Information security problems spread rapidly from the information technology domain into the organization management one. They severely threat the information security of an organization. ISO 27001 is an international certification standard of information security management systems(ISMS). An ISO 27001 certified organization, however, doesn’t guarantee that it has superior performance for its information security management. To protect the information assets of an organization, the ISMS must keep operating effectively. A core issue regarding information security is to evaluate and implove the effectiveness of the ISMS. This study applies the method of case study to realize the requirements and statues of current ISMS in National Archives Administration. Thereafter, this study employs balanced scorecard to construct a model for evaluating the performance of the ISMS for the case. The results show that this model is capable of concatenating the mission, strategies, objectives, and action plans for the ISMS. In addition, helpful critical indicators are developed to evaluate the effectiveness of the ISMS.