Search in ISMS Guides

Google
 

Wednesday, August 15, 2007

PDCA and Continuous Improvement Process

PDCA and Continuous Improvement Process Approach (BS7799:2-2002)















Plan

- Define Scope of ISMS
- Define ISMS Policy
- Define Systematic approach to risk assessment
- Identify and assess Risk
- Identify and evaluate risk treatment options
- Select controls for risk treatment
- Prepare Statement of Applicability
Do
- Formulate Risk Treatment Plan
- Implement Risk Treatment Plan
- Implement controls
- Implement training and awareness
- Manage Operations
- Manage Resources
- Implement detective and reactive controls for security incidents
Check
- Execute monitoring procedures and controls
- Undertake regular reviews of ISMS
- Review residual risk and acceptable risk
Act
- Implement the identified improvements in ISMS
- Continuous feedback and improvement
- Communication with interested parties
- Ensure improvements achieve intended results

Generic Requirements across PDCA
- Documentation Requirements
- Management Responsibility
- Management review of ISMS
- ISMS Improvement

Marc Stefaniu - MSc, MBA, CISSP
(416) 513 5699
marc.stefaniu@bmo.com

No comments: