Expert Advice Community

Guest

PDCA in 2005 and 2013 edition for ISO 27001

  Quote
Guest
shrihari Created:   Jun 18, 2019 Last commented:   Jun 20, 2019

PDCA in 2005 and 2013 edition for ISO 27001

Given to understand that PDCA is diluted in the 2013 edition of ISO 27001 when compared to that earlier 2005 version. Am I correctly informard ? If yes please elaborate.
0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Jun 20, 2019
Answer: First it is important to note that "incorporated" is a more proper word than "diluted" when speaking about PDCA on ISO 27001. The point is that now the cycle is not expressly displayed in the introduction of the standard as was the case in older revisions.

Since ISO 27001 adopted the same High Level Structure and Annex XL as ISO 9001, ISO 14001 and many other management system standards, the same principle is applied regarding the PDCA. First you need to plan your system, which includes determining the context, the policy, addressing risks and opportunities, determining information security risks, setting the objectives and providing resources, basically you need to cover clauses from 4 to 7.

Do phase is defined by the clause 8, where you need to establish and apply operational controls in order to treat information security risks.

Check phase is located in clause 9, and it requires organization to monitoring and measurements, conduct internal audits, compliance evaluation and management review in order to determine conformity of the ISMS to requirements of th e standard, legal requirements and overall effectiveness of the ISMS, as well as effectiveness of the operational control and actions to address risks and opportunities.

Finally the act phase is defined in the clause 10, which defines requirements for continual improvement, corrective actions and nonconformists.

This article will provide you further explanation about ISO 27001 and PDCA:
- Has the PDCA Cycle been removed from the new ISO standards? https://advisera.com/27001academy/blog/2014/04/13/has-the-pdca-cycle-been-removed-from-the-new-iso-standards/
Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Jun 18, 2019

Jun 20, 2019