ISO 28000 Supply Chain - Security & Resilience Security Management Systems

Summary

ISO 28000 specifies the requirements for a security management system, including those aspects critical to security assurance of the supply chain. ISO 28000 certification is applicable to all sizes of organizations, from small to multinational, in manufacturing, service, storage or transportation at any stage of the production or supply chain.  ISO 28000 Certification will ensure that threats coming from logistical operations and supply chain partners are being managed and controlled securely.

The ISO 28000 Standard establishes the international requirements for a security management system relevant to the supply chain including the following clauses:

Clause 4 - Context of the Organization (scope)
Clause 5 - Leadership (Executive Level Policy & Directive)
Clause 6 - Planning (Risk Assessment Process)
Clause 7 - Support (Training & Awareness, Control of Documents, etc)
Clause 8 - Operation (Policies, Processes & Procedures)
Clause 9 - Performance Evaluation (Monitor & Measure, Audit Program, Management Review
Clause 10 - Corrective Actions

The requirements of ISO 28000 are generic and are intended to be applicable to all organizations (or parts of an organization), regardless of type, size and nature of activity, and whether in the public, private or not-for-profit sectors.

ISO 28000 certification also known as "registration", is a 3rd party audit performed by a certification body (registrar) such as MSECB (iCertWorks) who, upon verification that an organization is in conformance with the auditable requirements of ISO 28000, will issue an ISO 28000 Certificate.  This certification is then maintained through regularly scheduled annual surveillance audits by the registrar, with re-certification performed on a three year audit cycle.

The ISO 28000 Certification three year audit cycle includes:

• Year 1 - Full Stage 1 & Stage 2 Audit
• Year 2 - First Surveillance Audit (partial system audit)
• Year 3 - Second Surveillance Audit (partial system audit)
• Year 4 - 3 year Audit Cycle starts over (repeats)

For more information on ISO 28000 Certification, please fill out the request form on the right side of the page.

Benefits of ISO 28000 certification to your organization:

• Facilitates trade and expedite the transport of goods across borders
• Monitors and manages security risks throughout your business and supply chain
• Gains a competitive advantage and new business opportunities
• Encourages companies to secure their own processes within supply chains
• Reassures stakeholders of your organization's commitment to the safety of individuals and security of goods and services
• Allows management to focus finite resources on areas of greatest concern
• Benchmarks your organization's security management practices with international best practice
• Achieves cost savings through a reduction in security incidents
• Potential reduction in corporate insurance premiums
• Gains opportunities to improve efficiency across working practices

Benefits of ISO 28000 certification to your customers:

• Enhance trust and credibility with secure suppliers
• Satisfactory final products/services
• Fewer returned products and complaints
• Product/Service quality assurance
• Proof of security

ISO 28000 certification (also known as "registration") is a third-party audit performed by a certification body such as PECB who, upon verification that an organization is in compliance with the requirements of ISO 28000, will issue an ISO 28000 certificate. This certification is then maintained through regularly scheduled annual surveillance audits by the registrar, with re-certification performed on a triennial basis.

For more information on ISO 28000 Certification, please fill out the form on the right side of the page.