LOGBOOK

HELP

Quiz Entry - updated: 2026.07.14

Which four phases make up the process of building an ISMS, and which classic management cycle do they follow?

Vorbereitung → Dokumente → Risikomanagement → KVP — following the Plan-Do-Check-Act cycle.

Four ISMS build phases as a cycle: Vorbereitung, Dokumente, Risikomanagement, KVP.

* The four ISMS build phases as a PDCA cycle — Vorbereitung → Dokumente → Risikomanagement → KVP. *

Phase Content
Vorbereitung (preparation) Mandate from management, stocktaking, proposal, budget approval
Dokumente (documents) InfoSec policy, issue-specific & system-specific policies, guidelines, approval & communication
Risikomanagement Asset register, risk estimation, risk evaluation, risk treatment, implementation & training
KVP (kontinuierlicher Verbesserungsprozess — continuous improvement) Control, sanctions, improvement, audit, report to management

The order matters: you cannot write meaningful documents without a mandate, you cannot treat risks you haven't identified against an asset register, and without the KVP loop the whole construction decays.

Tip: KVP is the German term for what ISO calls continual improvement — the "Act" in PDCA. An ISMS is a cycle, never a finished project.

Go deeper:

From Quiz: ISM / Policies, Concepts & Guidelines | Updated: Jul 14, 2026