The Plan-Do-Check-Act (PDCA) process originates from quality assurance in production environments, but has for some years also been a requirement in the ISMS standard ISO 27001 (ISMS = Information Security Management System).
Has ‘Plan-Do-Check-Act´disappeared in the new ISO 27001?
[fa icon="calendar'] Friday, 04 April 2014 / by Jakob Holm Hansen under Iso Standard and certification
New Webinar series on Information Security Management best practice
[fa icon="calendar'] Wednesday, 13 November 2013 / by Jakob Holm Hansen
Join us when Founder and CEO Lars Neupart gives a guided tour through ISO 27001, related standards and best practices for information security management. Click below and sign up for one or more half-hour webinars:
The new ISO 27001 is out! How to develop a Statement of Applicability
[fa icon="calendar'] Friday, 11 October 2013 / by Jakob Holm Hansen
The 2022 editions of the widely used standards for information security management, ISO 27001 and 27002 have been updated. The new versions contain a number of improvements that should be of interest to companies that lean towards ISO 27001 or comply with it.
IT Risk Management increases your IT outsourcing success
[fa icon="calendar'] Monday, 03 June 2013 / by Jakob Holm Hansen under Iso Standard and certification
IT outsourcing can be a highly positive experience.
Six questions about the ISO 27001 revision (with answers)
[fa icon="calendar'] Tuesday, 30 April 2013 / by Jakob Holm Hansen under Risk Managment, ISO Standards & Certification
How does the ISO 27001 revision impact your risk management?
Three ways the ISO 27001 revision will affect your company
[fa icon="calendar'] Monday, 15 April 2013 / by Jakob Holm Hansen under ISO Standards & Certification
It has been eight years since the ISO 27001 standard was last revised but now changes are coming.
4 responsible shortcuts to good enough risk assessments
[fa icon="calendar'] Wednesday, 23 May 2012 / by Jakob Holm Hansen under ISO Standards & Certification
Information security standards have at least two characteristics: 1) they can cure most sleep problems and 2) some describe a relatively perfect world where those responsible for information security have plenty of time and where there are enough resources to analyse needs and document decisions. Even though I may have started this post a little sarcastic, I'm actually a big supporter of standards and "best practice"; I see no reason to reinvent good stuff. I cannot do anything about the standards being boring, but I write this post to suggest some responsible shortcuts to a good start on risk assessments and as a pragmatic approach to ISO 27001 compliance (should you want that).


