PDCA cycle: continuous optimization of quality-relevant processes
The PDCA cycle provides a concept for the structured improvement of corporate processes. It can be applied to all quality-relevant processes, for example in information security or in manufacturing of products. The objectives of the improvements are, among others, increased customer satisfaction, efficiency gains, and resilience against data loss or cyber attacks.
The cycle is applied to comply with international standards. These include DIN EN ISO/IEC 27001 (requirements for information security management systems) and DIN EN ISO 9001 (requirements for quality management systems). In the following, you will learn how you can use the PDCA cycle as a company or organization.
What is the PDCA cycle?
The Plan-Do-Check-Act cycle is a management method. It is also known as the Deming Wheel or Deming Circle, named after its developer William Deming and its cyclical form.
The US American physicist Walter Shewhart first proposed the concept, at the time for statistical quality improvement in production. William Deming later developed it into an economically oriented learning and improvement cycle.
Plan - Do - Check - Act: What does it mean?
The PDCA cycle provides an approach for regular checks, the derivation of measures, the testing of their effectiveness and, ultimately, for optimization. PDCA stands for Plan-Do-Check-Act:
Plan (planning)The first step in the PDCA cycle is planning. In this step, you identify the (measurable) goal to be achieved. In addition, measures for achieving the goal are defined, as well as rules for their implementation. A risk analysis has taken place beforehand. This is the only way to identify where measures need to be taken. Consider your available resources when planning.
Do (implementation)In the second step, the implementation of the planned measures takes place. Either individual actions are implemented to solve the problem or entirely new standards and processes are introduced. Test the new procedures in a small area first.
Check (success control)You take care of upcoming hurdles in the third phase. This is where you check the results so far. Check the implementation of your plan and make sure that the desired change has taken place. Where possible, measurements can be taken to monitor success. Otherwise, an individual, context-based assessment is necessary.
Act (improvement)In the last phase, you correct the identified deficiencies. This should achieve the goal in this cycle run. For example, after this step, there is increased information security in line with standards; or the delivery of a service has been successfully optimized.
The PDCA cycle is all about continuity
The German Federal Office for Security Information Technology (BSI) suggests using the Deming circle. It explains that information security is not a state that is achieved once and then persists. Rather, it says, true information security is a process that must be continually adapted to new circumstances—by using the PDCA cycle, example given.
The same applies to quality in production, customer service or management. Here, too, the PDCA cycle always starts anew once it has been completed. Changes in the legal framework, developments in technology or even newly identified vulnerabilities mean that there are always new requirements, so that the sustainable effectiveness of processes cannot be guaranteed.
Why is all this necessary? The purpose of quality management is to ensure that products and services meet customer expectations while being produced efficiently. On the one hand, this should be done out of self-interest. On the other hand, continuous optimization is also a component of many standards and required in their certification audits.
Audit software support for improved business processes
The ISO specifications use similar wording to the PDCA cycle. Thus, according to ISO 27001, information security risks must be identified, analyzed, evaluated and then implemented in practice. Success monitoring and continuous optimization are thus among the most important management principles for greater security. Without regular controls, the effectiveness of protective measures cannot be guaranteed.
With an GRC software with integrated audit function, we can support you in preparing your ISO certification in the best possible way. Thus, the process of Plan-Do-Check-Act is reliably supported.