ISO 28000 2007 SUPPLY CHAIN

SECURITY MANAGEMENT SYSTEM DEVELOPMENT PLAN

Praxiom Research Group Limited

The following material presents a brief Supply Chain Security Management
System (SCSMS) Development Plan. It summarizes the general approach
you would take to develop your own SCSMS. It uses a PDCA approach and
is taken directly from our plain English version of the standard. If you use
our Plain English ISO 28000 Standard to develop your organization’s
SCSMS, you will automatically take the following steps:

  1. Define the scope of your organization’s SCSMS.
  2. Define your organization’s security management policy.
  3. Develop a methodology to identify threats and assess risks.
  4. Establish procedures to identify threats and assess risks.
  5. Identify your organization’s threats and assess your risks.
  6. Establish procedures to identify and select security controls.
  7. Select and implement your security control measures.
  8. Respect legal, statutory, and regulatory requirements.
  9. Establish your organization’s security objectives.
  10. Establish your organization’s security targets.
  11. Establish programs to achieve objectives and targets.
  12. Establish security management roles and responsibilities.
  13. Appoint a member of top management to manage security.
  14. Ensure the competence of those who influence security.
  15. Establish security training and awareness procedures.
  16. Implement security training and awareness procedures.
  17. Establish procedures to manage security communications.
  18. Establish a security management documentation system.
  19. Control your organization’s security documents and data.
  20. Implement operational security control measures.
  21. Establish emergency SCSMS plans and procedures.
  22. Monitor and measure your security performance.
  23. Maintain a record of monitoring and measuring activities.
  24. Evaluate your SCSMS plans, procedures, and capabilities.
  25. Investigate security incidents and take remedial action.
  26. Control your organization’s security management records.
  27. Perform regular audits of your organization’s SCSMS.
  28. Review your SCSMS at planned intervals.
  29. Update and improve your SCSMS.

OTHER ISO 28000 PAGES

Introduction to ISO 28000 Supply Chain Security

Plain English Supply Chain Security Management Definitions

ISO 28000 Security Standard Translated into Plain English

Supply Chain Security Management Audit Tool

How to Carry out a Security Gap Analysis

Home Page

Our Libraries

A to Z Index

Our Customers

How to Order

Our Products

Our Prices

Our Guarantee

PRAXIOM RESEARCH GROUP LIMITED
9619 - 100A Street, Edmonton, Alberta, T5K 0V7, Canada
Telephone: 780-461-4514 - Email: info@praxiom.com

Updated on January 1, 2012. First published on November 30, 2009.

Legal Restrictions on the Use of this Page
Thank you for visiting this page. You are, of course, welcome to view our
 material as often as you wish, free of charge. And as long as you keep intact
 all copyright notices, you are also welcome to print or make one copy of this
 page for your own personal, noncommercial, home use. But, you are not
 legally authorized to print or produce additional copies or to copy and paste
 any of our material onto another web site or to republish it in any way.

Copyright © 2009 - 2012 by Praxiom Research Group Limited. All Rights Reserved.

Praxiom Research