Plan – Context of Organization, Risk assessment, Determining Controls, Legal and Other Requirements, Objectives, and Planning.
Do – Roles, Responsibilities, Accountability, Authority, Competence, Training & Awareness, Communication, Documentation & Data Control, Operational Controls.
Check – Internal Audit, Performance Measurement & Monitoring, Evaluation & Assessments, Corrective actions, and Preventive Actions.
Act – Management Review, Leadership, Continual Improvements.