{"id":4560,"date":"2014-04-13T21:06:57","date_gmt":"2014-04-13T21:06:57","guid":{"rendered":"https:\/\/multiacademstg.wpengine.com\/27001academy\/blog\/014\/04\/13\/has-the-pdca-cycle-been-removed-from-the-new-iso-standards\/"},"modified":"2025-06-11T17:54:13","modified_gmt":"2025-06-11T17:54:13","slug":"has-the-pdca-cycle-been-removed-from-the-new-iso-standards","status":"publish","type":"post","link":"https:\/\/staging.advisera.com\/27001academy\/blog\/2014\/04\/13\/has-the-pdca-cycle-been-removed-from-the-new-iso-standards\/","title":{"rendered":"Has the PDCA Cycle been removed from the new ISO standards?"},"content":{"rendered":"<p>Lately I\u2019ve been receiving (too) many questions asking, \u201cWhy did the new revision of ISO 27001 cut out the PDCA cycle?\u201d And, on first sight, you might be misled because the standard really doesn\u2019t mention the Plan-Do-Check-Act cycle explicitly; but, you should read the standard a bit more carefully\u2026<\/p>\n<h2 style=\"padding-top: 10px; padding-bottom: 10px;\">Annex SL of ISO\/IEC Directives<\/h2>\n<p>Let\u2019s start from the beginning \u2013 the International Organization for Standardization has issued ISO\/IEC Directives where they describe in Annex SL how the management standards should be structured. This is the required structure, by clauses:<\/p>\n<ol start=\"0\">\n<li>Introduction<\/li>\n<li>Scope<\/li>\n<li>Normative references<\/li>\n<li>Terms and definitions<\/li>\n<li>Context of the organization<\/li>\n<li>Leadership<\/li>\n<li>Planning<\/li>\n<li>Support<\/li>\n<li>Operation<\/li>\n<li>Performance evaluation<\/li>\n<li>Improvement<\/li>\n<\/ol>\n<p>So, all the newly published standards like <a href=\"\/27001academy\/what-is-iso-27001\/\" target=\"_blank\" rel=\"noopener noreferrer\">ISO 27001:2013<\/a> and <a href=\"https:\/\/staging.advisera.com\/27001academy\/what-is-iso-22301\/\" target=\"_blank\" rel=\"noopener noreferrer\">ISO 22301:2012<\/a> have this identical structure. And all the new revisions of <a href=\"https:\/\/staging.advisera.com\/9001academy\/what-is-iso-9001\/\" target=\"_blank\" rel=\"noopener noreferrer\">ISO 9001<\/a>, <a href=\"https:\/\/staging.advisera.com\/14001academy\/what-is-iso-14001\/\" target=\"_blank\" rel=\"noopener noreferrer\">ISO 14001<\/a> and others will have the very same structure.<\/p>\n<p>The intention of the ISO with this Annex SL was, of course, to align all the management standards in order to make them more compatible and enable the integration of management systems in an easier and more convenient way.<br \/>\n<div id=\"middle-banner\" class=\"banner-shortcode\"><\/div><script>loadMiddleBanner();<\/script><br \/>\n<div id=\"side-banner-trigger\" class=\"banner-shortcode\"><\/div><\/p>\n<h2 style=\"padding-top: 10px; padding-bottom: 10px;\">What is the PDCA cycle?<\/h2>\n<p>For those of you who don\u2019t know what this PDCA cycle is, it is basically a concept developed about 60 years ago by a famous consultant and quality management guru called William Edwards Deming. Essentially, it says the following:<\/p>\n<ul>\n<li>Before you start implementing anything, you should know exactly what you really need, and exactly what it is you want to achieve (objectives) \u2013 this is the <b>Plan<\/b> phase.<\/li>\n<li>Once you know what you want to achieve, you can start implementing your information security, business continuity, quality procedures, or whatever the ISO standard is focused on \u2013 this is the <b>Do<\/b> phase.<\/li>\n<li>However, the whole effort does not stop here \u2013 you want to make sure you have achieved what you have planned for, so you need to monitor your system and measure if you achieved your objectives \u2013 this is the <b>Check<\/b> phase.<\/li>\n<li>Finally, if and when you realize that what you achieved is not what you have planned for, you have to fill the gap \u2013 this is called the <b>Act<\/b> phase.<\/li>\n<\/ul>\n<p>Or, using an example \u2013 when I purchase a car I have an idea on how much it should cost, what color it should be, maximum fuel consumption, etc. (Plan phase); then I start driving it (Do phase), and realize that the fuel consumption is much higher than expected (Check phase) \u2013 then, basically, I have 2 options: to drive more easily in order to consume less fuel, or change the targeted consumption (Act phase).