The PDCA Cycle
The ISO 27001 adopts the process model “Plan-Do-Check-Act” (PDCA) which is applied to the structure of all the processes in ISMS.
Plan (establishing the ISMS): Establish the policy, the ISMS objectives, processes and procedures related to risk management and the improvement of information security to provide results in line with the global policies and objectives of the organization.
Do (implementing and workings of the ISMS): Implement and exploit the ISMS policy, controls, processes and procedures.
Check (monitoring and review of the ISMS): Assess and, if applicable, measure the performances of the processes against the policy, objectives and practical experience and report results to management for review.
Act (update and improvement of the ISMS): Undertake corrective and preventive actions, on the basis of the results of the ISMS internal audit and management review, or other relevant information to continually improve the said system.
Read more about this topic: ISO/IEC 27001
Famous quotes containing the word cycle:
“The cycle of the machine is now coming to an end. Man has learned much in the hard discipline and the shrewd, unflinching grasp of practical possibilities that the machine has provided in the last three centuries: but we can no more continue to live in the world of the machine than we could live successfully on the barren surface of the moon.”
—Lewis Mumford (1895–1990)