What is ISO 28000?
ISO 28000 is an international standard which addresses the requirements of a Security Management Systems (SMS) for the supply chain. It specifies the aspects to help the organization to assess security threats and to manage them as they arise in their supply chain security management is related to other aspects of business management. With ISO 28000, organizations can determine if appropriate security measures are in place and can protect their properties from various threats.
ISO 28000:2022 is a management system standard which has been developed specifically for logistics companies and organisations that manage supply chain operations. Published as a Publicly Available Specification by the International Standards Organisation in 2005, this was replaced in 2022 by the full standard, ISO 28000:2022.
ISO 28000:2022 is a management system specification for the protection of people, property, information and infrastructure; in companies and organisations participating in local, national and international supply chain operations.
ISO 28000:2022 is suitable for all sizes and types of organisations that are involved in the production of goods, manufacturing, services, storage or transportation at any stage of the products development or movement in the supply chain.
Supply chain security is an essential requirement for companies involved in the international supply chain, especially those having to comply with stronger security demands from Customs and/or their business partners.
For organisations working within, or relying on, the logistics industry, certification to the ISO 28000:2022 supply chain management standard provides a valuable framework. It will help minimise the risk of security incidents and so help provide problem-free ‘just in time’ delivery of goods and supplies.
Why is Supply Chain Security Management Systems important for you?
An ISO 28000 certification demonstrates that you are an asset to your organization and that you are a trustworthy expert. It enables you to help the organization in establishing a Security Management Systems (SMS) that ensures the sufficient management and control of security and threats, coming from logistical operations and supply chain partners. With an ISO 28000 certification, you will gain visibility in the market and you will help your organization to improve their profitability and quality.
Benefits of ISO 28000 Supply Chain Security Management Systems
An ISO 28000 certificate brings you many benefits:
- Global recognition
- Competitive advantage in the market
- Enhanced reliability
- Enhanced customer satisfaction
- Opportunity to gain new businesses
- The ability to control and manage threats within an organization
Requirements of ISO 28000
ISO 28000:2022 is a risk-based standard, similar to other management systems, integrating the management system process-based approach of Plan-Do-Check-Act (PDCA) and the requirement for continual improvement.
| Clause | Name | Coverage / Requirements |
| 4.1 | General requirements | Establishment of system structure, continual improvement, |
| 4.2 | Security management policy | Developed / acknowledged by top management |
| 4.3 | Security Risk Assessment and Planning | |
| 4.3.1 | Security Risk Assessment | Physical, operational, environmental threats and risks |
| 4.3.2 | Legal, statutory and other security regulatory requirements | Identify legal and other requirements related to organization |
| 4.3.3 | Security management objectives | Establish and document management objectives |
| 4.3.4 | Security management targets | Establish measurable, relevant targets communicated to the organization |
| 4.3.5 | Security management programmes | Establishment, documented programs |
| 4.4 | Implementation and operation | |
| 4.4.1 | Structure, authority and responsibilities for security management | Establish / appoint, organization roles, responsibilities authorities |
| 4.4.2 | Competence, training and awareness | System to ensure qualified competent personnel |
| 4.4.3 | Communication | System to communicate information to the organization |
| 4.4.4 | Documentation | Policy objectives, scopes, references, records, |
| 4.4.5 | Document and data control | Location and access, review, currency, archival |
| 4.4.6 | Operational control | Documented procedures, threat evaluation, |
| 4.4.7 | Emergency preparedness, response and security recovery | Id potential threats, develop plans, responses, |
| 4.5 | Checking and Corrective action | |
| 4.5.1 | Security performance measurement and monitoring | Qualitative, quantitative, monitoring objectives & targets, non-conformances |
| 4.5.2 | System evaluation | Review plans, procedures, incidents reports, performance evaluations |
| 4.5.3 | Security related failures, incidents, non-conformances and corrective and preventative action | Evaluating system failures, incidents, near misses, false alarms, near misses |
| 4.5.4 | Control of records | Identification, storage, protection, retrieval, retention disposal of records |
| 4.5.5 | Audit | Develop an audit program |
| 4.6 | Management review and continual improvement | Review of system by top management. |
Integrate ISO 28000 with other management systems standards
ISO 28000 is designed to be compatible with other management systems standards and specifications, such as ISO 9001, ISO 14001, ISO 45001, ISO 22000, ISO 17025, ISO 27001, and other ISO standards. They can be integrated seamlessly through integrated management systems approach. They share many principles so choosing an integrated management system can offer excellent value for money and an easier approach to implement, manage and improve multiple standards simultaneously.
How Can BSCS Help?
We provide ISO 28000 standard training and consultancy services. We offer specialized expertise and extensive practical experience to assist client in developing management systems from the initial concept to establishment and successful implementation of the management systems.
We use the following consultation approach to assist you in achieving certification:
- Identify areas requiring improvement or development within your current Management System
- Prepare a strategic action plan, in conjunction with your company personnel, to address those improvement areas and assist with the communication of these requirements to key personnel at all levels
- Provide system-related trainings for your company personnel to create awareness and provide them with the necessary knowledge and skills in the implementation of systems
- Provide assistance and advice on the development and implementation of systems, including preparation of documentation
- Advise and assist, if required, with the preparation and submission of applications to your certification body
- Assist with the development of internal auditing procedures and training
- Conduct internal audit to ensure the effective implementation of the management system prior to final audit by your certification body
- Conduct Management Review Meeting to review performance of management system and identify areas for improvement prior to final audit by your certification body