The Plan-Do-Check-Act (PDCA) process originates from quality assurance in production environments, but has for some years also been a requirement in the ISMS standard ISO 27001 (ISMS = Information Security Management System).
If you look at the new ISO 27001, published in late 2013, you may notice that it no longer includes a specific requirement for a PDCA process. Although it does include headlines such as Planning, Operation, Performance Evaluation, and Improvement, which are admittedly very close to PDCA, your company can now follow the new ISO 27001 without having an actual PDCA process.
But there is a clear requirement that you continuously improve your ISMS, as stated in the standard: "the organisation shall establish, implement, maintain and continually improve the ISMS".
In general, the new ISO 27001 introduces greater flexibility in selecting methods and forms than the previous version. A good example of this flexibility is the requirement for continuous improvement. You can choose to use PDCA - or another method - as your way of continuously improving your ISMS.
My recommendation is that you only use PDCA to the extent that it makes sense to you. There are many other ways of ensuring ongoing improvement. Start with something as simple as having (or getting) an overview of your ISMS tasks. Since information security applies to most, if not all, of your business processes, it involves a number of people. If you want to improve your information security, you need to maintain a continuous overview of the security and compliance tasks assigned to people, and monitor whether they are carried out.