LOGBOOK

HELP

Quiz Entry - updated: 2026.07.14

What is an ISMS and what process model does it use?

An ISMS (Information Security Management System) is a systematic framework for managing information security, typically following the PDCA (Plan-Do-Check-Act) cycle.

PDCA cycle — Plan, Do, Check, Act as a closed loop driving the ISMS.

* The ISMS as a continuous PDCA loop — Plan → Do → Check → Act, then repeat. *

What an ISMS is:

An ISMS is a set of policies, processes, and controls that an organization establishes to systematically manage its information security risks. It's defined by ISO 27001 and includes:

  • Risk assessment and treatment
  • Security policies and objectives
  • Organizational roles and responsibilities
  • Controls implementation and monitoring
  • Continuous improvement

The PDCA process model:

Phase Activity Example
Plan Assess risks, define objectives, select controls Risk analysis, security policy creation
Do Implement controls and processes Deploy MFA, train staff, configure firewalls
Check Monitor, audit, review effectiveness Internal audits, incident analysis, KPI tracking
Act Improve based on findings Fix gaps, update policies, adapt to new threats

Key point: An ISMS is not a one-time project — it's a continuous cycle. Security is never "done."

Tip: ISO 27001 certification audits specifically verify that your ISMS follows this cycle and demonstrates continuous improvement.

Go deeper:

From Quiz: ISM / ISM Intro & Repetition | Updated: Jul 14, 2026