ISO 28000:2007
Supply Chain Security Management System

What is ISO 28000:2007 Supply Chain Security Management System?

ISO 28000:2007 specifies the requirements for a security management system, including those aspects critical to the security assurance of the supply chain. Security management is linked to many other parts of business management. Factors include all activities controlled or influenced by organizations that impact supply chain security.

These aspects should be considered directly, where and when they affect security management, including transporting them along the supply chain. It is an International Standard that enables organizations to establish an overall supply chain security management system. It was developed to codify security operations within the broader supply chain management system.

ISO 28000 Addresses the requirements and aspects critical to security assurance of the supply chain. It enables the Organizations to determine whether appropriate security measures are in place and protect their properties from various threats of terrorism, fraud, and piracy.

  • It is a risk-based approach to the management system.

  • Based on the ISO format adopted by ISO 14001: 2015, i.e., Environmental Management System (EMS).

  • Existing process-based management systems, e.g., ISO 9001, may be used as a foundation for the security management system.

Based on the methodology known as Plan-Do-Check-Act (PDCA)

  1. Plan: Establish the objectives and process.

  2. Do: Implement the process.

  3. Check: Monitor and measure the process.

  4. Act: Actions to continuously improve the security management system.

ISO 28000 is Suitable for all organizations that wish to:

ISO 28000:2007 applies to all sizes of organizations, from minor to multinational, in manufacturing, service, storage, or transportation at any stage of the production or supply chain that wishes to:

  • Establish, implement, maintain and improve a security management system

  • Assure conformance with the stated security management policy

  • Demonstrate such conformance to others

  • Seek certification/registration of its security management system by an Accredited third-party Certification Body, or make a self-determination and self-declaration.

Importance of ISO 28000: 2007 Supply Chain Security Management System

  • ISO 28000 Certification demonstrates that you are an asset to your organization.

  • It specifies that you are a trustworthy expert.

  • Enables an organization to establish a Security Management System (SMS), ensuring sound management and control of security and threats from supply chain partners and logistical operations.

  • With ISO 28000 Certification, organizations will gain visibility in the market, improving their profitability and quality.