Huang Ji-Yen
Senior Consultant Sapience Consulting
As a trusted leader in professional development, Sapience empowers you to invest in your future.
Don’t wait – Explore our available funding and leverage our expertise to upskill without financial strain.
Back To Basics...PDCA:
The Foundational Cycle
of IT Best Practices
5 AUGUST 2025
Do you appear to be not bad at some hobby that you truly enjoy? Whatever it is, badminton, bridge, painting, baking … etc. Have you ever wondered what would happen if you could take it seriously? A friend from uni-time is doing just that! He decided to take a 1-year mid-career break from an IT managerial role (he is in his 40s) and dedicated to … foosball! (aka table football, table soccer)
I met up with him recently. It has been nearly a year since his sabbatical began. To recount his achievements, he is in the Canadian National Team, he has competed over 20 tournaments across North America and Europe (according to him, Germany is the hot spot) and his world rankings are about 100 across singles, doubles and combined (honestly, I had no idea the scale and degree of seriousness of the foosball prior to our meet-up).
I casually asked him, What strikes you the most about the past year? He replied with a sombre expression, Back to basics! I practice every single day for an hour or 2 to bring the ball as SLOWLY as possible with a figure across the table. I only appreciate the basic movement after 20/30-year of highly-intensed fast plays.
This reminds me of martial arts masters starting the day with squatting and Olympic swimmers starting with kicking drills.
Back to Information Technology, I reflect on the topics that I cover – Cybersecurity, Risk Management, Service Management, SDLC (software development lifecycle), Project Management, Governance… etc. I often share with customers, if you see a cyclic diagram, you see PDCA (plan-do-check-act) in it. I’d say PDCA is indeed the ‘basic’ of a lot of best practices.
- Plan – Establish objectives and processes required to deliver the desired results.
What is the problem we try to solve? Who is going to what? When are we going to do everything? How are we putting things together? The degree of planning depth and formality definitely varies according to the scale of initiative. - Do – Carry out the objectives from the previous step.
Mobilise people, process, products and partner to follow the plan. - Check – The data and results gathered from the do phase are evaluated. Data is compared to the expected outcomes to see any similarities and differences. Possibly, weekly, biweekly or monthly, we gather updates about the initiative. In the meantime, we also consider macro-factors around it, e.g. organisational priorities, stakeholder input, any changes that impact us …etc.
- Act – Records from the “do” and “check” phases help identify issues, problems, non-conformities, opportunities for improvement, inefficiencies, etc. Adjust accordingly.
Adjust the course of action, carry on, or, wrap it up, if we meet the conditions (including early termination scenarios).
Cycles
PDCA | NIST Cybersecurity Framework 2.0 |
|---|---|
| Plan | GOVERN – Provide outcomes to inform what an organisation may do to achieve and prioritise the outcomes. |
| Do | IDENTIFY – Understanding the organisation’s assets (e.g., data, hardware, software, systems, facilities, services, people), suppliers, and related cybersecurity risks enables an organisation to prioritise its efforts. PROTECT – support the ability to secure those assets to prevent or lower the likelihood and impact of adverse cybersecurity events. |
| Check | DETECT – enable the timely discovery and analysis of anomalies, indicators of compromise, and other potentially adverse events. |
| Act | RESPOND – support the ability to contain the effects of cybersecurity incidents. RECOVER – support the timely restoration of normal operations. |
PDCA | NIST Cybersecurity Framework 2.0 |
|---|---|
| Plan | PREPARE – Establishing a context and priorities for managing security and privacy risk. CATEGORISE the system and the information processed, stored, and transmitted by the system based on an analysis of the impact of loss. |
| Do | IMPLEMENT the controls and describe how the controls are employed within the system and its environment of operation. |
| Check | ASSESS the controls to determine if the controls are implemented correctly, operating as intended, and producing the desired outcomes. |
| Act | AUTHORISE the system or common controls based on a determination that the risk to organisational operations and assets, individuals, other organisations, and the Nation is acceptable. MONITOR the system and the associated controls on an ongoing basis to include assessing control effectiveness, documenting changes to the system and environment of operation, conducting risk assessments and impact analyses, and reporting the security and privacy posture of the system. |
PDCA | ITIL Continual Service Improvement Model |
|---|---|
| Plan | What is the vision? Figure out business vision, mission, goals and objectives. Where are we now? Perform baseline assessments. Where do we want to be? Define measurable targets. How do we get there? Define the improvement plan. |
| Do | Take action – Execute improvement actions. |
| Check | Did we get there? Evaluate metrics and KPI’s. |
| Act | How do we keep the momentum going? Determine next course of action. |
PDCA | ITIL Continual Service Improvement Model |
|---|---|
| Plan | Requirements gathering and analysis – understand the client’s requirements and objectives. Planning and design – outline the development roadmap, including timelines, resource allocation, and deliverables. |
| Do | Development – code. |
| Check | Testing and quality assurance – ensure the software’s reliability, performance, and security, rigorous testing and quality assurance (QA) processes are carried out. |
| Act | Deployment and implementation – go live Maintenance and support – address any issues, enhance performance, and incorporate future enhancements. |
The PDCA concept is definitely applicable to the world of Agile and Governance as well. I often repeat ‘Agile is a series of mini lightweight SDLC, in principle.’ (I cannot recall where I heard this from.)
Highlighting the common fundamental elements (PDCA) across various frameworks is to emphasize the cyclical nature of the best practice adoption (continual improvement ! see another mention here) and not to dismiss the variation and uniqueness each framework presents itself.
The world is changing at a lightspeed pace. Often, we feel as soon as a plan is drawn up, the next moment something would come up to invalidate it. However, spearing ahead without a plan (at least high-level or rough order) is not wise, either. Adjusting the Plan-Do-Check-Act cycle to cope with changes and realign with the goals has remained the true north.
Epilogue
As the foosball friend is approaching the end of his 1-year break (at the moment of writing this piece), he has not yet decided if he’d return to work. He is actively participating in the federation level to bring up the viewership and commerciality, coaching the uprising players, (potentially) working on a e-foosball (virtual reality) game, and practicing the basics everyday.!
The Future of SRE?The Future of SRE?The Future of SRE?The Future of SRE?
Lorem ipsum dolor sit amet consectetur. Diam fermentum aliquam consequat duis id aenean sagittis egestas. Lorem ipsum dolor sit amet consectetur. Diam fermentum aliquam consequat duis id aenean sagittis egestas.
Lorem ipsum dolor sit amet consectetur. Diam fermentum aliquam consequat duis id aenean sagittis egestas. Lorem ipsum dolor sit amet consectetur. Diam fermentum aliquam consequat duis id aenean sagittis egestas.
Lorem ipsum dolor sit amet consectetur. Diam fermentum aliquam consequat duis id aenean sagittis egestas. Lorem ipsum dolor sit amet consectetur. Diam fermentum aliquam consequat duis id aenean sagittis egestas.
The Future of SRE?The Future of SRE?The Future of SRE?The Future of SRE?
Lorem ipsum dolor sit amet consectetur. Diam fermentum aliquam consequat duis id aenean sagittis egestas. Lorem ipsum dolor sit amet consectetur. Diam fermentum aliquam consequat duis id aenean sagittis egestas.
The Future of SRE?The Future of SRE?The Future of SRE?The Future of SRE?
Lorem ipsum dolor sit amet consectetur. Diam fermentum aliquam consequat duis id aenean sagittis egestas. Lorem ipsum dolor sit amet consectetur. Diam fermentum aliquam consequat duis id aenean sagittis egestas.
Governance & Service Management
