What is ISO 27001?

(source oecd.org)

The ISO 27001 standard was published in October 2005, essentially replacing the old BS7799-2 standard. It is the specification for an ISMS, an Information Security Management System. BS7799 itself was a long standing standard, first published in the nineties as a code of practice. As this matured, a second part emerged to cover management systems. It is this against which certification is granted. Today in excess of a thousand certificates are in place, across the world.

read more

What is an ISMS?

An Information Security Management System (ISMS) is a systematic approach to managing sensitive company information so that it remains secure. An ISMS encompasses people, processes and technology. 

Additionally, an ISMS will provide reasonable assurance that the confidentiality, integrity and availability of your information assets are maintained by implementing a combination of administrative and technical controls.

Finally, as with all management processes, an ISMS must stay effective and efficient in the long term, be evaluated and reviewed regularly. It is the objective of the Plan-Do-Check-Act (PDCA) model, proposed by ISO 27001, to ensure the processes of continuous improvement for the ISMS.

Why an ISMS? Information Security Management System

  • Map controls to business objectives
  • Budgetary guidance for risk needs
  • Provide assurance for compliance requests
  • Efficient security operations management

ISMS Benefits

By using an ISMS, your organization will have reasonable assurance that you are measuring and managing your information security processes in a structured
manner and that you will be able to control and hone the system to meet your specific business needs. 

How can NCA help my Organization with an ISMS?

We understand that your business is reliant on its informational assets.The informational assets of your organization help drive your competitiveness in a rapidly changing market.  Keeping these assets secure against changes in regulation, technology, and business practices is what NCA's Information Security Practice can do for you. NCA's unique methodology is designed to understand your core business processes, technology, and people.  Our differentiator is the time that we spend in getting to know your culture, as every information security management systemis different.  NCA will help you build a security program designed to provide reasonable assurance that your information assets are being protected.  NCA's Information Security Management System is based on the ISO 27001 standard and will target and address the greatest risks to your businesses critical information.


What services does NCA offer?

 Please visit our About Us page to understand what NCA does.

Which vendors do you partner with?

Please visit our Partner page to see the vendors we partner with.

Do you have better pricing than your competitors?

We leverage our industry expertise and strong vendor relationships to provide excellent value. Please contact your account representative to discuss.

How long has NCA been in business?

Please visit our History page to learn about the history of NCA.