Quiz Entry - updated: 2026.07.14
How is an ISMS built according to ISO 27001's clause structure, mapped onto Plan-Do-Check-Act?
Clauses 4–7 are PLAN, clause 8 is DO, clause 9 is CHECK, clause 10 is ACT.
* ISO 27001 clauses 4–10 mapped onto PDCA — 4-7 Plan, 8 Do, 9 Check, 10 Act, as a closed cycle. *
| PDCA | Clause | Content |
|---|---|---|
| Plan | 4 Context | Understanding the organization & its context, expectations of interested parties, ISMS scope |
| Plan | 5 Leadership | Leadership & commitment, the policy, organizational roles/responsibilities/authorities |
| Plan | 6 Planning | Actions to address risks and opportunities, IS objectives and plans |
| Plan | 7 Support | Resources, competence, awareness, communication, documented information |
| Do | 8 Operation | Operational planning & control, IS risk assessment, IS risk treatment |
| Check | 9 Performance evaluation | Monitoring/measurement/analysis/evaluation, internal audit, management review |
| Act | 10 Improvement | Nonconformity & corrective action, continual improvement |
Tip: Memorize "4-7 Plan, 8 Do, 9 Check, 10 Act". Clauses 4–10 are the certifiable management-system requirements; the actual security controls live in Annex A (and in ISO 27002 as implementation guidance).
Go deeper:
ISO/IEC 27001 (Wikipedia DE) — Aufbau und Anforderungen der Norm (Klauseln, Annex A).
Demingkreis / PDCA (Wikipedia DE) — Der PDCA-Zyklus, auf den die Klauseln 4–10 abgebildet werden.