The Plan-Do-Check-Act (PDCA) Cycle in Management Systems
PDCA in Brief
Plan-Do-Check-Act underpins every ISO management system standard - plan what to do, do it, check it worked, act on what the check tells you. The simplicity is the strength.
What is the Plan-Do-Check-Act Cycle?
Plan-Do-Check-Act, usually shortened to PDCA, is the four-stage improvement cycle that underpins every ISO management system. It is the model that connects setting objectives to doing the work, measuring the results and acting on what is found. The cycle is also known as the Deming cycle after W. Edwards Deming who popularised it in post-war manufacturing, though it predates him and has been refined by many others since.
Every modern ISO management system standard is built on PDCA. The structure of the standard itself follows the cycle - context, leadership and planning first, operational support and delivery next, then monitoring and evaluation, then improvement. An organisation that runs a working management system is running PDCA whether it calls it that or not.
The value of PDCA is not that it is clever - the steps are obvious. The value is that it forces the full loop to close. Organisations commonly plan things without doing them, do things without measuring them, or measure things without changing anything as a result. PDCA is a discipline for closing all four gaps.
The Four Stages of PDCA
Plan
The planning stage sets direction. It defines what the organisation is trying to achieve, why it matters, who is responsible, what resources are needed and how success will be measured. At the strategic level, planning produces the policies, objectives and programmes that shape what the management system does over the coming year. At the tactical level, planning produces project scopes, change proposals and improvement plans. At the operational level, planning produces the procedures, work instructions and risk assessments that describe how individual tasks should be carried out.
Good planning in a management system is specific. Objectives are measurable. Responsibilities are assigned. Timescales are agreed. Resources are confirmed. Vague intentions like "improve customer satisfaction" are reshaped into something that can actually be tracked, such as "reduce customer complaints about delivery times by twenty percent within twelve months, measured monthly from the complaints register, owned by the Operations Manager".
Do
The doing stage is where the plan gets executed. Resources are applied, procedures are followed, training is delivered, products and services are produced. This is the bulk of what the organisation does day to day - everything from processing a customer order to running a monthly safety toolbox talk to implementing a new information security control.
At this stage the management system is mostly invisible because the work just happens. The system shows up in the procedures staff follow, the records they fill in, the checks they complete and the decisions they escalate. The more the system reflects how the business actually runs, the more naturally this stage flows.
Check
The checking stage measures what actually happened against what was planned. It asks whether the objectives were met, whether the procedures worked as intended, whether the results are holding up. Check activities include internal audits, monitoring of key performance indicators, customer satisfaction surveys, analysis of complaints and non-conformities, supplier performance reviews and management review itself.
Checking is the stage organisations most commonly skip or do badly. It is less satisfying than planning and less urgent than doing. Records get filed without being analysed. Audits happen but findings do not get followed up. Customer feedback is collected but not summarised. A management system that is weak at Check will drift without the organisation knowing it is drifting.
Act
The acting stage responds to what Check revealed. Where the results met expectations, the relevant processes are standardised and kept in place. Where they fell short, changes are planned - new procedures, additional training, revised objectives, corrective actions against specific problems. Act feeds directly into the next round of Plan, which is what makes PDCA a cycle rather than a one-off sequence.
In ISO terms, Act is where improvement lives. It includes corrective action against non-conformities, preventive action against emerging risks, process improvements identified through audit findings and the updated objectives that come out of management review. An organisation that has a healthy Act stage is an organisation that changes based on evidence rather than opinion.
How PDCA Maps to the ISO Standards
All modern ISO management system standards are structured around PDCA. The mapping is explicit in the standards themselves and is particularly clear once the Annex SL common structure is understood:
- Plan is covered by Clause 4 (Context of the organisation), Clause 5 (Leadership) and Clause 6 (Planning). These are where the organisation understands its situation, sets its direction through policy, identifies risks and opportunities, and sets objectives.
- Do is covered by Clause 7 (Support) and Clause 8 (Operation). Support deals with the resources, competence, awareness, communication and documented information needed to make the system work. Operation is the actual production of products and services.
