Act (update and improvement of the ISMS) Undertake corrective and preventive actions, on the basis of the results of the ISMS internal audit and management review, or other relevant information to continually improve the said system. Check (monitoring and review of the ISMS) Assess and, if applicable, measure the performances of the processes against the policy, objectives and practical experience and report results to management for review. Do (implementing and workings of the ISMS) Implement and exploit the ISMS policy, controls, processes and procedures. Plan (establishing the ISMS) Establish the policy, the ISMS objectives, processes and procedures related to risk management and the improvement of information security to provide results in line with the global policies and objectives of the organization. 27001:2005 applied this to all the processes in ISMS. The 2002 version of BS 7799-2 introduced the Plan-Do-Check-Act (PDCA) cycle aligning it with quality standards such as ISO 9000.
0 Comments
Leave a Reply. |