The Do step in the PDCA cycle implements the previous selected controls to meet the control
objectives. According to the ISO 22301 Auditing eBook, the Do step involves implementing and
operating the business continuity policy, controls, processes, and procedures that have been planned
in the previous step. The Do step also includes establishing the necessary resources, competencies,
awareness, communication, and documentation to support the effective operation of the business
continuity management system (BCMS). The Do step aims to ensure that the organization is prepared
to respond to and recover from disruptive incidents in a timely and effective manner. Reference: ISO
22301 Auditing eBook, pages 9, 10, 11, 22, 23, and 24.