- Check is covered by Clause 9 (Performance evaluation). This is where monitoring, measurement, analysis, internal audit and management review all sit.
- Act is covered by Clause 10 (Improvement). Non-conformities, corrective action, continual improvement.
This is not a coincidence. ISO deliberately arranged the clauses to reflect PDCA, so that organisations implementing any management system standard are implementing PDCA as a matter of course. It is also why integrating multiple standards is practical: they all share the same cycle, and the operational activities that satisfy one standard's Plan-Do-Check-Act cycle generally satisfy the equivalent stages for the others.
PDCA Works at Multiple Levels
A common misconception is that PDCA is a single cycle running once a year. In practice, a working management system runs many PDCA cycles concurrently at different timescales.
At the strategic level, the cycle runs annually. Top management set objectives at the start of the year, the organisation executes against those objectives throughout the year, performance is measured through monitoring and internal audit, and management review closes the loop by assessing what worked and setting the objectives for the next cycle.
At the tactical level, the cycle runs project by project. A change to a product specification, the introduction of a new supplier or the implementation of a new piece of software each has its own Plan-Do-Check-Act loop, running over weeks or months.
At the operational level, the cycle runs every time something goes wrong. A customer complaint is logged and investigated (Check), a corrective action is planned (Plan), the action is implemented (Do) and its effectiveness is verified (Check again, which starts the next iteration). This is often called the short cycle and it can complete in days or hours.
A healthy management system has PDCA running at all three levels simultaneously. The strategic cycle sets direction, the tactical cycle delivers change and the operational cycle handles problems. They reinforce each other - patterns in operational corrective actions feed into tactical improvement projects, which in turn feed strategic objectives at the next management review.
PDCA in a Real Management System
A worked example makes the cycle concrete. A manufacturing company notices over several months that a particular type of customer complaint keeps recurring - orders arriving with the wrong accessories attached. The problem is not catastrophic but it is persistent.
At Check first: the pattern is identified through the customer complaints register and flagged at management review as a recurring non-conformity that is not being prevented by existing controls. The evidence is there - ten complaints in six months, all the same root cause area, growing at two per month.
At Act then Plan: management review agrees a corrective action. The planning stage defines what needs to change - a revised pick-and-pack procedure, a final check step before dispatch, updated training for the warehouse team, a measurable target of zero accessory-related complaints for three consecutive months. Responsibility is assigned to the Operations Manager. Timescale is eight weeks.
At Do: the revised procedure is written, the new check step is introduced, the training is delivered, staff begin following the updated process.
At Check again: the complaints register is monitored monthly. After eight weeks, accessory complaints have dropped to zero. After three months, the pattern has not returned. The corrective action is verified as effective.
At Act: the revised procedure is confirmed as the new standard way of working. It is added to the document register, the training is incorporated into the induction for new warehouse staff, and the issue is closed on the issues and actions register. The next management review picks up the improved performance as evidence that the system is working.
That full sequence is one PDCA cycle. A typical management system runs dozens of these in parallel at any given time, at various stages of completion.
Common PDCA Mistakes
The same problems come up repeatedly when organisations try to operate PDCA, and they all break the cycle in predictable ways.
The first is treating PDCA as linear. An organisation plans, does, checks and then stops. Without the Act stage feeding back into the next Plan, there is no cycle - just a one-off project. The management system stops improving and gradually drifts out of step with how the business actually runs.
The second is getting stuck in Plan. Planning is satisfying because it feels like progress, but plans that never get executed are not useful. Some organisations produce elaborate objectives and programmes at the start of the year that never reach the Do stage, or that are quietly dropped halfway through because the Check stage never tested whether they were still relevant.
The third is weak Check. Internal audits get done because they have to happen but findings are not analysed, patterns are not spotted and management review summarises activity rather than questioning outcomes. Without meaningful Check, there is nothing reliable to Act on, so the Act stage degrades into token gestures.
The fourth is confusing Act with repeating Do. When a process is not working, the response is often to do more of it - more inspections, more training, more supervision - rather than changing the process itself. Act should change the plan, not just intensify the execution of a plan that is not delivering.
