Management system standards

ISO 28000 Security Management Systems

The Team
April 16, 20245 minute read
Container Ships

ISO 28000:2022 Security and resilience — Security management systems — Requirements specifies requirements for a security management system, including aspects relevant to the supply chain. The standard is applicable to all types and sizes of organizations (e.g. commercial enterprises, government or other public agencies and non-profit organizations) which intend to establish, implement, maintain and improve a security management system. It provides a holistic and common approach and is not industry or sector specific.

ISO 28000 can be used throughout the life of the organization and can be applied to any activity, internal or external, at all levels.

Table of Contents

Introduction
1 Scope
2 Normative references
3 Terms and definitions
4 Context of the organization
4.1 Understanding the organization and its context
4.2 Understanding the needs and expectations of interested parties
4.3 Determining the scope of the security management system
4.4 Security management system
5 Leadership
5.1 Leadership and commitment
5.2 Security policy
5.3 Roles, responsibilities and authorities
6 Planning
6.1 Actions to address risks and opportunities
6.2 Security objectives and planning to achieve them
6.3 Planning of changes
7 Support
7.1 Resources
7.2 Competence
7.3 Awareness
7.4 Communication
7.5 Documented information
8 Operation
8.1 Operational planning and control
8.2 Identification of processes and activities
8.3 Risk assessment and treatment
8.4 Controls
8.5 Security strategies, procedures, processes and treatments
8.6 Security plans
9 Performance evaluation
9.1 Monitoring, measurement, analysis and evaluation
9.2 Internal audit
9.3 Management review
10 Improvement
10.1 Continual improvement
10.2 Nonconformity and corrective action
ISO 28000:2022

Implementation

Implementing a Security Management System (SMS) for the supply chain in conformity with ISO 28000 involves several key steps.

Here are those steps.

Organizational Context

  • Determine the internal and external issues that are relevant to the organization’s purpose and strategic objectives.
  • Identify key stakeholders and other interested parties that are relevant to the SMS.
  • Assess the need to interface the SMS with other management systems and the resources required for this purpose.

Leadership and Commitment

  • Demonstrate leadership commitment to supply chain security within the organization.
  • Establish a security policy that aligns with organizational goals.

Scope and Context

  • Determine the scope of the SMS for the supply chain.
  • Understand the internal and external context, including legal and regulatory requirements related to supply chain security.

Legal and Regulatory Compliance

  • Identify and comply with relevant legal and regulatory requirements related to supply chain security.
  • Stay informed about changes in legislation that may impact supply chain security practices.

Supply Chain Security Policy

Develop a supply chain security policy that outlines the organization’s commitment to ensuring the security of the supply chain.

Risk Assessment and Management

  • Identify and assess security risks associated with the supply chain.
  • Develop risk mitigation strategies and controls to manage and reduce security risks.

Physical Security Measures

  • Implement physical security measures to protect supply chain assets, facilities, and transportation.
  • Ensure secure handling and storage of goods throughout the supply chain.

Information Security

  • Implement information security measures to protect sensitive information within the supply chain.
  • Establish secure communication channels and data protection protocols.

Personnel Security

  • Implement measures to ensure the security awareness and competence of personnel involved in the supply chain.
  • Conduct background checks and provide security training for relevant personnel.

Access Controls

  • Implement access controls to restrict unauthorized access to supply chain facilities and information.
  • Monitor and control access points at key locations in the supply chain.

Emergency Response and Preparedness

  • Develop and implement emergency response plans for security incidents within the supply chain.
  • Conduct drills and exercises to ensure readiness in case of security threats.

Supplier and Partner Management

  • Establish security requirements for suppliers and partners in the supply chain.
  • Conduct assessments and audits to ensure compliance with security standards.

Technology and Systems

  • Implement technology solutions and systems to enhance supply chain security.
  • Use tracking and monitoring systems to trace the movement of goods and detect anomalies.

Security Training and Awareness

  • Provide training to employees and partners on supply chain security policies and procedures.
  • Raise awareness about the importance of security across the supply chain.

Monitoring and Measurement

  • Implement systems for monitoring and measuring supply chain security performance.
  • Regularly assess the organization’s compliance with security objectives and targets.

Data Analysis and Reporting

  • Analyze supply chain security performance data to identify trends, areas for improvement, and opportunities.
  • Prepare regular reports on security achievements and initiatives.

Incident Reporting and Investigation

  • Develop processes for reporting and investigating security incidents within the supply chain.
  • Establish procedures for learning from incidents and implementing corrective actions.

Continual Improvement

  • Establish processes for continual improvement of supply chain security practices.
  • Regularly review and update security procedures based on feedback and changing requirements.

Documentation and Record-Keeping

  • Develop and maintain documentation related to supply chain security policies, procedures, and practices.
  • Keep records of risk assessments, incident reports, training, and security measures.

Audit and Certification

  • Conduct internal audits to assess compliance with supply chain security policies and procedures.
  • Consider seeking third-party certification to demonstrate adherence to the ISO 28000 standard.

In conclusion…

By following these steps, organizations can implement an effective security management system for the supply chain in conformity with ISO 28000. Regular reviews and updates are crucial to ensuring the continued effectiveness and relevance of supply chain security practices.

ISO 28000 can be purchased through the ISO.org website.

Keywords
Share this Article
Further Reading

ISO 45001 Occupational Health & Safety Management Systems

ISO 55001 Asset Management System

ISO 7101 Healthcare Quality Management

ISO 41001 Facility Management Systems

Trending Articles
ISO 45001 Occupational Health & Safety Management Systems
September 12, 2024

ISO 45001 Occupational Health & Safety Management Systems

Quality Control
April 15, 2024

ISO 9001 Quality Management Systems

ISO 19650-1 Building Information Modelling — Concepts & Principles
April 15, 2024

ISO 19650-1 Building Information Modelling — Concepts & Principles

Medical Device
April 15, 2024

ISO 14971 Medical Devices Risk Management

CCTV
April 15, 2024

ISO 18788 Management System for Private Security Operations

Logistics
April 15, 2024

ISO 23354 Business Requirements for End-to-End Visibility of Logistics Flow

No Comments

This Post Has 0 Comments

Leave a Reply

Your email address will not be published. Required fields are marked *

FREE SELF-AUDIT TOOL

Our self-audit tool is designed to help organizations evaluate their conformity with the requirements of an ISO management system standard. It provides a structured approach to assess compliance, identify gaps, and implement improvements.
Download your free copy of the self-audit tool from here (.pdf).

Back To Top