LOGBOOK

HELP

Quiz Entry - updated: 2026.07.05

What overall approach does an ISMS take, and why is it described as never "finished"?

An ISMS follows a continuous-improvement (PDCA-style Plan-Do-Check-Act) cycle, treating information security as an ongoing program rather than a one-time project.

The PDCA loop driving an ISMS — Plan, Do, Check, Act.

* The ISMS PDCA loop: Plan, Do, Check, Act — continuously raising the security level, never finished. *

The stated approach is the continuous improvement of information security — visualized as a PDCA loop (Plan → Do → Check → Act) spinning around the ISMS. Threats, regulations and the business change constantly, so controls must be re-assessed and refined on every turn of the cycle. This is why an ISMS is governance and process, not a product: you never "finish" securing an organization, you keep raising the level.

Go deeper:

From Quiz: ISM / Praktische Anwendung | Updated: Jul 05, 2026