Search in ISMS Guides


Wednesday, August 15, 2007

PDCA and Continuous Improvement Process

PDCA and Continuous Improvement Process Approach (BS7799:2-2002)


- Define Scope of ISMS
- Define ISMS Policy
- Define Systematic approach to risk assessment
- Identify and assess Risk
- Identify and evaluate risk treatment options
- Select controls for risk treatment
- Prepare Statement of Applicability
- Formulate Risk Treatment Plan
- Implement Risk Treatment Plan
- Implement controls
- Implement training and awareness
- Manage Operations
- Manage Resources
- Implement detective and reactive controls for security incidents
- Execute monitoring procedures and controls
- Undertake regular reviews of ISMS
- Review residual risk and acceptable risk
- Implement the identified improvements in ISMS
- Continuous feedback and improvement
- Communication with interested parties
- Ensure improvements achieve intended results

Generic Requirements across PDCA
- Documentation Requirements
- Management Responsibility
- Management review of ISMS
- ISMS Improvement

Marc Stefaniu - MSc, MBA, CISSP
(416) 513 5699

No comments: