ISO 28000 Supply Chain Security - Plain English Introduction

EXECUTIVE SUMMARY

ISO 28000 is a supply chain security management standard. It was
first published in 2005 as a publicly available specification (PAS).
This current version was officially published on September 15, 2007.
It cancels and replaces ISO/PAS 28000 2005. Its purpose is to help
improve the security of supply chains.

ISO 28000 can help organizations protect people, products, and
property. It can help both small organizations and multinational
corporations to improve their security.

ISO 28000 applies to any organization that is part of a local, national,
or international supply chain. And since almost all organizations belong
to a supply chain, it applies to virtually all organizations. It doesn’t matter
what size they are or what they do. ISO 28000 applies to both exporters
and importers. It applies to airports, seaports, and terminals as well as
to organizations that move products by air, sea, rail, or road. It applies
to logistics, storage, transportation, and service companies as well
as to manufacturers, shippers, wholesalers, and distributors.

ISO 28000 defines a set of security management requirements.
If your organization is part of a supply chain, ISO 28000 expects you
to establish a security management system (SMS) that complies with
these requirements. It then expects you to use this system to protect
people, products, and property.

A SMS is a network of interrelated and interacting elements that
combine to resist, fend off, or withstand unauthorized acts that are
designed to cause intentional harm or damage to a supply chain.
These elements include a security management policy as well as the
many objectives, targets, programs, procedures, plans, practices,
processes, controls, documents, records, roles, relationships,
responsibilities, authorities, and resources that are used to
implement this policy.

WHY USE ISO 28000

If you use ISO 28000 to establish and maintain a security management
system (SMS), you will improve the overall security of your supply chain
and inspire the trust of your customers. Not only can ISO 28000 help you
to preserve the integrity of your shipments and safeguard your customers’
valuable property, it can also help you to protect personnel. When properly
implemented, an ISO 28000 SMS will not only decrease disruptions and
shorten transit times, it can also help you to reduce theft and combat
smuggling, piracy, and terrorism.

Since ISO 28000 is a generic security management standard, it will
support and provide a foundation for all of your security initiatives.
Because it’s a generic security standard, it will also help you to
comply with all other national and international security programs
and requirements. An ISO 28000 SMS will help you to comply with:

• US Customs-Trade Partnership Against
Terrorism (C-TPAT) security requirements.

• World Customs Organization (WCO)
SAFE Framework security requirements.

• Safety of Life at Sea (SOLAS) security requirements.

• International Maritime Organization (IMO) International
Ship and Port Facility security requirements.

• EU Authorized Economic Operator
(AEO) security requirements.

HOW TO USE ISO 28000

If you don’t already have a supply chain security management system
(SCSMS), you can use this ISO 28000 standard to establish one. And once
you’ve established your organization’s SCSMS, you can use it to manage
and control your security risks and to improve your security performance.

However, the size and complexity of SCSMSs vary quite a bit. How far you
go is up to you. The size and complexity of your SCSMS, the extent of your
documentation, and the resources allocated to your system will depend on
many things. How you meet each of the ISO 28000 requirements, and to
what extent, depends on many factors, including:

The size of your organization
The location of your organization
The nature and size of your supply chain
The nature of your activities, products, and services
The nature of your organization’s legal obligations
The content of your organization’s security policy
The nature of your organization’s security risks
The scope of your organization’s SCSMS

ISO 28000 is designed to be used for certification purposes. In other
words, once you’ve established a supply chain security management
system (SCSMS) that meets both the ISO 28000 requirements and your
organization’s needs, you can ask a registrar (certification body) to audit
your system. If you pass the audit, your registrar will issue a certificate
that states that your SCSMS meets the ISO 28000 requirements.

While ISO 28000 is designed to be used for certification purposes, you
don’t have to become certified. You can be in compliance without being
formally registered by an accredited auditor. You can self-audit your
system and then announce to the world that your SCSMS complies with
the ISO 28000 2007 standard (assuming that it actually does). Of course,
your compliance claim may have more credibility if an independent
registrar has audited your SCSMS and agrees with your claim.

Home Page	Our Libraries	A to Z Index	Customers
How to Order	Our Products	Our Prices	Guarantee
Praxiom Research Group Limited help@praxiom.com 780-461-4514
Updated on December 2, 2013. First published on November 30, 2009.
Legal Restrictions on the Use of this Page Thank you for visiting this webpage. You are welcome to view our material as often as you wish, free of charge. And as long as you keep intact all copyright notices, you are also welcome to print or make one copy of this page for your own personal, noncommercial, home use. But, you are not legally authorized to print or produce additional copies or to copy and paste any of our material onto another web site or to republish it in any way. Copyright © 2009 - 2013 by Praxiom Research Group Limited. All Rights Reserved.