ISO 28000
is an international supply chain security
management standard. Use our ISO
28000 audit tool to comply with the
standard and to improve the |
ISO 28000 2007 SUPPLY CHAIN SECURITY AUDIT TOOL TABLE OF CONTENTS (TITLE 81) |
||
PART |
INTRODUCTION |
PAGE |
1 |
Overview of Supply Chain Security Audit |
3 |
2 |
Profile of Supply Chain Security Audit |
7 |
3 |
Summary of Supply Chain Security Audit |
8 |
4 |
SUPPLY CHAIN SECURITY AUDIT QUESTIONNAIRES |
9 |
4.1 |
General Supply Chain Security Audit Questionnaire |
9 |
4.2 |
Supply Chain Security Policy Audit Questionnaire |
11 |
4.3 |
Supply Chain Security Planning Audit Questionnaire |
|
4.4 |
Supply Chain Security Implementation Audit Questionnaire |
28 |
4.5 |
Supply Chain Security Checking Audit Questionnaire |
45 |
4.6 |
Supply Chain Security Review Audit Questionnaire |
61 |
5 |
SUPPLY CHAIN SECURITY IMPROVEMENT PLANS |
64 |
5.1 |
General Supply Chain Security Improvement Plan |
64 |
5.2 |
Supply Chain Security Policy Improvement Plan |
65 |
5.3 |
Supply Chain Security Planning Improvement Plan |
66 |
5.4 |
Supply Chain Security Implementation Improvement Plan |
67 |
5.5 |
Supply Chain Security Checking Improvement Plan |
68 |
5.6 |
Supply Chain Security Review Improvement Plan |
69 |
6 |
LICENSE AGREEMENT AND CONTACT INFORMATION |
70 |
NOV 2009 |
COPYRIGHT © 2009 BY PRAXIOM RESEARCH GROUP LIMITED |
VER 1.0 |
Security Audit Profile |
Before you start your audit,
you will be asked to fill out a one page form |
Security Audit Methodology |
Our
audit tool uses questions to list the six sets of
supply chain 4.1
General Supply Chain Security Audit Questionnaire Our
audit questionnaires start with Part 4.1 because the
For each audit question, two
answers are possible: YES or NO. A YES Once you’ve completed our
compliance audit questionnaires, study In most cases, remedial actions
can be formulated by simply turning |
Security Audit Questionnaires |
As previously
mentioned, the ISO 28000 requirements are presented
in In addition, we
have used paragraph indents to distinguish between |
Security Audit Scores |
Once you’ve
answered all the audit questions and prepared your This is how it
works. For each section of the audit (4.1 to 4.6),
count |
The
following example will show you what our
ISO 28000 Supply Chain
Security Audit Tool looks like.
ISO 28000 2007 SUPPLY CHAIN SECURITY AUDIT TOOL PART 4.3 SUPPLY CHAIN SECURITY PLANNING AUDIT QUESTIONNAIRE |
4.3.1 ANALYZE SECURITY THREATS AND SELECT CONTROLS |
|||||||||
IDENTIFY SECURITY THREATS AND ASSESS YOUR RISKS |
|||||||||
1 |
Did you define a methodology
to identify |
YES |
NO |
|
|
||||
2 |
|
Did you define the
scope of |
YES |
NO |
|
|
|||
3 |
|
Did you define the
nature of |
YES |
NO |
|
|
|||
4 |
|
|
Can your methodology be
used to collect |
YES |
NO |
|
|
||
5 |
|
|
Can your methodology be
used |
YES |
NO |
|
|
||
6 |
|
|
Can your methodology be
used |
YES |
NO |
|
|
||
7 |
|
Can your methodology be
used |
YES |
NO |
|
|
|||
8 |
|
Can your methodology be
used |
YES |
NO |
|
|
|||
9 |
Can your methodology be
used to monitor the |
YES |
NO |
|
|
||||
10 |
Did you define the
timing of |
YES |
NO |
|
|
||||
11 |
|
Is your methodology
future oriented |
YES |
NO |
|
|
|||
12 |
Did you establish procedures
to identify |
YES |
NO |
|
|
||||
13 |
|
Do your risk assessment
procedures reflect |
YES |
NO |
|
|
|||
14 |
|
Do your risk assessment
procedures consider |
YES |
NO |
|
|
|||
15 |
|
Do your risk assessment
procedures consider |
YES |
NO |
|
|
|||
16 |
Do you use your
security risk assessment methods |
YES |
NO |
|
|
||||
17 |
Do you consider physical failure threats and risks? |
YES |
NO |
|
|
||||
18 |
Do you consider functional failures? |
YES |
NO |
|
|
||||
19 |
|
Do you consider
functional failures |
YES |
NO |
|
|
|||
20 |
|
Do you consider the
likelihood that functional |
YES |
NO |
|
|
|||
21 |
Do you consider incidental damage? |
YES |
NO |
|
|
||||
22 |
|
Do you consider
incidental damage |
YES |
NO |
|
|
|||
23 |
Do you consider the
likelihood that incidental |
