ISO 28000:2007 – Specification for Security Management Systems for the Supply Chain

ISO 28000:2007 specifies the requirements for a security management system, including those aspects critical to security assurance of the supply chain. Security management is linked to many other aspects of business management. Aspects include all activities controlled or influenced by organizations that impact on supply chain security. These other aspects should be considered directly, where and when they have an impact on security management, including transporting these goods along the supply chain.

The standard’s purpose is to provide a best practice framework to reduce risks for people and cargo within the supply chain.


Scope of ISO 28000:2007

ISO 28000:2007 is applicable to all sizes of organizations, from small to multinational, in manufacturing, service, storage or transportation at any stage of the production or supply chain that wishes to:

  • Establish, implement, maintain and improve a security management system;
  • assure conformance with stated security management policy
  • Demonstrate such conformance to others;
  • Seek certification/registration of its security management system by an Accredited third party Certification Body; or
  • Make a self-determination and self-declaration of conformance with ISO 28000:2007.


Benefits of ISO 28000:2007 Standard Implementation

  • Allows security to be managed as a process so that the effectiveness of security management can be measured and improved;
  • Allows management to focus resources and efforts on areas with high-risk concerns (through a security risk assessment);
  • Allows management to benchmark its security management efforts with international standards; and
  • Demonstrates to stakeholders the commitment to enforce a systematic security management.
  • ISO 28000:2007 uses a more pragmatic approach in which the risk levels of your supply chain operations are identified. It enables your organization to perform a risk assessment with supporting management tools (i.e., document controls, key performance indicators, internal audits and training) and applies the controls in accordance with the risk involved.


The Main Clauses of ISO 28000:2007

1 Scope

2 Normative references

3 Terms and definitions

4 Security management system elements

4.1 General requirements

4.2 Security management policy

4.3 Security risk assessment and planning

4.4 Implementation and operation

4.5 Checking and corrective action

4.6 Management review and continual improvement

Annex A Correspondence between ISO 28000:2007, ISO 14001:2004 and ISO 9001:2000

Contact Us