ISO 28000 Supply Chain Security Management Systems: Tactical Implementation and Audit Course 

Course Content

This course will provide information on the following topics:

  • Introduction to Supply Chain Security Principles and Concepts
  • Detailed introduction to ISO 28000:2007 and related standards in the series
  • Understanding Supply Chain Security Management Systems (SCSMS)
  • Design and implementation of an SCSMS conforming to the requirements of ISO 28000:2007
  • International, Intergovernmental, Country-Specific National and Supply Chain Sectoral Security Law, Regulation, and Initiatives
  • Supply Chain Security Risk Assessment and Management
  • Supply Chain Security Incident Planning, Management, Handling, and Response
  • ISO Process Audit Perspective

Also included as part of the course are:

  • Authorized printed copies of the ISO 28000, ISO 28001 and ISO 28003 standards
  • Practical exercises and feedback
  • Tools and Examples

The course uses a mixture of tutored sessions, interactive group discussions, group and personal exercises, and functional workshops to achieve its objectives. The practical exercises are designed to directly address operational issues. Examples and tools are provided which are immediately useable. Courseware has been carefully designed to address issues that arise during Supply Chain Security Management System registration audits. Course delivery will include Lecture (Slides and Examples), Facilitated Discussion (Instructor-/Delegate-Led), Tactical Exercises and Feedback and tools and examples. Delegates are expected to use their own laptops during the course.


This course will provide successful delegates with the following benefits:

  • A basic knowledge of the requirements of ISO 28000:2007 and related standards in the series
  • A basic knowledge of Security in Supply Chain Management Systems
  • Detailed understanding of the processes necessary to design, document, and implement a Supply Chain Security Management System (SCSMS) conforming to the requirements of ISO 28000:2007
  • An understanding of Supply Chain data and information security audit criteria and requirements
  • A basic knowledge of International and Country-specific Legal and Regulatory requirements for the Supply Chain and related Customs, Border Patrol, and Transportation Security initiatives
  • An understanding of concepts, tools, and methodologies for assessing and managing risks, threats, and vulnerabilities common to Supply Chain Security
  • An understanding of Supply Chain incident planning, preparedness, response, management, and recovery
  • An understanding of the documentation and evidence necessary to achieve conformity to ISO 28000:2007


It is required that delegates attending this course have completed a Lead Auditor course and/or Certification to an ISO Management System Standard (ISO 27001 or ISO 20000 preferred). It is recommended that delegates attending this course have a Professional Security Certification (CPP or CISSP preferred) or five years experience in Technology, Security, Transportation, Logistics, or Law and two years minimum experience in a Security-, Technology-, or Logistics-relevant position. Delegates will work individually and in teams, and a laptop is required (Windows or Macintosh with Microsoft-compatible Word Processing, Spreadsheet, and Presentation software).

Method of Delivery and Timetable

This course is available for Onsite session and in the Public Venue. This is a three-day intensive course equivalent to 24 credit hours; the times will be 8:00 AM – 5:00 PM unless otherwise arranged.

Class Schedule

Contact us to schedule private course 3 days Robert A. Aanerud tbd $1595

Private Classes

Contact us if you'd like a private class for your organization.