ISO 27001: safety at an international level

Some years ago, we started collaborating with Toyota Financial Services (TFS). They sent us a form with a series of security requirements which basically corresponded to those for the ISO 27001 standard. We undertook to go through the certification process. Working with a consultancy firm, we compiled the relevant documents and we also underwent an audit organised by the client. That involved four auditors. They came from Brussels, Frankfurt and London and spent four days at MakoLab. In the end, we began collaborating with TFS and, at the same time, continued working towards certification.
Next, we turned to Marcin Kowalczyk, process and security expert and the head of our Compliance Unit.

Operating in line with the standards of certificates like ISO is testimony to an organisation’s maturity. Companies that have been awarded certificates reach a wider group of clients. But building an organisation that functions on the basis of those standards means building the awareness of everyone within it, at every level.
Back to Włodzimierz for some more advice!

It’s simple:

• During the pandemic, we all need to work via VPN. All the time. That guarantees things like updates to our antivirus software, for example. It also means that, if there’s a problem, our IT department can react rapidly by blocking a computer or removing a file, for instance;
• It’s also crucial not to use a company computer for private purposes or to deal with personal matters via a company e-mail account. Those prohibitions aren’t a manifestation of MakoLab’s ill will. On the contrary, they spring from the desire to protect the results of everyone’s work from unauthorised access;
• Report security incidents. Reporting this type of incident won’t bring consequences down on anyone’s head. The information means we can look for a solution or fix a security loophole. Staff ID badges are also vital. Obviously, if someone loses theirs, it’s imperative to report it as soon as they realise. But if someone doesn’t have their badge with them, then that also needs to be reported at once. It’s a measure that protects us and it’s crucial. Otherwise, if the badge winds up in unauthorised hands, it might be used to gain access to the company;
• Don’t talk about work-related matters relating in public places. We need to be aware of what we’re doing and where we’re doing it. It can happen that, even when we leave the building during a break, we swap observations about clients or projects with friends and acquaintances from other companies. But we have to remember this; if information like that goes further, then, in extreme circumstances, it can even result in a client terminating a contract.

Of course, these are all fundamental things that apply to all of us. They might seem trivial at times, but it most often transpires that, at some stage, we’ve all failed to comply with these rules, which are so simply, but so essential to security.
The recent scandal concerning Polish politicians’ use of private e-mail accounts for work-related matters is a case in point. Some might find it amusing, but is it really all that funny?
As Paweł Wojtunik, a former head of the Central Anti-Corruption Bureau and security expert put it in a conversation with the Wirtualna Polska (Virtual Poland) website: