What is the cornerstone process of ISO 27001?

The cornerstone process of ISO 27001 is the "Plan, do, check, act" framework. This cycle, often referred to as the PDCA cycle, is integral to establishing a systematic approach to managing information security within an organization.

In the context of ISO 27001, the PDCA cycle involves:

1. Plan: Organizations identify their information security risks and establish an information security management system (ISMS) plan, defining the necessary controls and objectives to mitigate those risks.

2. Do: This phase involves implementing the ISMS in accordance with the established plan. It includes putting the security controls into operation and managing day-to-day security processes.

3. Check: Organizations assess the performance of the ISMS against set objectives and conduct audits to gauge compliance and effectiveness. This phase is crucial for finding areas where the ISMS may not be functioning as intended.

4. Act: Based on the assessment in the Check phase, organizations take corrective actions to improve the ISMS. This includes updating the risk assessment and treatment as necessary, thereby continually improving the information security management process.

This iterative cycle helps organizations not only to maintain compliance with ISO 27001 standards but also to foster an ongoing commitment to continuous improvement