YES |
NO |
|
|
||||
24 |
Do you consider malicious damage? |
YES |
NO |
|
|
||||
25 |
|
Do you consider
malicious damage |
YES |
NO |
|
|
|||
26 |
|
Do you consider the
likelihood that malicious |
YES |
NO |
|
|
|||
27 |
Do you consider terrorist action? |
YES |
NO |
|
|
||||
28 |
|
Do you consider
terrorist action |
YES |
NO |
|
|
|||
29 |
|
Do you consider the
likelihood that terrorist |
YES |
NO |
|
|
|||
30 |
Do you consider criminal behavior? |
YES |
NO |
|
|
||||
31 |
|
Do you consider
criminal behavior |
YES |
NO |
|
|
|||
32 |
|
Do you consider the
likelihood that criminal |
YES |
NO |
|
|
|||
33 |
Do you consider
operational |
YES |
NO |
|
|
||||
34 |
Do you consider
operational threats and |
YES |
NO |
|
|
||||
35 |
|
Do you consider the
failure to control |
YES |
NO |
|
|
|||
36 |
Do you consider the
impact that |
YES |
NO |
|
|
||||
37 |
Do you consider the
likelihood |
YES |
NO |
|
|
||||
38 |
|
Do you consider the
human factors |
YES |
NO |
|
|
|||
39 |
Do you consider the
impact that |
YES |
NO |
|
|
||||
40 |
Do you consider the
likelihood that |
YES |
NO |
|
|
||||
41 |
Do you consider natural
environmental |
YES |
NO |
|
|
||||
42 |
Do you consider natural
events which |
YES |
NO |
|
|
||||
43 |
|
Do you consider the
impact that natural |
YES |
NO |
|
|
|||
44 |
Do you consider the
impact that |
YES |
NO |
|
|
||||
45 |
|
Do you consider the
likelihood that |
YES |
NO |
|
|
|||
46 |
Do you consider the
likelihood that |
YES |
NO |
|
|
||||
47 |
Do you consider
security risk factors and failures |
YES |
NO |
|
|
||||
48 |
Do you consider
externally supplied |
YES |
NO |
|
|
||||
49 |
|
Do you consider the
impact that externally |
YES |
NO |
|
|
|||
50 |
|
Do you consider the
likelihood that |
YES |
NO |
|
|
|||
51 |
Do you consider
externally supplied |
YES |
NO |
|
|
||||
52 |
|
Do you consider the
impact that externally |
YES |
NO |
|
|
|||
53 |
|
Do you consider the
likelihood that externally |
YES |
NO |
|
|
|||
54 |
Do you consider
stakeholder |
YES |
NO |
|
|
||||
55 |
Do you consider
stakeholders’ failure |
YES |
NO |
|
|
||||
56 |
|
Do you consider the
impact that stakeholder |
YES |
NO |
|
|
|||
57 |
|
Do you consider the
likelihood that stakeholders |
YES |
NO |
|
|
|||
58 |
Do you consider how
stakeholders’ could damage |
YES |
NO |
|
|
||||
59 |
Do you consider the
impact that stakeholders |
YES |
NO |
|
|
||||
60 |
|
Do you consider the
likelihood that stakeholders |
YES |
NO |
|
|
|||
61 |
Do you consider security equipment risks and failures? |
YES |
NO |
|
|
||||
62 |
Do you consider security equipment design defects? |
YES |
NO |
|
|
||||
63 |
|
Do you consider the
impact that equipment |
YES |
NO |
|
|
|||
64 |
|
Do you consider the
likelihood |
YES |
NO |
|
|
|||
65 |
Do you consider
security equipment |
YES |
NO |
|
|
||||
66 |
|
Do you consider the
impact |
YES |
NO |
|
|
|||
67 |
|
Do you consider the
likelihood |
YES |
NO |
|
|
|||
68 |
Do you consider
security equipment |
YES |
NO |
|
|
||||
69 |
|
Do you consider the
impact |
YES |
NO |
|
|
|||
70 |
|
Do you consider the
likelihood |
YES |
NO |
|
|
|||
71 |
Do you consider
security equipment |
YES |
NO |
|
|
||||
72 |
|
Do you consider the
impact |
YES |
NO |
|
|
|||
73 |
|
Do you consider the
likelihood |
YES |
NO |
|
|
|||
74 |
Do you consider
information, data management, |
YES |
NO |
|
|
||||
75 |
Do you consider the
impact that information, |
YES |
NO |
|
|
||||
76 |
Do you consider the
likelihood that information, |
YES |
NO |
|
|
||||
77 |
Do you consider threats
to the continuity |
YES |
NO |
|
|
||||
78 |
Do you consider the
impact that |
YES |
NO |
|
|
||||
79 |
Do you consider the
likelihood that |
YES |
NO |
|
|
||||
80 |
Etcetera ... |
YES |
NO |
|
|
![]() |
Now that you know what our
supply chain security |
||
Praxiom Research Group Limited help@praxiom.com 780-461-4514 |
|||
Updated on May 16, 2016. First published on November 30, 2009. |
|||
Legal Restrictions on
the Use of this Page
Copyright © 2009 - 2016 by Praxiom Research Group Limited. All Rights Reserved. |