ISO 28000 supply chain security

What is ISO 28000?

ISO 28000 is an international supply chain security management system standard. Certification to ISO 28000 provides a valuable framework for organisations working in, or relying on, the logistics industry helping minimise the risk of security incidents and so help problem-free ‘just in time’ delivery.

What does ISO 28000 do?

ISO 28000 specifies the requirements for a security management system, including those aspects critical to security assurance of the supply chain. ISO 28000 is a risk based management system standard which is also based on the ‘plan – do – check – act’ model in a similar way to the ISO 9001, ISO 14001 and OHSAS 18001 standards.

This means that those organisations already familiar with these standards will be able to use a similar approach when analysing supply chain security risks and threats and also be able to integrate the requirements of ISO 28000 into an existing management system.

ISO 28000 benefits

An ISO 28000 certification helps to deliver

  • Enhanced credibility
  • Stakeholder confidence
  • Aligned terminology and conceptual usage
  • Improved supply chain performance
  • Customer satisfaction
  • Integrated enterprise resilience
ISO 28000 certification has broad strategic, organisational and operational benefits throughout the supply chain and business practices.

This integrated approach to risk management is often employed to better coordinate cross functional risk management mechanisms, improve performance measurement, ensure continual improvement and reduce misalignment of risk management objectives between silos.

Who can use ISO 28000?

ISO 28000 is applicable to all sizes of organisations, from small to multinational, in manufacturing, service, storage or transportation at any stage of the production or supply chain that aims to:

a) establish, implement, maintain and improve a security management system;

b) assure conformance with stated security management policy;

c) demonstrate such conformance to others;

d) seek certification/registration of its security management system by an Accredited third party Certification Body; or

e) make a self-determination and self-declaration of conformance with ISO 28000.

How LRQA can help

Management systems are becoming increasingly linked to the success and survival of organisations. In parallel, CEOs and MDs worldwide are placing greater emphasis on the independent assessment that helps ensure management systems are 'fit for purpose'.

Having issued the first ISO 28000 global certificate, we are in a prime position to share our experience and expertise to help our clients manage security risks and assure continuity of supply.

Our unique methodology, LRQA Business Assurance, helps organisations manage their systems and risks to improve and protect their current and future performance.

We provide certification and training across all of the major standards.

For organisations with other standards, we can often offer integrated assessments, thus delivering savings on both time and money.