ISO 28000 2007 Supply Chain Security Standard in Plain English

ISO 28000 is a supply chain security management standard. Use it to
establish your supply chain security management system (SCSMS).

This page presents a preview of ISO 28000. It does not present the entire plain
English standard. If you need the complete detailed standard, please consider
purchasing our ISO 28000 2007 Translated into Plain English (Title 80).

ISO 28000 defines a set of supply chain security management system
requirements. These requirements are listed in sections 4.1 to 4.6.
Therefore, the following ISO 28000 material starts with section 4.1.

4.1
General Security Requirements

Establish an effective security management system (SMS).
Define the scope of your security management system.

4.2
Security Policy Requirements

Authorize the establishment of a security management policy.
Document your organization's security management policy.
Implement your organization’s security management policy.
Maintain your organization’s security management policy.

4.3
Security Planning Requirements

4.3.1 Analyze Security Threats and Select Controls

Identify security threats and assess your risks.
- Define a methodology to identify your organization's
  supply chain security threats and assess its security risks.
- Establish procedures to identify threats and assess risks.
- Use your security risk assessment methods and
  procedures to identify threats and assess risks.
Identify security management control measures.
- Establish procedures to identify and implement
  supply chain security management control measures.
- Use your procedures to identify supply chain
  security management control measures.
- Use your procedures to implement your supply
  chain security management control measures.

	4.3.2 Respect Legal and Other Security Requirements
	Establish procedures to manage the legal, statutory, and regulatory security requirements that you subscribe to. Communicate information about all relevant, legal, statutory, and regulatory security management requirements.

	4.3.3 Set Security Management Objectives
	Establish security management objectives. Document security management objectives. Implement security management objectives. Maintain security management objectives.

	4.3.4 Specify Security Management Targets
	Establish security management targets. Implement security management targets. Maintain security management targets.

	4.3.5 Develop Security Management Programs
	Establish security programs to achieve objectives and targets. Implement your organization's security management programs. Maintain your organization's security management programs.

4.4 Security Implementation Requirements	4.4.1 Create a Security Management Structure
	Establish a security management structure of roles, responsibilities, and authorities for your organization. Communicate security management roles, responsibilities, and authorities to those who must implement and maintain your SMS. Demonstrate a commitment to the development, implementation, and continual improvement of your organization's SMS.

	4.4.2 Ensure Competence and Provide Security Training
	Make sure that personnel responsible for security are suitably qualified. Establish procedures to make people who work for you, or on your behalf, aware of your SMS. Keep records of competence and training.

	4.4.3 Develop Security Communication Procedures
	Establish procedures to ensure that pertinent security information is communicated.

	4.4.4 Establish SMS Documents and Records
	Establish and maintain a security management documentation system for your organization. Establish the security sensitivity of information before you consider giving people access to it.

	4.4.5 Control your SMS Documents and Data
	Establish procedures to control the documents, data, and information required by ISO 28000. Maintain your organization's SMS document, data, and information control procedures.

	4.4.6 Implement Operational SMS Control Measures
	Identify the security activities and operations that your organization needs to carry out. Carry out your security activities and operations under specified conditions. Consider your security threats and risks before you decide to revise your current arrangements or implement new ones.

	4.4.7 Prepare Emergency SMS Plans and Procedures
	Prepare appropriate emergency preparedness plans and procedures to deal with security threats, incidents, breaches, and emergencies. Prepare appropriate plans and procedures to respond to security incidents and emergencies. Prepare appropriate security recovery plans and procedures.

4.5 Security Checking Requirements	4.5.1 Monitor and Measure Security Performance
	Establish procedures to monitor and measure security. Use your procedures to monitor and measure security. Maintain supply chain security management records.

	4.5.2 Evaluate your Security Management System (SMS)
	Evaluate supply chain security management plans. Evaluate supply chain security management procedures. Evaluate supply chain security management capabilities. Evaluate compliance with regulations and best practices. Evaluate conformance with security policy and objectives.

	4.5.3 Investigate Security Incidents and Take Action
	Establish security response procedures. Implement your security response procedures. Maintain your security response procedures.

	4.5.4 Control your Security Management Records
	Establish your organization's security management records. Establish procedures to control security management records.

	4.5.5 Audit your Security Management System (SMS)
	Establish a security management audit program. Establish security management audit procedures.

4.6
Security Review Requirements

Review your SMS by examining inputs.
Assess the results of your management reviews.
Generate management review outputs.

This page presents a preview of ISO 28000 2007.
It highlights the main points. It does not present detail.
If you need the complete version, please purchase our
Title 80: ISO 28000 2007 Translated into Plain English.
Our plain English ISO 28000 product is 77 pages long.

Check out our TItle 80 Table of Contents
Check our Prices. Place an Order
Check our License Agreement.

Our Title 80 provides a detailed, accurate, and complete
interpretation of ISO 28000 2007. It uses language that is
clear, precise, and easy to understand. We guarantee it!

Title 80 can be delivered to you as an email attachment.

Home Page	Our Libraries	A to Z Index	Our Customers
How to Order	Our Products	Our Prices	Our Guarantee
PRAXIOM RESEARCH GROUP LIMITED 9619 - 100A Street, Edmonton, Alberta, T5K 0V7, Canada Telephone: 780-461-4514 - Email: info@praxiom.com
Updated on January 1, 2012. First published on November 30, 2009.

Disclaimer and Limitation of Liability
The publisher and authors have used their best efforts in designing and
developing this electronic publication. We make no representation or warranties
with respect to accuracy or completeness of the contents of this publication and
specifically disclaim any implied warranties or merchantability or fitness for any
particular purpose and shall in no event be liable for any loss of profit or any
other commercial damage, including but not limited to special, incidental,
consequential, or other damages.

Legal Restrictions on the Use of this Page
Thank you for visiting this page. You are, of course, welcome to view our
material as often as you wish, free of charge. And as long as you keep intact
all copyright notices, you are also welcome to print or make one copy of this
page for your own personal, noncommercial, home use. But, you are not
legally authorized to print or produce additional copies or to copy and paste
any of our material onto another web site or to republish it in any way.