ISO 28000

ISO 28000 is a standardized set of requirements developed by the ISO/IEC which describe a Security Management System (SMS), focusing on aspects crucial to security assurance of the supply chain, as well as all associated aspects including transportation, manufacturing, storage and services.

An SMS compliant with ISO 28000 provides not only the desired, appropriate and complete level of supply chain management and security, but also the processes and documentation to ensure the infrastructure is provable, repeatable and demonstrable.

Why 28000?

Security of the supply chain has always been a concern of transport, logistics and manufacturing companies; however, a disruption in supply chain can significantly impact any business that depends on materials from others. Theft, damage, and shipment integrity are the most common historical concerns, with the threats of organized crime, piracy and terrorism, and security also looming. 

ISO 28000 applies a formalized and risk-based approach to securing the supply chain. It requires attention not only to the obvious security activities such as physically protecting and tracking cargo en route, but also mandates a broader security infrastructure which considers human factors, natural disasters, partnerships, outside relationships and other related aspects.   

Once implemented, monitoring of the existing SMS not only provides measurable and documented details as to performance for regulatory or legal matters, but also provides details for incident and response management. As new risks are identified, they are assessed and integrated into the evolution of the SMS as dictated by the needs of the business, providing the continual improvement needed to address new threats and challenges.