<\/p>\n<p>And, although this concept was developed for quality management, very soon it was realized that it can be applied to any type of management, including information security management or business continuity management.<\/p>\n<p>So, today this concept is so dominating in the management thought that it is virtually everywhere \u2013 in every ISO management standard, in every management framework, in every theory. It has become so important that it is impossible to avoid it.<\/p>\n<h2 style=\"padding-top: 10px; padding-bottom: 10px;\">So, did the PDCA cycle really disappear from ISO standards?<\/h2>\n<p>No it didn\u2019t. It is still very much incorporated into ISO 27001, ISO 22301 and all other standards, only now the cycle is not expressly displayed in the introduction of the standard as was the case in older revisions.<\/p>\n<p>Here is how you can recognize the PDCA cycle in the structure of ISO standards:<\/p>\n<ul>\n<li>Clauses 4 Context of the organization, 5 Leadership, 6 Planning, and 7 Support are nothing but the Plan phase<\/li>\n<li>Clause 8 Operations speaks about the Do phase<\/li>\n<li>Clause 9 Performance evaluation is, of course, the Check phase, and<\/li>\n<li>Clause 10 Improvement is the Act phase<\/li>\n<\/ul>\n<p>As you can see, the PDCA cycle was not deleted from new ISO standards; on the contrary, it is so important that the Annex SL requires all ISO standards to structure its main clauses around the PDCA cycle.<\/p>\n<p>So, don\u2019t worry, the PDCA cycle is going to stay around for a long time.<\/p>\n<p><em>To become compliant easily and efficiently, use Advisera\u2019s<\/em>\u00a0<a href=\"https:\/\/advisera.com\/toolkits\/\" target=\"_blank\" rel=\"noopener\">Documentation Toolkits<\/a>\u00a0<em>that provide all required documentation and step-by-step guidance.<\/em><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Lately I\u2019ve been receiving (too) many questions asking, \u201cWhy did the new revision of ISO 27001 cut out the PDCA cycle?\u201d And, on first sight, you might be misled because the standard really doesn\u2019t mention the Plan-Do-Check-Act cycle explicitly; but, you should read the standard a bit more carefully\u2026 Annex SL of ISO\/IEC Directives Let\u2019s &#8230;<\/p>\n","protected":false},"author":26,"featured_media":4561,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1],"tags":[133,292,380,381,382,550],"class_list":["post-4560","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-blog","tag-iso-9001","tag-iso-14001","tag-iso-22301","tag-iso-27001","tag-pdca-cycle","tag-deming"],"acf":[],"_links":{"self":[{"href":"https:\/\/staging.advisera.com\/27001academy\/wp-json\/wp\/v2\/posts\/4560","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/staging.advisera.com\/27001academy\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/staging.advisera.com\/27001academy\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/staging.advisera.com\/27001academy\/wp-json\/wp\/v2\/users\/26"}],"replies":[{"embeddable":true,"href":"https:\/\/staging.advisera.com\/27001academy\/wp-json\/wp\/v2\/comments?post=4560"}],"version-history":[{"count":2,"href":"https:\/\/staging.advisera.com\/27001academy\/wp-json\/wp\/v2\/posts\/4560\/revisions"}],"predecessor-version":[{"id":104191,"href":"https:\/\/staging.advisera.com\/27001academy\/wp-json\/wp\/v2\/posts\/4560\/revisions\/104191"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/staging.advisera.com\/27001academy\/wp-json\/wp\/v2\/media\/4561"}],"wp:attachment":[{"href":"https:\/\/staging.advisera.com\/27001academy\/wp-json\/wp\/v2\/media?parent=4560"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/staging.advisera.com\/27001academy\/wp-json\/wp\/v2\/categories?post=4560"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/staging.advisera.com\/27001academy\/wp-json\/wp\/v2\/tags?post=4560"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}