ISO 28000 - Security management system in the supply chain

 

What is ISO 28000?

ISO 28000 introduces a formal approach to corporate security management within the supply chain to protect people, goods and infrastructures against situations that could present a potential risk. The requirements included in this standard work to control the integrity of the security management system and assure the security of the supply chain.

Once certified, organisations can proudly promote themselves as certificate holders in any of their promotional materials and can include the URS certification logo free of charge.

 

Who requires an ISO 28000 certification?

Any organisation involved in the management of a supply chain, including the movement and storage of goods, should consider an ISO 28000 certification. Applicable sectors include:

 

• Manufacturers


• Transporters


• Warehouses


• Logistic companies

How can ISO 28000 benefit your business?

Becoming certified for ISO 28000 can bring a wide range of benefits to your organisation, including:

 

• Mitigating security risks using a structured framework


• Enhancing your organisations security


• Improving your operational efficiency


• Taking a proactive approach to risk management

How can you prepare for an ISO 28000 Certification?

Although the thought of starting the certification process may seem daunting, there are a variety of steps you can take to make the process to becoming certified far more streamlined:

 

• Familiarise yourself with the ISO 28000 standard


• Conduct a gap analysis to highlight processes that do not comply with the ISO 28000 standard


• Provide training to all staff members to ensure that employee competency meets the standard requirements


• Carry out regular internal audits to highlight areas for improvement within your organisation

What are the key requirements for ISO 28000?

When working towards becoming certified for ISO 28000, there are various areas that will be a focus during the audit. These areas include:

 

• Risk assessments and management


• Communication and training


• Physical and technical security


• Security practices

What clauses make up the structure of ISO 28000?

 

Clauses 1-3 – Introductory clauses:

The first three clauses in ISO 28000 focus on introducing the standard and highlighting its relevance to the supply chain. This section also provides the names of relevant standards that are referenced throughout, along with an expansive list of terms and definitions that relate to the standard.

 

Clause 4 – Context of the organisation:

Clause 4 highlights the importance of understanding the purpose of the security management system within your organisation. The requirements provided address how your organisation determines any external and internal issues that may arise.

This clause also contains a detailed figure that outlines the principles surrounding creating and protecting value in your organisation.



Climate Change Amendments:

The amendments have not changed the requirements of clause 4.1 and 4.2, rather they have added an assurance that climate change is considered for the management system. Due to the necessity of climate awareness, it should be considered by organisations and is therefore included as part of the standard.

Rather than a transition being required, organisations should instead consider and apply the guidance provided in the amendment. Should a company minute their considerations during their Management Review regarding CCC as well as evidence of their considerations and any actions, a discrepancy shall NOT be raised. However, should no minute exist for any considerations, then a discrepancy will be raised.

Where a minute and evidence does exist but is clearly of little relevance to CCC an Opportunity for Improvement (OFI) will be raised.

 

Clause 5 – Leadership:

Clause 5 outlines the ways in which top management can demonstrate both leadership, and their commitment to the security management system. This includes the implementation of policies, and assigning responsibilities.

 

Clause 6 – Planning:

Clause 6 focuses on the importance of using planning methods in relation to the security management system. These approaches can be utilised to address risks and opportunities, meet security objectives and plan for change.

 

Clause 7 – Support:

Clause 7 highlights the various sources of support that should form the backbone of implementing and maintaining the security management system. These include resources, staff competency, communication and documentation.

 

Clause 8 – Operation:

Clause 8 addresses the processes that an organisation shall plan, implement and control to ensure that the standard requirements are met. These processes should revolve around operational planning, risk assessments, and controls.

 

Clause 9 – Performance evaluation:

Clause 9 introduces methods of evaluating the performance of the security management system to highlight areas for improvement. These methods include monitoring and analysis, internal audits and management reviews.

 

Clause 10 – Improvement:

In the final section of the standard, clause 10 outlines ways in which an organisation can continually improve the effectiveness of the security management system. It’s in this section that approaches to nonconformities and corrective actions are addressed.

 

How long will your ISO 28000 certificate be valid for?

Your ISO 28000 certificate will be valid for at least three years; dependent on the type of site that is being certified.

 

Ready to get started? Apply using the quotation link below.