27001 mean to us?

Operating in line with the standards of certificates like ISO is testimony to an organisation’s maturity. Companies that have been awarded certificates reach a wider group of clients. But building an organisation that functions on the basis of those standards means building the awareness of everyone within it, at every level.
Back to Włodzimierz for some more advice!

What can we all do?

It’s simple:

  • During the pandemic, we all need to work via VPN. All the time. That guarantees things like updates to our antivirus software, for example. It also means that, if there’s a problem, our IT department can react rapidly by blocking a computer or removing a file, for instance;
  • It’s also crucial not to use a company computer for private purposes or to deal with personal matters via a company e-mail account. Those prohibitions aren’t a manifestation of MakoLab’s ill will. On the contrary, they spring from the desire to protect the results of everyone’s work from unauthorised access;
  • Report security incidents. Reporting this type of incident won’t bring consequences down on anyone’s head. The information means we can look for a solution or fix a security loophole. Staff ID badges are also vital. Obviously, if someone loses theirs, it’s imperative to report it as soon as they realise. But if someone doesn’t have their badge with them, then that also needs to be reported at once. It’s a measure that protects us and it’s crucial. Otherwise, if the badge winds up in unauthorised hands, it might be used to gain access to the company;
  • Don’t talk about work-related matters relating in public places. We need to be aware of what we’re doing and where we’re doing it. It can happen that, even when we leave the building during a break, we swap observations about clients or projects with friends and acquaintances from other companies. But we have to remember this; if information like that goes further, then, in extreme circumstances, it can even result in a client terminating a contract.

Of course, these are all fundamental things that apply to all of us. They might seem trivial at times, but it most often transpires that, at some stage, we’ve all failed to comply with these rules, which are so simply, but so essential to security.
The recent scandal concerning Polish politicians’ use of private e-mail accounts for work-related matters is a case in point. Some might find it amusing, but is it really all that funny?
As Paweł Wojtunik, a former head of the Central Anti-Corruption Bureau and security expert put it in a conversation with the Wirtualna Polska (Virtual Poland) website:

Carrying out correspondence via a private e-mail account is comparable to having a loud conversation in a park. Poland hasn’t spent billions of zloty on creating a secure communications system so that the country’s most important politicians can decide not to use it.
Paweł Wojtunik, a former head of the Central Anti-Corruption Bureau and security expert
31st August 2021
4 min. read

Michał Hertel

Head of Communication


Read more Insights