Which of the following activities is NOT performed in the Check phase?

The Check phase of the Plan-Do-Check-Act (PDCA) model focuses on assessing the performance of the Information Security Management System (ISMS) and ensuring that it is meeting predetermined objectives and requirements. This phase involves activities like regular monitoring and measuring, conducting internal audits, and management reviews, all of which aim to evaluate the effectiveness of security controls and identify areas for improvement.

Setting risk management objectives, however, is typically an activity performed in the Plan phase. During this phase, organizations establish their risk management framework, define objectives to manage those risks, and outline their approaches to achieve these aims. In contrast, the Check phase concentrates on evaluating and analyzing the results of implemented actions against these objectives rather than formulating them. Understanding this distinction is vital for correctly applying the PDCA cycle within the context of ISO 27001.