The Plan, Do, Check, Act Cycle

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
or

Already have an account? Sign In »

Time
7 hours 56 minutes
Difficulty
Intermediate
CEU/CPE
8
Video Transcription
00:01
less than 1.3. The plan do check,
00:05
but cycle
00:11
in this lesson, we're going to talk about one of the elements that was added to the standard all the way back in 2000 and two.
00:17
This is known as the dimming Cycle or the P. D. C. A cycle
00:25
more commonly known as the Plan Do Check Act cycle.
00:31
We're going to go over what the P. D. C. C. A. Is
00:34
why it is useful when it comes to a nice miss and part links up to the components within the eye. So 27,000 and one standard.
00:52
This is what the plan do. Check Act cycle looks like when it is mapped to D closes in the ice. Um, is
01:00
a nice miss follows an iterative cycle known as the dimming cycle.
01:04
The cycle is repeated again and again, with the ultimate goal being to continually improve.
01:11
The dimming cycle is known as a continuous quality improvement model.
01:18
The plan phase involves the definition off policies, objectives, targets, controls,
01:25
processes, procedures on performing the initial risk assessment and management. There are
01:30
thes activities support the delivery of information security aligned to the organization's core business and context.
01:40
The do phase involves the implementation and operation of the plant processes.
01:46
This is not something that must be done solely by the information, security personnel, team or person,
01:52
but rather something that needs to be driven and supported by a variety of key personal across the organization.
01:59
The Czech phase involves the monitoring, measurement, evaluation and review our results against the information security policy objectives so that any improvement areas or corrective action measures can be determined and authorized.
02:16
The act phase involves performing
02:20
the previously authorized actions to ensure that the Information Security Program delivers its results and is improved upon.
02:30
There is some overlap in the cycle.
02:34
For example, they will also need to be planning
02:37
done
02:38
during your operation as well as operation done during your planning,
02:43
checking during the doing, doing during the checking.
02:46
So it's just a high level way off structuring how to think about the continuous improvement cycle,
02:53
the phases that one has to go through to make sure that you're covering all your bases
02:58
and are working towards the ultimate goal off continuous improvement.
03:05
Outside of these factors, the context of the organization plays a huge role
03:09
and direct all of these activities.
03:13
Leadership
03:15
pertaining to close five
03:16
should always be at the heart of everything that you do in your eyes. Miss
03:21
again. Top management commitment is key to your success off your eyes mess.
03:28
The needs and expectations of interested parties as well as internal and external issues
03:32
also need to be considered
03:35
as used. Play a big role
03:37
in your ISMs
03:38
and what you'll need to do to ensure that the cycle is completed.
03:52
So there might be a debate whether or not the P. D. C. A is actually a requirement of the standard,
03:58
as the specific wording can do. Check act
04:01
off the PD. A cycle is not actually used in the current version of the ice. A standard
04:09
P. D. C. A is quite prominent in the ice. A 9000 series, which is the quality management system standard.
04:18
The focus on continual improvement is what incorporated the P. D. C. A. Into the 27,001 standard in the first place.
04:27
While it is not mentioned directly,
04:29
it is basically built into the standard. So it is important for you to understand cycle so that you understand the way of thinking with regards to a nice mess and maintaining compliance to the standard.
04:42
We've already mapped the clauses to the phases in the cycle, but let's touch on it again.
04:47
The standard starts off with a big focus on planning,
04:49
ensuring you know what assets you have, what you're protecting them from and what risks are the most critical.
04:57
This is a plan phase of the PCA.
05:00
You didn't implement and operate controls to treat these risks.
05:03
This is the do part of the PCA
05:06
when you monitor, measure, order, tribute and so forth.
05:10
This is a chick pot of the PDC.
05:14
And when you implement corrective actions for nonconformity, ease and action opportunities for improvement,
05:19
that is the act part of the cycle
05:23
and then you start all over again and repeat the cycle.
05:26
It's basically a never ending process of continual improvement.
05:30
Why is it never ending? There will always be new risks. Businesses evolve and change according to the internal and external factors around them.
05:40
Many businesses have had to adapt their way of working
05:43
during the covert 19 pandemic, which has introduced a whole new plethora of risks
05:48
to consider and manage
05:50
your network is no longer contained
05:54
in your business premises. But now, with remote working, your network has expanded to levels probably not seen before.
06:02
Now this process isn't meant to box you in.
06:05
And have you think, Oh, we're not yet at the check phase, so I can't monitor yet,
06:11
or so we haven't got into the act phase,
06:13
so I can't correct this yet.
06:15
That's not what the PD says about.
06:17
It's more of a way of thinking.
06:20
These phases will overlap a lot in practice, and you will probably have multiple mini P d p D. C. A cycles going on in various areas off your organization. Supporting your item is
06:32
at the end of the day. The important thing here is that these elements exist within your eye. Smith's on that they are performed as a repeatable process, with the goal of continually improving both the ice myths
06:45
as well as your risk landscape
06:46
for information, security posture of your organization.
06:50
There'll be a lot of components to your ice mess and people involved in it,
06:55
so it's about getting all of these components to work in harmony
06:58
and achieving the goals that you have set in those areas and overall
07:06
to recap lesson 1.3
07:10
we covered What the plan do Check Act cycle is
07:15
how the plan do Check Act cycle puts in with a nice mess.
07:20
Why understanding
07:21
the plan Do Check Act cycle is important.
07:27
Understanding this as a frame of reference and thinking more than a linear or waterfall process to follow,
07:34
and that plan Do Check Act is basically synonymous with continual improvement.
Up Next
ISO 27001:2013 - Information Security Management Systems

The ISO 27001:2013 - Information Security Management Systems course provides students with insights into the detail and practical understandings meant by the various clauses in the ISO 27001 Standard.

Instructed By