MANAGEMENT & PROTECTION SYSTEMS

QUALITY ENVIRONMENTAL AND SAFETY : ISO 9001 - ISO 14001 - EMAS - ISO 45001
INFORMATION TECHNOLOGY: ISO 27001 - ISO 20000 - ISO 22301

 

 

 
 

ISO 27001

 

 

B- The Deming cycle for continuous improvement applied to the ISMS

 

Also in reference to the Information Security Management System, as for the Quality Management Systems ( ISO 9001 ) and Environmental Management Systems ( ISO 14001 ), the aim of Deming's virtuous cycle is to ensure that the organization's best practices are documented, strengthened and improved over time.

 

ISO 27001 - Ciclo di Deming

 


In the first phase of Planning (PLAN) the organization will have to make sure that :

 

  • the context and purpose (scope) of the ISMS have been correctly established
  • that the risks to information security have been assessed
  • that a plan has been developed for appropriate treatment of these risks

 

In the second phase (DO) the organization will have to implement the decisions taken and the solutions identified in the planning phase.

The last two phases (CHECK and ACT) perform the function of strengthening, modifying and improving the solutions identified and applied in the previous phases.

 

The review can take place at any time and at any frequency: annual or periodic reviews or audits are still required to ensure that the entire management system is achieving its objectives.