LOGBOOK

HELP

Quiz Entry - updated: 2026.07.14

What are the four phases of the PDCA cycle as applied to an ISMS according to ISO 27001?

Plan (establish), Do (implement), Check (monitor), Act (improve) — a continuous cycle for managing and improving the ISMS.

Kreisförmiges Diagramm mit den vier Phasen Plan, Do, Check, Act.

* Der PDCA-Zyklus (Deming-Kreis): Plan – Do – Check – Act als nie endende Schleife der kontinuierlichen Verbesserung. *

Phase ISMS Activity Description
Plan Establish the ISMS Create policies, objectives, processes, and procedures relevant for risk management and information security improvement
Do Implement and operate Implement and execute the ISMS policies, controls, processes, and procedures
Check Monitor and review Assess and measure process performance against policies, objectives, and practical experience; report results to management
Act Maintain and improve Take corrective and preventive actions based on audit results and management review to continuously improve the ISMS

Important context: The PDCA cycle originates from quality management (Deming cycle). While ISO 27001:2013 no longer explicitly requires PDCA, it remains the most commonly taught approach. The key idea is that security management is never finished — it's a continuous cycle.

Input: Information security requirements and expectations from interested parties Output: Managed information security

Go deeper:

  • doc PDCA / Deming-Kreis (Wikipedia) — Hintergrund zum Plan-Do-Check-Act-Zyklus aus dem Qualitätsmanagement, den ISO 27001 für die kontinuierliche ISMS-Verbesserung übernimmt.

From Quiz: ISM / Standards & Frameworks I (ISO, BSI) | Updated: Jul 14, 2026