ACA Group is officially ISO 27001 compliant. For our customers, this certification is more than a formal milestone: it is clear, independent proof that information security is embedded in how we design, build and deliver software. Information Security Manager Simon Vercruysse explains what ISO 27001 entails and what the benefits are for your (future) projects.
Security Manager Simon Vercruysse proudly holding our ISO 27001 certificate. 🎉
ISO/IEC 27001:2022 is the international standard for information security management. It provides a structured framework to help organizations:
In short, ISO 27001 ensures that information security is not ad hoc, but systematic, documented, and auditable.
New to the standard or looking for a clear explanation to share internally? In the video below, ISO explains what ISO 27001 is, how the framework works in practice, and answers frequently asked questions. Click on the image to open the video. 👇
When it comes to our line of work, this standard prescribes how we can optimally secure our services, applications, and tools. Both for our customers and for ourselves. From excluding cyber security threats to processing data correctly.
“The certificate is tangible proof that we don't just say we work safely, but that we can also show it. ISO 27001 is a quality mark”, Simon begins.
“For our customers, this gives them the peace of mind that their data and the software we build for them are in safe hands. It also proves that we are compliant with the guidelines imposed by NIS2.”
Concretely, this means:
It also confirms that ACA aligns with NIS2 requirements, which are increasingly important for organisations operating in Belgium and across the EU.
Over the past few years, ACA has continuously invested in information security. The ISO 27001 certification process pushed this even further, resulting in refined and formalised processes across the organisation.
“The audit was very successful,” Simon explains. “The auditor even congratulated us on the maturity of our security approach, something he rarely sees during an initial audit. That recognition reflects the commitment and hard work of our teams.”
For our customers, this external validation provides objective assurance that ACA’s security practices meet internationally recognised standards.
“An ISO certification is a work in progress: every year, an auditor will come in to make sure our way of working is still compliant. So that will remain a point of attention for us. In addition to this specific certificate, we always want to keep improving.”
Two initiatives illustrate this approach:
This ensures that information security is embedded both centrally and locally throughout the organisation.
Security regulations are evolving rapidly. To help customers stay informed and prepared, ACA actively shares knowledge and insights.
“Recently, we hosted a webinar on the Cyber Resilience Act,” Simon says. “Regulations like NIS2 and CRA are complex. Our role is to make them understandable and actionable, so our customers can set the right priorities.”
Whether you are:
We would love to help you. Get in touch!