less than 1.3. The plan do check,
in this lesson, we're going to talk about one of the elements that was added to the standard all the way back in 2000 and two.
This is known as the dimming Cycle or the P. D. C. A cycle
more commonly known as the Plan Do Check Act cycle.
We're going to go over what the P. D. C. C. A. Is
why it is useful when it comes to a nice miss and part links up to the components within the eye. So 27,000 and one standard.
This is what the plan do. Check Act cycle looks like when it is mapped to D closes in the ice. Um, is
a nice miss follows an iterative cycle known as the dimming cycle.
The cycle is repeated again and again, with the ultimate goal being to continually improve.
The dimming cycle is known as a continuous quality improvement model.
The plan phase involves the definition off policies, objectives, targets, controls,
processes, procedures on performing the initial risk assessment and management. There are
thes activities support the delivery of information security aligned to the organization's core business and context.
The do phase involves the implementation and operation of the plant processes.
This is not something that must be done solely by the information, security personnel, team or person,
but rather something that needs to be driven and supported by a variety of key personal across the organization.
The Czech phase involves the monitoring, measurement, evaluation and review our results against the information security policy objectives so that any improvement areas or corrective action measures can be determined and authorized.
The act phase involves performing
the previously authorized actions to ensure that the Information Security Program delivers its results and is improved upon.
There is some overlap in the cycle.
For example, they will also need to be planning
during your operation as well as operation done during your planning,
checking during the doing, doing during the checking.
So it's just a high level way off structuring how to think about the continuous improvement cycle,
the phases that one has to go through to make sure that you're covering all your bases
and are working towards the ultimate goal off continuous improvement.
Outside of these factors, the context of the organization plays a huge role
and direct all of these activities.
pertaining to close five
should always be at the heart of everything that you do in your eyes. Miss
again. Top management commitment is key to your success off your eyes mess.
The needs and expectations of interested parties as well as internal and external issues
also need to be considered
as used. Play a big role
and what you'll need to do to ensure that the cycle is completed.
So there might be a debate whether or not the P. D. C. A is actually a requirement of the standard,
as the specific wording can do. Check act
off the PD. A cycle is not actually used in the current version of the ice. A standard
P. D. C. A is quite prominent in the ice. A 9000 series, which is the quality management system standard.
The focus on continual improvement is what incorporated the P. D. C. A. Into the 27,001 standard in the first place.
While it is not mentioned directly,
it is basically built into the standard. So it is important for you to understand cycle so that you understand the way of thinking with regards to a nice mess and maintaining compliance to the standard.
We've already mapped the clauses to the phases in the cycle, but let's touch on it again.
The standard starts off with a big focus on planning,
ensuring you know what assets you have, what you're protecting them from and what risks are the most critical.
This is a plan phase of the PCA.
You didn't implement and operate controls to treat these risks.
This is the do part of the PCA
when you monitor, measure, order, tribute and so forth.
This is a chick pot of the PDC.
And when you implement corrective actions for nonconformity, ease and action opportunities for improvement,
that is the act part of the cycle
and then you start all over again and repeat the cycle.
It's basically a never ending process of continual improvement.
Why is it never ending? There will always be new risks. Businesses evolve and change according to the internal and external factors around them.
Many businesses have had to adapt their way of working
during the covert 19 pandemic, which has introduced a whole new plethora of risks
to consider and manage
your network is no longer contained
in your business premises. But now, with remote working, your network has expanded to levels probably not seen before.
Now this process isn't meant to box you in.
And have you think, Oh, we're not yet at the check phase, so I can't monitor yet,
or so we haven't got into the act phase,
so I can't correct this yet.
That's not what the PD says about.
It's more of a way of thinking.
These phases will overlap a lot in practice, and you will probably have multiple mini P d p D. C. A cycles going on in various areas off your organization. Supporting your item is
at the end of the day. The important thing here is that these elements exist within your eye. Smith's on that they are performed as a repeatable process, with the goal of continually improving both the ice myths
as well as your risk landscape
for information, security posture of your organization.
There'll be a lot of components to your ice mess and people involved in it,
so it's about getting all of these components to work in harmony
and achieving the goals that you have set in those areas and overall
we covered What the plan do Check Act cycle is
how the plan do Check Act cycle puts in with a nice mess.
the plan Do Check Act cycle is important.
Understanding this as a frame of reference and thinking more than a linear or waterfall process to follow,
and that plan Do Check Act is basically synonymous with continual improvement.