What is PDCA?
PDCA stands for Plan – Do – Check – Act, a continuous improvement cycle widely used in quality management, information security and OT Security. The PDCA cycle is a fundamental part of standards such as ISO 27001, IEC 62443, ISO 9001 and the NIST CSF.
In industrial environments, PDCA helps to structurally improve cybersecurity controls, manage risks and meet Compliance requirements.
🧠 How does the PDCA cycle work?
-
📝 Plan
- Define objectives, policy, risks and controls
- Carry out a risk assessment or Cybersecurity Risk Assessment
- Define roles (e.g. ISO, OSO, CISO) and processes
- Align with standards such as IEC 62443 or ISO 27001
-
🔧 Do
- Implement the planned measures
- Examples:
- Configuring Industrial Firewalls and Access Control
- Rolling out Security Awareness training
- Setting up SIEM, Logging and patch management
- Applying network segmentation or Zero Trust
-
🔍 Check
- Monitor, measure and evaluate effectiveness
- Examples:
- Carrying out Audits
- Reviewing logs via SIEM
- Testing the Incident Response Plan with Threat Simulations
- Verifying policy compliance by OT staff
-
🔁 Act
- Correct deviations, improve controls and update policy
- Incorporate lessons learned from incidents or evaluations
- Restart the cycle with improved insight
Each cycle increases the maturity of the cybersecurity strategy and the control of OT risks.
🏭 PDCA in an OT context
| Phase | OT application |
|---|---|
| Plan | Drawing up a security plan for PLC, SCADA and Remote Access |
| Do | Segmentation of the Control Network, setting up a Jump Server |
| Check | Reviewing Firewall logs, SIEM alerts and OT logging |
| Act | Adjusting policies after a cyber incident or audit findings |
In OT, availability is crucial. The PDCA approach helps tailor controls to operational reality.
🔐 PDCA and security standards
- ISO 27001 uses PDCA as the basis for the ISMS (Information Security Management System)
- IEC 62443-2-1 and IEC 62443-2-4 implement PDCA for the CSMS (Cyber Security Management System)
- The NIST CSF applies PDCA implicitly across its five functions: Identify, Protect, Detect, Respond, Recover
📌 In summary
PDCA is a proven method for continuous improvement in Cybersecurity and industrial automation. By working in a planned way, OT organisations can make security structural, measurable and adaptable.