Kenneth G. Hartman bio photo

Kenneth G. Hartman

Security Consultant,  
Forensic Analyst & 
Certified SANS Instructor

Email Twitter GitHub

Continuous Improvement. Sounds good, but how do you get your team thinking in terms of continuous improvement? One methodology that I use frequently is called the “Plan-Do-Check-Act” Cycle. It takes discipline to follow this sequence and to do each step well, but the payoff is worth it!

PLAN—Prepare a written action plan that covers what you will do and how you will check the solution. Make sure to answer these questions:

  • What are the objectives?
  • What measurements should we use to determine that we achieved our objectives?
  • What tasks are required?
  • What should we not do as part of this initiative?
  • Do we need more information?

DO—Work the plan. Start with a pilot project or test case. Communicate issues and learning. Revise the written plan if needed, but resist “scope creep” (i.e., enlarging the project). Experiment and imagine the possibilities along the way, but save new ideas for the next Plan-Do-Check-Act iteration.

CHECK—Test your solution per the written action plan, but test creatively as well. Determine what “breaks” your solution. Have the actual stakeholders try it out. Capture what you learn in writing. Determine what must be fixed now and what should be saved for the next Plan-Do-Check-Act cycle.

ACT—Communicate and “sell” the forthcoming changes. Train the stakeholders on what is new. Implement the solution and monitor the effectiveness of the solution. Be alert for issues that affect successful implementation and make adjustments. Note additional opportunities for the next Plan-Do-Check-Act cycle.

This is a called a cycle because it is most effective when repeated continuously, with the learning and experience gained from the previous iteration incorporated into the planning phase of the current sequence. For additional information, check out