All
the three standards follow the PLAN, DO, CHECK ACT (PDCA) cyclic process. This
methodology makes it possible to integrate the systems.
ISO 27001 is the international standard which
is recognised globally for managing risks to the security of information you
hold. Certification to ISO 27001 allows you to prove to your clients and other
stakeholders that you are managing the security of your information. ISO
27001:2013 (the current version of ISO 27001) provides a set of standardised
requirements for an Information Security Management System (ISMS). The standard
adopts a process based approach for establishing, implementing, operating,
monitoring, maintaining, and improving your ISMS.
PDCA,
sometimes called PDSA, the "Deming Wheel," or "Deming
Cycle," was developed by renowned management consultant Dr William Edwards
Deming in the 1950s. Deming himself called it the "Shewhart Cycle,"
as his model was based on an idea from his mentor, Walter Shewhart.
Deming wanted to create a way of identifying what caused products to fail to meet customers' expectations. His solution helps businesses to develop hypotheses about what needs to change, and then test these in a continuous feedback loop. PDCA / PDSA is an iterative, four-stage approach for continually improving processes, products or services, and for resolving problems. It involves systematically testing possible solutions, assessing the results, and implementing the ones that are shown to work.
The four phases are:
- Plan: identify and analyze the problem or opportunity, develop hypotheses about what the issues may be, and decide which one to test.
- Do: test the potential solution, ideally on a small scale, and measure the results.
- Check/Study: study the result, measure effectiveness, and decide whether the hypothesis is supported or not.
- Act: if the solution was successful, implement it.
User questions & answers