ISO 28000

Supply chain security management systems

"Supply chain is like nature, it is all around us" -

Since supply chains are becoming more complex in the networked global economy to ensure their security is a challenge to all organizations from small to multinational in manufacturing, service, storage or transportation.

ISO 28000 provides the framework for setting up a supply chain security management. It uses the Plan-Do-Check-Act methodology that facilitates the integration with other standards like ISO 9001 or ISO 14001.

ISO 28000 focuses on a number of aspects, requiring organizations that intent to implement a supply chain management system to elaborate and apply an ongoing process of identification and assessment of security management related threats and risks and, in response, implement the necessary control measures. Authorities and responsibilities for the supply chain management need to be defined and communicated while documentation determined necessary to ensure effective planning, operation and control of processes is required. Plans and procedures are needed for emergency situations preparedness and response and they have to be tested periodically in particular after the identification of security breaches and threats.

ISO 28000 is part of a family of standards that also include ISO 28001 that provides best practices for implementing supply chain security, assessments and plans and also ISO 28004 which is a guideline for the implementation of ISO 28000.

Implementation and certification according to ISO 28000 has strategic, operational and organizational benefits like: improved resilience, enhanced credibility, improved performance or, greater compliance with international codes, standards or legislative requirements applicable to the supply chain.