Plan Do Check Act
As figure 1 shows, the cycle then begins again at the point of determining the scope of the ISMS. An important aspect of ISO 27001 (ref BS 7799-2:2002) is that of the Plan-Do-Check-Act (PDCA) model, which must be applied to the ISMS. This is an approach to developing, implementing and improving the effectiveness of an organization’s ISMS. Figure 2 (below) shows how the PDCA model applies to the ISMS.