LOGBOOK

HELP

Quiz Entry - updated: 2026.07.14

How is an ISMS built according to ISO 27001's clause structure, mapped onto Plan-Do-Check-Act?

Clauses 4–7 are PLAN, clause 8 is DO, clause 9 is CHECK, clause 10 is ACT.

PDCA ring mapping ISO 27001 clauses — 4-7 Plan, 8 Do, 9 Check, 10 Act.

* ISO 27001 clauses 4–10 mapped onto PDCA — 4-7 Plan, 8 Do, 9 Check, 10 Act, as a closed cycle. *

PDCA Clause Content
Plan 4 Context Understanding the organization & its context, expectations of interested parties, ISMS scope
Plan 5 Leadership Leadership & commitment, the policy, organizational roles/responsibilities/authorities
Plan 6 Planning Actions to address risks and opportunities, IS objectives and plans
Plan 7 Support Resources, competence, awareness, communication, documented information
Do 8 Operation Operational planning & control, IS risk assessment, IS risk treatment
Check 9 Performance evaluation Monitoring/measurement/analysis/evaluation, internal audit, management review
Act 10 Improvement Nonconformity & corrective action, continual improvement

Tip: Memorize "4-7 Plan, 8 Do, 9 Check, 10 Act". Clauses 4–10 are the certifiable management-system requirements; the actual security controls live in Annex A (and in ISO 27002 as implementation guidance).

Go deeper:

From Quiz: ISM / Policies, Concepts & Guidelines | Updated: Jul 14, 2026