ISO 28000 focuses on aspects critical to manage and assure supply chain security risks. This may include financing, manufacturing, information management and transportation, in-transit storage and warehousing of goods.
It specifies the aspects to help the organization to assess security threats and to manage them as they arise in their supply chain. Security Management is related to other aspects of business management. With ISO 28000, organizations can determine if appropriate security measures are in place and can protect their properties from various threats.
ISO 28000:2007 was initially developed so that organizations of varying scale could apply the standard to their supply chains of various degrees of complexity. Now, after the revison, ISO 28000:2022 can be applied beyond the supply chain to all aspects of the organization
This second edition of ISO 28000 cancelles and replaces the first edition from 2007. The primary objective of the revision was to align the standard to the Harmonized Structure (HS) laid out in the ISO Directives Annex SL Appendix 2 for ISO managements system standards in its latest version. This alignment makes the standard fully integratable and easy to use together with other managements systems standards like ISO 9001 on quality management or ISO 22301 for business continuity management.
The structure of the ISO 28000 for supply chains is organized into the following main areas:
Security Management Plan Defined
Security Management Plan Implemented
Security Management Plan Assessment and Audit
Security Management Plan Finding Communication, Recommendations, and Solution Implementations
Context of the organization
During an audit the organization needs to determine external and internal issues that are relevant to its purpose and that affect its ability to achieve the expected outcomes of its Disaster Recovery/Business Continuity Plan including defining:
The organization's activities, functions, services, products, partnerships, supply chains, relationships with interested parties, and the potential impact related to an incident
Links between the business continuity policy and the organization's objectives and other policies, including its overall risk management strategy
The level of risk the organization can assume
The needs and expectations of relevant interested parties
Legal, regulatory and other requirements to which the organization subscribes
Leadership
Top management needs to show an ongoing commitment to the Disaster Recovery/Business Continuity Processes. Through its leadership and actions, management can create an environment in which different actors are fully involved and in which the management system can operate effectively in synergy with the objectives of the organization.
Leadership responsibilities include:
Ensuring the Supply Chain Security Management System is compatible with the strategic direction of the organization
Integrating the Supply Chain Security Management System requirements into the organization's business processes
Providing the necessary resources for the Supply Chain Security Management System
Communicating the importance of effective disaster recovery and business continuity management
Ensuring that the Supply Chain Security Management System achieves its expected outcomes
Directing and supporting continual improvement
Establish and communicate a disaster recovery and business continuity policy
Ensuring that Supply Chain Security Management System objectives and plans are established
Ensuring that the responsibilities and authorities for relevant roles are assigned
Planning
This is the process were organizations shows that it has defined strategic objectives and guiding principles for the Supply Chain Security Management System as a whole. The objectives of a Supply Chain Security Management System are the expression of the intent of the organization to treat the risks identified and/or to comply with requirements of organizational needs. The planning objectives must:
Be consistent with disaster recovery and business continuity policy
Take into account the minimum level of products and services that is acceptable to the organization to achieve its objectives
Create and apply metrics
Take into account applicable requirements
Be reviewed constantly and updated as appropriate
Why is Supply Chain Security Management System important for you?
An ISO 28000 certification demonstrates that you are an asset to your organization and that you are a trustworthy expert. It enables you to help the organization in establishing a Security Management System (SMS) that ensures the sufficient management and control of security and threats, coming from logistical operations and supply chain partners. With an ISO 28000 certification, you will gain visibility in the market and you will help your organization to improve their profitability and quality.
Benefits of ISO 28000 Supply Chain Security Management System
An ISO 28000 certificate brings you many benefits:
Global recognition
Competitive advantage in the market
Enhanced reliability
Enhanced customer satisfaction
Opportunity to gain new businesses
The ability to control and manage threats within an organization
What is the ISO 28000 certification process?
There are seven steps to the process:
Application and quote
Competence analysis – identify gaps in skills and competence at the outset
Gap assessment – identify any weaknesses before the formal audit
Stage 1 audit – confirmation that implementation is on track
Stage 2 audit – confirmation that implementation is complete
Certification – share your success
Ongoing improvement – regular surveillance visits
The cost of ISO 28000 certification depends on a variety of factors. For example, whether you already have a certified management system in place, such as ISO 9001, ISO 14001 or TAPA, plays an important role. In addition, the size of your company and the complexity of the system have an influence on the duration of the audit and the price.
Certification, inspection and audit solutions focused on business optimization.
CONFIDENCE
SECURITY
FLEXIBILITY
NOTE: THIS WEBSITE DOES NOT USE COOKIES OR ANY MEANS OF VISITOR CONTROL.
