October 21, 2015

ISO 28000

What is ISO 28000

ISO 28000:2007 is a management system standard which has been developed specifically for logistics companies and organisations that manage supply chain operations. Published as a Publicly Available Specification by the International Standards Organisation in 2005, this was replaced in 2007 by the full standard, ISO 28000:2007.

ISO 28000:2007 is a management system specification for the protection of people, property, information and infrastructure; in companies and organisations participating in local, national and international supply chain operations.

ISO 28000:2007 is suitable for all sizes and types of organisations that are involved in the production of goods, manufacturing, services, storage or transportation at any stage of the products development or movement in the supply chain.

Supply chain security is an essential requirement for companies involved in the international supply chain, especially those having to comply with stronger security demands from Customs and/or their business partners.

For organisations working within, or relying on, the logistics industry, certification to the ISO 28000:2007 supply chain management standard provides a valuable framework. It will help minimise the risk of security incidents and so help provide problem-free ‘just in time’ delivery of goods and supplies.

Benefits of iso 28000:2007

Adopting the ISO 28000 has broad strategic, organizational and operational benefits that are realized throughout supply chains and business practices.

Benefits include, but are not limited to:

  • Integrated enterprise resilience
  • Systematized management practices
  • Enhanced credibility and brand recognition
  • Aligned terminology and conceptual usage
  • Improved supply chain performance
  • Benchmarking against internationally recognizable criteria
  • Greater compliance processes

How to achieve ISO 28000 certification – ISO 28000 implementation / Compliance / Certification steps

Diya Training and Certifications Pvt Ltd. offers a well defined and globally proven implementation methodology for ISO 28000 – 2007 certification.

  • Gap Analysis
  • Awareness Training
  • Process Identification and definition
  • Documentation Design and finalization
  • Implementation
  • Internal Auditor Training and conduct of internal audit
  • Management Review Meeting
  • Review of Implementation
  • Pre-assessment
  • Stage 1 certification audit
  • Stage 2 certification audit
  • Award of ISO 28000 certification
  • Continual improvement of the system through value added consulting and training services

What are the requirements of ISO 28000 standard ?

ISO 28000:2007 is a risk-based standard, similar to ISO 14001, integrating the management system process-based approach of Plan-Do-Check-Act (PDCA) and the requirement for continual improvement.

Clause Name Coverage / Requirements
4.1 General requirements Establishment of system structure, continual improvement,
4.2 Security management policy Developed / acknowledged by top management
4.3 Security Risk Assessment and Planning
4.3.1 Security Risk Assessment Physical, operational, environmental threats and risks
4.3.2 Legal, statutory and other security regulatory requirements Identify legal and other requirements related to organization
4.3.3 Security management objectives Establish and document management objectives
4.3.4 Security management targets Establish measurable, relevant targets communicated to the organization
4.3.5 Security management programmes Establishment, documented programs
4.4 Implementation and operation
4.4.1 Structure, authority and responsibilities for security management Establish / appoint, organization roles, responsibilities authorities
4.4.2 Competence, training and awareness System to ensure qualified competent personnel
System to ensure qualified competent personnel Communication System to communicate information to the organization
4.4.4 Documentation Policy objectives, scopes, references, records,
4.4.5 Document and data control Location and access, review, currency, archival
4.4.6 Operational control Documented procedures, threat evaluation,
4.4.7 Emergency preparedness, response and security recovery Id potential threats, develop plans, responses,
4.5 Checking and Corrective action
4.5.1 Security performance measurement and monitoring Qualitative, quantitative, monitoring objectives & targets, non conformances
4.5.2 System evaluation Review plans, procedures, incidents reports, performance evaluations
4.5.3 Security related failures, incidents, non-conformances and corrective and preventative action Evaluating system failures, incidents, near misses, false alarms, near misses
4.5.4 Control of records Identification, storage, protection, retrieval, retention disposal of records
4.5.5 Audit Develop an audit program
4.6 Management review and continual improvement Review of system by top management.


Integrate ISO 28000 with other management system standards

ISO 28000 is designed to be compatible with other management systems standards and specifications, such as ISO 9001, OHSAS 18001, ISO 22000, ISO 17025, ISO 27001, ISO 14001 Environment and other ISO standards. They can be integrated seamlessly through Integrated Management system approach. They share many principles so choosing an integrated management system can offer excellent value for money and an easier approach to implement, manage and improve multiple standards simultaneously.

What we offer in the field of ISO 28000 standard and certification

As one of the largest ISO management system certification consulting companies across the world with clients in more than 40 countries, our knowledge and experience of the standards is unsurpassed. We understand how to fully exploit the benefits of your quality management system to ensure you unlock the true potential in your organization.

We provide unmatched expertise and technical competence to ensure that your ISO 28000 security management system certification project adds value to your organization.

We provide consulting, training, internal audits, pre assessment audits and facilitation during ISO 28000 certification audit.

We offer our global knowledge moulded locally to bring in the best results for our clients and partner their journey of standardization, compliance, growth, success and continual improvements.

Contact us now, to get your organization ISO 28000 certified in the most effective and efficient manner while realizing the true benefits of the certification using our specialized ISO implementation methodology that is less time consuming, fast, easy to understand and implement, result oriented, time bound and cost effective. Get ISO 28000 certified now with us.