PDCA definition
How can I define the activity in each PDCA and the time for each one? What is the activity example to start the project? If you can give me an answer for both ISMS implementation and Risk treatment plan, that would be great.
Assign topic to the user
A PDCA is a method used in business for the control and continuous improvement of processes and products, so the things you need to do is to define the improvement you want to implement and how you can measure if it was achieved. E.g.: improve information security, by implementing an ISO 27001 compliant ISMS, or bring information risks to acceptable levels, by implementing a Risk Treatment Plan.
The definition of time for each activity needs to consider the available resources and the competence of the personnel involved.
For staring a project, the first activity you need to consider is getting top management buy-in.
These articles will provide you a further explanation about ISO 27001 projects:
- ISO 27001 implementation checklist https://advisera.com/27001academy/knowledgebase/iso-27001-implementation-checklist/
- 4 crucial techniques for convincing your top management about ISO 27001 implementation https://advisera.com/27001academy/blog/2016/09/12/4-crucial-techniques-for-convincing-your-top-management-about-iso27001-implementation/
- Has the PDCA Cycle been removed from the new ISO standards? https://advisera.com/27001academy/blog/2014/04/13/has-the-pdca-cycle-been-removed-from-the-new-iso-standards/
These materials will also help you regarding ISO 27001 projects:
- Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
- ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/
Comment as guest or Sign in
Jun 23, 2020