LOGBOOK

HELP

Quiz Entry - updated: 2026.07.14

What is the PDCA cycle, and why is it the heart of every modern management system?

PDCA = Plan → Do → Check → Act. It is the continuous feedback loop that every modern management system uses to drive continuous improvement (kontinuierlicher Verbesserungsprozess, KVP).

Four-phase loop: Plan to Do to Check to Act, with Act feeding back into Plan for continuous improvement

* PDCA as a closed feedback loop — Act feeds lessons back into Plan (KVP / continuous improvement). *

Phase What happens
Plan Define objectives, identify risks, plan controls and processes
Do Implement and operate the plan
Check Monitor, measure, audit — compare to the plan
Act Fix what didn't work, raise the bar, feed lessons back into Plan

PDCA is the engine behind ISO 9001, ISO 14001, ISO 27001, BSI 200-1 and essentially every "Managementsystem nach ISO". Visualised as a spiral, each turn lifts the organisation to a higher level of maturity ("Quality Improvement over Time").

Where it came from:

  • Originally Walter Shewhart in the 1930s as a statistical quality control loop.
  • Popularised by W. Edwards Deming in post-war Japan, which is why it's sometimes called the Deming cycle.

Why this matters for security: "Sicherheit" is not a state you reach once — threats change, the organisation changes, and controls decay. Without an explicit feedback loop, a security programme drifts back into chaos within a couple of years.

Tip: ISO 27001:2022 dropped the explicit PDCA labels from the standard, but the structure (Plan ≈ clauses 4–6, Do ≈ 7–8, Check ≈ 9, Act ≈ 10) is still PDCA in disguise.

Go deeper:

  • doc PDCA (Plan-Do-Check-Act) — origin (Shewhart), Deming's Japan work, and the continuous-improvement loop behind every ISO management system.

From Quiz: ISF / ISMS & Security Standards (ISO 27k, NIST, BSI) | Updated: Jul 14, 2026