ISO 27001 implementation requirement
Assign topic to the user
First is important to note that ISO 27001 does not specify the PDCA cycle.
Please note that the best practice is to consider Risk assessment as part of the Plan phase, since its main objective is to identify and prioritized relevant risks to be treated, so you can plan why controls to implement.
In the Do phase, you implement and operates the controls.
This article will provide you a further explanation about ISO 27001 and PDCA cycle:
- Has the PDCA Cycle been removed from the new ISO standards? https://advisera.com/27001academy/blog/2014/04/13/has-the-pdca-cycle-been-removed-from-the-new-iso-standards/
Comment as guest or Sign in
Apr 15, 2022