Search in ISMS Guides

Google
 

Wednesday, August 15, 2007

PDCA and Continuous Improvement Process

PDCA and Continuous Improvement Process Approach (BS7799:2-2002)















Plan

- Define Scope of ISMS
- Define ISMS Policy
- Define Systematic approach to risk assessment
- Identify and assess Risk
- Identify and evaluate risk treatment options
- Select controls for risk treatment
- Prepare Statement of Applicability
Do
- Formulate Risk Treatment Plan
- Implement Risk Treatment Plan
- Implement controls
- Implement training and awareness
- Manage Operations
- Manage Resources
- Implement detective and reactive controls for security incidents
Check
- Execute monitoring procedures and controls
- Undertake regular reviews of ISMS
- Review residual risk and acceptable risk
Act
- Implement the identified improvements in ISMS
- Continuous feedback and improvement
- Communication with interested parties
- Ensure improvements achieve intended results

Generic Requirements across PDCA
- Documentation Requirements
- Management Responsibility
- Management review of ISMS
- ISMS Improvement

Marc Stefaniu - MSc, MBA, CISSP
(416) 513 5699
marc.stefaniu@bmo.com

1 comment:

Priya said...

Thanks for the valuable information. Are you looking for a one-stop solution to your Information/Cybersecurity needs? IARM, one of the few companies to focus exclusively on End-End Information/Cybersecurity solutions and services providers to organizations across all verticals.
ISO 27001 Implementation and Consultancy Company in Chennai
ISO27001 Compliance Audit Service in Bangalore