ISO 28000. Supply chain security

As supply networks become more and more complex, in an interconnected economy, ensuring their security is a challenge for all types of organizations, starting from small business to multinationals, regardless whether their activities are about manufacturing or service provision. ISO 28000 is meant to help.

Implementation and certification to ISO 28000 brings a number of benefits to organizations like: improved resilience or compliance with legislation and international codes. In general it brings improved global performance as the supply chain has a significant impact in most aspects of an organization’s activities.

The standard ISO 28000

ISO 28000 is focused on a series of aspects, requiring organizations to develop and apply a continuous process of identification and assessment of threats and risks for its supply chain and, in response, implement adequate controls.

Authorities and responsibilities with regards to the supply chain should be defined and a documentation to support the planning, operation and control of processes is required.

The organization needs to establish and implement plans and procedures for emergency situations that have to be tested periodically, especially when identifying threats or security breaches.

ISO 28000 is part of a family of standards that also includes ISO 28001 which provides good practices for supply chain security, assessments and plans or ISO 28004, a guide for the implementation of a supply chain security management system.


Interested in certification to this standard? Get in touch with us at

Get in touch with us!

Which are the components of the P-D-C-A cycle?
What represents a requirement determined as not applicable to the QMS as per ISO 9001:2015?
Which of the following can be considered post-delivery activities according to ISO 9001:2015?
What is the frequency for internal audits required by ISO 9001:2015?
Which of the following statements is true?

1. What is the relation between environmental aspects and impacts?
2. Which statement is true according to ISO 14001:2015?
3. The corrective action is?
4. As per ISO 14001:2015 compliance obligations refer to:
5. For determining environmental aspects purposes, the life cycle of a product may include stages like:

1. The occupational health and safety policy
2. What represents a “near-miss”?
2. OHSAS 18001 requires:
4. Which of the following statements is false?
5. As per OHSAS 18001 the health and safety of visitors to the workplace represents the responsibility of the organization?

1. What represents the Statement of Applicability?
2. In case the same person is responsible for both initiating and approving specific transactions, what information security control is not respected?
3. In case the organization decides to outsource software development does it have any responsibility to monitor the activity of its subcontractor(s) in terms of information security?
4. The decision to accept a security risk represents an option for treatment?
5. What is the principle of independence related to internal audits referring to?