ACA is ISO 27001 certified: what this means for secure, compliant software delivery

Security Manager Simon Vercruysse proudly holding our ISO 27001 certificate. 🎉

What is ISO 27001?

ISO/IEC 27001:2022 is the international standard for information security management. It provides a structured framework to help organizations:

• protect sensitive and confidential information
• ensure data integrity and availability
• identify, manage, and reduce security risks
• continuously improve security processes

In short, ISO 27001 ensures that information security is not ad hoc, but systematic, documented, and auditable.

New to the standard or looking for a clear explanation to share internally? In the video below, ISO explains what ISO 27001 is, how the framework works in practice, and answers frequently asked questions. Click on the image to open the video. 👇

When it comes to our line of work, this standard prescribes how we can optimally secure our services, applications, and tools. Both for our customers and for ourselves. From excluding cyber security threats to processing data correctly.

What ISO 27001 means for your project

“The certificate is tangible proof that we don't just say we work safely, but that we can also show it. ISO 27001 is a quality mark”, Simon begins. 

“For our customers, this gives them the peace of mind that their data and the software we build for them are in safe hands. It also proves that we are compliant with the guidelines imposed by NIS2.”

Concretely, this means:

• your data is handled according to strict, audited security controls
• security risks are identified and mitigated from project kick-off
• compliance requirements are addressed by design, not retrofitted
• vendor risk is reduced during audits and procurement processes

It also confirms that ACA aligns with NIS2 requirements, which are increasingly important for organisations operating in Belgium and across the EU.

Independent validation by external auditors

Over the past few years, ACA has continuously invested in information security. The ISO 27001 certification process pushed this even further, resulting in refined and formalised processes across the organisation.

“The audit was very successful,” Simon explains. “The auditor even congratulated us on the maturity of our security approach, something he rarely sees during an initial audit. That recognition reflects the commitment and hard work of our teams.”

For our customers, this external validation provides objective assurance that ACA’s security practices meet internationally recognised standards.

ISO 27001 as a continuous commitment

“An ISO certification is a work in progress: every year, an auditor will come in to make sure our way of working is still compliant. So that will remain a point of attention for us. In addition to  this specific certificate, we always want to keep improving.”

Two initiatives illustrate this approach:

• Information Security Governance Committee: a central security working group, bringing together expertise across business units
• Security Champions within teams, responsible for raising awareness, taking initiative, and acting as a first point of contact

This ensures that information security is embedded both centrally and locally throughout the organisation.

Supporting customers in a complex regulatory landscape

Security regulations are evolving rapidly. To help customers stay informed and prepared, ACA actively shares knowledge and insights.

“Recently, we hosted a webinar on the Cyber Resilience Act,” Simon says. “Regulations like NIS2 and CRA are complex. Our role is to make them understandable and actionable, so our customers can set the right priorities.”

Looking for a secure, compliant IT partner?

Whether you are:

• preparing for NIS2 compliance
• selecting a software or IT services partner
• responding to security questionnaires during procurement
• or building applications that process sensitive data

We would love to help you. Get in touch!