What is ISO 27001?

Posted by Susan Sison on Jul 30, 2015 8:00:00 AM

BSI Assurance Mark ISO 27001 KEYB

 (source oecd.org)

The ISO 27001 standard was published in October 2005, essentially replacing the old BS7799-2 standard. It is the specification for an ISMS, an Information Security Management System. BS7799 itself was a long standing standard, first published in the nineties as a code of practice. As this matured, a second part emerged to cover management systems. It is this against which certification is granted. Today in excess of a thousand certificates are in place, across the world.


An Information Security Management System (ISMS) is a systematic approach to managing sensitive company information so that it remains secure. An ISMS encompasses people, processes and technology.

Additionally, an ISMS will provide reasonable assurance that the confidentiality, integrity and availability of your information assets are maintained by implementing a combination of administrative and technical controls.

Finally, as with all management processes, an ISMS must stay effective and efficient in the long term, be evaluated and reviewed regularly. It is the objective of the Plan-Do-Check-Act (PDCA) model, proposed by ISO 27001, to ensure the processes of continuous improvement for the ISMS.

Why an Information Security Management System?

  • Map controls to business objectives
  • Budgetary guidance for risk needs
  • Provide assurance for compliance requests
  • Efficient security operations management

ISMS Benefits

By using an ISMS, your organization will have reasonable assurance that you are measuring and managing your information security processes in a structured manner and that you will be able to control and hone the system to meet your specific business needs.

How can NCA help my Organization with an ISMS?

We understand that your business is reliant on its informational assets.The informational assets of your organization help drive your competitiveness in a rapidly changing market. Keeping these assets secure against changes in regulation, technology, and business practices is what NCA's Information Security Practice can do for you. NCA's unique methodology is designed to understand your core business processes, technology, and people.

Our differentiator is the time that we spend in getting to know your culture, as every information security management systemis different. NCA will help you build a security program designed to provide reasonable assurance that your information assets are being protected. NCA's Information Security Management System is based on the ISO 27001 standard and will target and address the greatest risks to your businesses critical information.


Network Computing Architects, Inc. is a premier provider of high quality sustainable and secure networking, information security solutions and unified communications. We partner with our clients to provide answers to business initiatives where leading technologies converge.

NCA achieved ISO 27001:2005 certification in December 2007 and is currently ISO 27001:2013 certified. The scope of NCA's ISMS is client confidential information within NCA Professional Services Practice.