ISO 28000:2007 Specification for security management systems for the supply chain

Courtesy: ISO 28000:2007 Specification for security management systems for the supply chain

ISO 28000:2022, Security and resilience – Security management systems – Requirements, is a management system standard published by International Organization for Standardization that specifies requirements for a security management system including aspects relevant to the supply chain.

The standard was originally developed by ISO/TC 8 on “Ships and maritime technology” and published in 2007. In 2015 the responsibility for the ISO 28000 series was transferred to ISO/TC 292 on “Security and resilience”, who in 2019 decided to start a revision. A justification study for the revision was accepted by ISO TMB (Technical Management Board). The revised version of ISO 28000 was published on March 15, 2022.

Scope and contents

Similar to other management system standards by ISO, the requirements specified in ISO 28000 are generic and intended to be applicable to all organizations, regardless of type, size, and industry. However, the extent of applicability of the requirements depends on the organization’s environment and complexity.

ISO 28000:2007 was developed to standardize security within the broader supply chain management system. In the revision the PDCA management systems structure was adopted in expanding ISO 28000 to bring the elements of this standard in congruence with related standards such as ISO 9001:2000, ISO 14001:2004 and in particular ISO 22301:2018. Also the limitations of security within the supply chain were eliminated so that now it is clear that it can be used throughout all aspects of security of the organization.