PDCA stands for "Plan, Do, Check, Act." It is a four-step iterative management method used for continuous improvement. The PDCA cycle, also known as the Deming Cycle or Shewhart Cycle, is widely applied in various management systems, including quality management and information security management.
Within ISO/IEC 27001, Clause 10.1 relates to corrective action. This clause is titled "Nonconformity and Corrective Action" and is part of the "Performance Evaluation" section of the standard.
Clause 10.1 specifies the requirements for addressing nonconformities and implementing corrective actions within the Information Security Management System (ISMS). It focuses on identifying, documenting, and taking appropriate actions to address nonconformities, as well as preventing their recurrence.
Within ISO/IEC 27001, Clause 8.1 relates to operational planning and control. This clause is titled "Operational Planning and Control" and is part of the "Operation" section of the standard.
Clause 8.1 specifies the requirements for establishing, implementing, and maintaining processes to identify and control the organization's operational activities related to information security. It addresses the need to plan and implement controls to manage risks and protect information assets during the operation of the ISMS.
The purpose of ISO/IEC 27000 is to provide an overview and vocabulary for information security management systems (ISMS) based on the ISO/IEC 27001 standard. It serves as a foundational document that provides essential information and guidance for organizations seeking to implement and maintain an ISMS.
"Asset: Anything that has value to the organization, including tangible and intangible assets."
This definition encompasses a broad range of items that are considered valuable to an organization, including physical assets (such as equipment, facilities, and infrastructure), information assets (such as data, documents, and intellectual property), software assets, personnel, and more.
The key concept is that an asset is anything that holds value to the organization and is therefore worth protecting and managing appropriately to ensure the confidentiality, integrity, and availability of that asset.