Specification for security management systems for the supply chain
Certification Services from Euro Veritas, UK (www.euroveritas.com) accreditated from BAR-UK
As per Procedure Scheme No. EVL/SMS-SC/C-A/3640/C-4
ISO 28000:2007 is an International Standard which gives out the requirements for a security management system, including those aspects critical to security assurance of the supply chain. Security management is linked to many characteristics of business management. Characteristics shall include all activities controlled or influenced by organizations that impact on supply chain security. Other factors also need to be considered directly, where and when they have an impact on security management, including transporting these goods along the supply chain.
ISO 28000:2007 is applicable to all sizes of organizations, from small to multinational, manufacturing, service industry, warehousing / storage or transportation and is applicable at any stage of the production or supply chain that wishes to:
a) establish, implement, maintain and improve a security management system;
b) assure conformance with stated security management policy;
c) demonstrate such conformance to others;
d) seek certification/registration of its security management system by an Accredited 3rd Party Certification Body eg. Euro Veritas, UK (www.euroveritas.com) accreditated from BAR-UK- as per Procedure Scheme No. EVL/SMS-SC/C-A/3640/C-4; or
e) make a self-determination and self-declaration of conformance with ISO 28000:2007.
There are various legislative and regulatory codes that address some of the requirements in ISO 28000:2007. These may be mandatory based on legislative national requirements.
ISO 28000:2007 has been developed and adopted by Euro Veritas, UK (www.euroveritas.com) accreditated from BAR-UK- as per Procedure Scheme No. EVL/SMS-SC/C-A/3640/C-4 to codify operations of security within the broader supply chain management system. The PDCA management systems structure was adopted in developing ISO 28000:2007 to bring the elements of this standard in congruence with related standards such as ISO 9001 and ISO 14001.
The standard Iso 28000:2007 specifies requirements for a security management system, including those aspects crucial to security assurance of the supply chain.
ISO 28000:2007 standard has these main clauses:
1. Scope
2. Normative references
3. Terms and definitions
4. Security management system elements
• General requirements
• Security management policy
• Security risk assessment and planning
• Implementation and operation
• Checking and corrective action
• Management review and continual improvement
Benefits
Adopting the ISO 28000 has broad strategic, organizational and operational benefits that are realized throughout supply chains and business practices.
Benefits include, but are not limited to:
• Integrated enterprise resilience
• Systematised management practices
• Enhanced credibility and brand recognition
• Aligned terminology and conceptual usage
• Improved supply chain performance
• Benchmarking against internationally recognizable criteria
• Greater compliance processes
Improved risk management integration
The development of this international standard addressing security risk management improves the broader interface with existing enterprise risk management in a common integrated platform. This integrated approach to risk management is often employed to better coordinate cross functional risk management mechanisms, improve performance measurement, ensure continual improvement and reducing misalignment of risk management objectives between silos
Related standards
ISO 28000 is the first of a series of ISO security management standards including:
• ISO 28001:2007 Security management systems for the supply chain – Best practices for implementing supply chain security, assessments and plans – Requirements and guidance
• ISO 28002:2011 Security management systems for the supply chain – Development of resilience in the supply chain – Requirements with guidance for use
• ISO 28003:2007 Security management systems for the supply chain – Requirements for bodies providing audit and certification of supply chain security management systems
• ISO 28004 Security management systems for the supply chain – Guidelines for the implementation of ISO 28000
• ISO 28004-1:2007 Part 1: General principles
• ISO 28004-2:2014 Part 2: Guidelines for adopting ISO 28000 for use in medium and small seaport operations[14]
• ISO 28004-3:2014 Part 3: Additional specific guidance for adopting ISO 28000 for use by medium and small businesses (other than marine ports)
• ISO 28004-4:2014 Part 4: Additional specific guidance on implementing ISO 28000 if compliance with ISO 28001 is a management objective
• ISO 28005 Security management systems for the supply chain – Electronic port clearance (EPC)
• ISO 28005-1:2013 Part 1: Message structures
• ISO 28005-2:2011 Part 2: Core data elements
Benefits of certification to ISO 28000 Supply Chain Security Management System- An ISO 28000 certificate from Euro Veritas, UK (www.euroveritas.com) accreditated from BAR-UK- as per Procedure Scheme No. EVL/SMS-SC/C-A/3640/C-4 brings you many benefits:
• Global recognition
• Competitive advantage in the market
• Enhanced reliability
• Enhanced customer satisfaction
• Opportunity to gain new businesses
• The ability to control and manage threats within an organization
