ISO 28000:2007 is a management system specification for the protection of people, property, information and infrastructure; in companies and organizations participating in local national and international supply chain operations.
It is suitable for all sizes and types or organizations that are involved in the production of goods, manufacturing, services, storage or transportation at any stage of the products’ development or movement in the supply chain.
Supply chain security is an essential requirement for companies involved in the international supply chain, especially those having to comply with stronger security demands from Customs and/or their business partners.
This standard is a risk-based standard, similar to ISO 14001, integrating the management system process-based approach of Plan-Do-Check-Act (PDCA) and the requirement for continual improvement. It provides a system approach for any organization to manage its security program and can be the foundation for a variety of international security initiatives.
Companies, which use ISO 28000, will implement a protective security program based on the identification of risks. This security-risk assessment provides the means for an organization to identify and prioritize risks and implement management strategies to mitigate or eliminate those risks. And this will allow companies to plan and to manage the security program, while at the same time directing budgets towards the areas of importance.