ISO 28000 2007 Supply Chain Security Management System Development Plan

The following material presents a brief Supply Chain Security Management
(SCSMS) Development Plan
. It summarizes the general approach
you would take to develop your own SCSMS. It uses a PDCA approach and
is taken directly from our plain English version of the standard. If you use
our Plain English ISO 28000 Standard to develop your organizationís
SCSMS, you will automatically take the following steps:

  1. Define the scope of your organizationís SCSMS.
  2. Define your organizationís security management policy.
  3. Develop a methodology to identify threats and assess risks.
  4. Establish procedures to identify threats and assess risks.
  5. Identify your organizationís threats and assess your risks.
  6. Establish procedures to identify and select security controls.
  7. Select and implement your security control measures.
  8. Respect legal, statutory, and regulatory requirements.
  9. Establish your organizationís security objectives.
  10. Establish your organizationís security targets.
  11. Establish programs to achieve objectives and targets.
  12. Establish security management roles and responsibilities.
  13. Appoint a member of top management to manage security.
  14. Ensure the competence of those who influence security.
  15. Establish security training and awareness procedures.
  16. Implement security training and awareness procedures.
  17. Establish procedures to manage security communications.
  18. Establish a security management documentation system.
  19. Control your organizationís security documents and data.
  20. Implement operational security control measures.
  21. Establish emergency SCSMS plans and procedures.
  22. Monitor and measure your security performance.
  23. Maintain a record of monitoring and measuring activities.
  24. Evaluate your SCSMS plans, procedures, and capabilities.
  25. Investigate security incidents and take remedial action.
  26. Control your organizationís security management records.
  27. Perform regular audits of your organizationís SCSMS.
  28. Review your SCSMS at planned intervals.
  29. Update and improve your SCSMS.


Introduction to Supply Chain SecuritY Standard

Plain English Supply Chain Security Management Definitions

ISO 28000 Security Standard Translated into Plain English

Supply Chain Security Management Audit Tool

How to Carry out a Security Gap Analysis

Home Page

Our Libraries

A to Z Index


How to Order

Our Products

Our Prices


Praxiom Research Group Limited      780-461-4514

Updated on December 2, 2013. First published on November 30, 2009.

Legal Restrictions on the Use of this Page
Thank you for visiting this webpage. You are welcome to view our material as often as
you wish, free of charge. And as long as you keep intact all copyright notices, you are also
welcome to print or make one copy of this page for your own personal, noncommercial,
home use. But, you are not legally authorized to print or produce additional copies or to
copy and paste any of our material onto another web site or to republish it in any way.

Copyright © 2009 - 2013 by Praxiom Research Group Limited. All Rights Reserved.

Praxiom Research Group Limited