On the path to ISO 27001 certification

At MarsBased, we have a great track record of working with big multinationals. We have worked for HP, Ford, Citadel Securities, FC Barcelona, Moody's and a few more. Luckily for us, we were fast-tracked through their procurement process because we were brought in as rescue squad, in a few cases, or because we worked for departments of innovation, with less strict policies.

We are pleased to share that MarsBased is currently in the process of obtaining the ISO 27001 certification, the international standard for information security management. Before the end of Q1 2026, we expect to complete this process and become fully certified.

ISO 27001 is a globally recognized standard that defines how organizations should manage and protect information. It focuses on safeguarding data confidentiality, integrity, and availability through structured policies, controls, and continuous risk management. In simple terms, it ensures that sensitive information is protected in a systematic, measurable, and auditable way.

Key security principles and practices

Security has always been a cornerstone in what we do: in every project, in every line of code. We have heard horror stories about IT projects gone downhill for havign weak security policies and the massive reputational scandals that followed. We, as a small company, cannot afford such a thing.

In fact, we have had a Security section and some guides on our public Handbook for years, now.

As part of this certification, several key principles and practices are formally defined and enforced:

• Least privilege access policy: Employees can only access the minimum amount of data required to perform their job. This reduces risk and limits exposure.
• Vendor risk assessment: All third-party vendors are evaluated through structured risk assessments to ensure they meet our security standards.
• Employee security controls: We audit how our teams use internal tools, including mandatory two-factor authentication, secure device configurations, encryption, and access monitoring.
• Network protection: Strong technical safeguards are in place, such as VPN usage, firewall protections, and secure network configurations.
• Formal security processes: ISO 27001 requires documented processes for requesting access approvals, submitting risk evaluation forms, reporting incidents, and notifying data breaches or security issues in a controlled and timely manner.

Formalizing our commitment to security

It is important to note that most of these practices were already part of how we work. In fact, around 90% of the ISO 27001 requirements were already implemented across the company. The certification process allows us to formalize, document, and externally validate these efforts, turning good practices into a recognized standard.

We have traditionally worked with organizations that place a very high value on security, privacy, and data protection. From B2B scale-ups to global corporations requiring complex access policies, working through strict VPN + VDI setups and more.

Achieving ISO 27001 certification will allow us to expand our portfolio even further and work with larger, more complex, and more demanding projects. It represents a significant step forward for our company and for the trust our clients place in us.