1 / 24
Other keys: show •
Space: good •
1-4: rate •
0: skip •
5: flag •
6: invert
Question
Which four phases make up the process of building an ISMS, and which classic management cycle do they follow?
Answer
Vorbereitung → Dokumente → Risikomanagement → KVP — following the Plan-Do-Check-Act cycle.
* The four ISMS build phases as a PDCA cycle — Vorbereitung → Dokumente → Risikomanagement → KVP. *
| Phase | Content |
|---|---|
| Vorbereitung (preparation) | Mandate from management, stocktaking, proposal, budget approval |
| Dokumente (documents) | InfoSec policy, issue-specific & system-specific policies, guidelines, approval & communication |
| Risikomanagement | Asset register, risk estimation, risk evaluation, risk treatment, implementation & training |
| KVP (kontinuierlicher Verbesserungsprozess — continuous improvement) | Control, sanctions, improvement, audit, report to management |
The order matters: you cannot write meaningful documents without a mandate, you cannot treat risks you haven't identified against an asset register, and without the KVP loop the whole construction decays.
Tip: KVP is the German term for what ISO calls continual improvement — the "Act" in PDCA. An ISMS is a cycle, never a finished project.
Go deeper:
Demingkreis / PDCA (Wikipedia DE) — KVP als Act im PDCA; Ursprung (Shewhart/Deming) und Einbettung in Managementnormen.
or press any other key
Note saved — thanks!