The plan, do, check and act cycle (PDCA)
Plan (establishing the ISMS): Establish the policy, the ISMS objectives, processes and procedures related to risk management and the improvement of information security to provide results in line with the global policies and objectives of the organization.
Do (implementing and workings of the ISMS): Implement and exploit the ISMS policy, controls, processes and procedures.
Check (monitoring and review of the ISMS): Assess and, if applicable, measure the performances of the processes against the policy, objectives and practical experience and report results to management for review.
Act (update and improvement of the ISMS): Undertake corrective and preventive actions, on the basis of the results of the ISMS internal audit and management review, or other relevant information to continually improve the said system.