I dont know why I can't find my question anymore so I'll post it again.
I'm currently a student at the University of Advancing Technology, and in my current class we have been asked to research the PDCA framework and seek some input here. After reading through the PDCA methodology, it seems to me that most of the components are common sense, like not using default passwords on deployed systems and improving policies and procedures as necessary. I'm wondering if anybody here has been through the implementation of a PDCA framework for ISO-27001 certification before, and if so how many of the obvious items get more focus than needed compared to the truly important items within PDCA? Thanks in advance for any input.