ISO 27001 certification and the PDCA cycle

ISO 27001 certification

Our business life is becoming ever-more dependant on information technology and it seems almost a daily occurrence that an information security incident makes the news. Oganisations are threrefore increasingly looking to implement an ISMS (information security management system) to preserve the confidentiality, integrity and availability of their information.

While there are various frameworks that may be used to develop an ISMS, the ISO 27001 standard is fast becoming the model being widely adopted and referred to in tender invitations etc. It is a widely-recognised international standard that specifies requirements for an ISMS and enables organisations to seek formal certification. It follows the same high-level structure as other popular standards such as ISO 9001 (Quality) and is therefore very well-suited for inclusion in integrated systems.

Achieving and maintaining certification provides a definite statement of intent and a strong assurance to clients and other interested parties. In the most recent ISO survey, there were over 30,000 organisations already certified to ISO 27001 - and the number is steadily growing.

The PDCA cycle

The PDCA (or Plan-Do-Check-Act) cycle is a key principle behind all modern ISO management system standards - and ISO 27001 is no exception.

Our sister organisation Qudos Certification Limited has published a very interesting article that provides an introduction to this important standard, with a brief, plain-English summary of its requirements, and a clear illustration of how it fits into the PDCA cycle.

If you are considering developing an ISMS and possibly seeking ISO 27001 certification for the first time, then this article is for you.