The fifth is running PDCA only at the strategic level. An annual cycle that relies entirely on management review to identify problems is too slow to catch most issues. Operational PDCA loops - the day-to-day problem-reporting and corrective action routines - are what keep the system responsive.
The PDCA mapping onto the ISO clauses is one of those things that seems abstract until you actually trace it through a standard. ISO 9001 Clauses 4 through 10 are literally laid out in that order because ISO wanted implementers to see the cycle in the structure of the standard itself.
The biggest difference between a management system that works and one that just exists on paper is usually Check and Act. Any organisation can plan and do. The ones whose systems actually improve measure what happened and change something as a result.
We run PDCA at three timescales in our operation. There is an annual cycle that top management drive through the management review, a project cycle for anything significant we are changing, and a short cycle for day-to-day problems. The short cycle is what keeps the place running. Someone spots an issue, it gets logged, we plan a fix, we implement it, we check it worked. Sometimes that whole cycle is over in a day.
The mistake we made early on was running only the annual cycle. We would identify issues at management review but we had no way to act on them between reviews. Once we got the operational cycle working, the management review became a lot more useful because it was reviewing real trends rather than just receiving the latest bad news.
When I audit a management system I am checking whether PDCA is actually cycling or whether it has broken down at some point. The usual place it breaks is between Check and Act. I see organisations with good internal audit findings, good KPI data, good customer feedback - and then nothing happens as a result.
My key test is tracking a finding forward. I pick a non-conformity from six months ago and follow it through. Was a corrective action planned? Was it implemented? Was it verified? Did it show up in the next management review as part of the continual improvement picture? If any of those links is missing, PDCA is not really running.
This is why I always ask to see the issues and actions register alongside the management review minutes. Together they tell me whether the cycle is closing.
Practical Compliance Guidance
The IMS1 manual describes a management system built around PDCA, with Sections 1 and 2 covering Plan (context, leadership, planning), Sections 3 and 4 covering Do (support and operations), Section 5 covering Check and Act (monitoring, audit, management review and improvement). The supporting forms and registers are the tools that keep each stage of the cycle working in practice.
The alphaZ toolkits provide the full set of templates needed to operate a PDCA-based management system, bundled with IMS1. The individual forms below handle specific parts of the cycle.
| alphaZ document | How to use it |
|---|---|
| ISO 9001 Management System Toolkit | Starting point for any management system built around PDCA. Includes the IMS1 manual, core policies, procedures and registers for running the cycle end to end. |
| ISO 9001, 14001, 45001 IMS Toolkit | Extends PDCA to cover quality, environmental and health and safety together in one integrated cycle rather than three separate ones. |
| F-Q11 Company Objectives | Used in the Plan stage to set measurable objectives with assigned owners and timescales, reviewed through the cycle and refreshed at management review. |
| F-Q23 Change Review | Used to plan and document significant changes to products, services or the management system itself, covering the Plan and Act stages of a tactical PDCA loop. |
| F-Q3 Management Review | The central Check and Act tool for the strategic cycle. Contributors from across the organisation feed inputs on performance, findings and trends, and management set actions and updated objectives. |
| ER1 Issues and Actions Register | Running log of non-conformities, issues and improvement actions. Anchors the Act stage of operational PDCA cycles and feeds trend information into strategic management review. |
| F-Q16 Improvement Request | Staff-facing form for raising improvement ideas. Feeds the Plan stage of the next cycle with bottom-up observations about what could be done better. |
| F-IMS23 Opportunities and Risks Register | Strategic-level register used in the Plan stage to identify risks and opportunities the management system should address. Reviewed each cycle at management review. |
Note - all the above files can be downloaded with an alphaZ subscription.
Frequently Asked Questions
UK Legislation
No UK legislation specifically requires the Plan-Do-Check-Act cycle, but the same laws that require documented management arrangements - particularly for health and safety - effectively require organisations to plan, implement, monitor and review those arrangements. The PDCA cycle is the standard way to meet those requirements in a structured way.
- Health and Safety at Work etc. Act 1974
- Management of Health and Safety at Work Regulations 1999
- Environmental Protection Act 1990
