ISO 28005-1:2013 part 1

Courtesy: ISO 28005-1:2013 part 1

Similar to other management system standards by ISO, the requirements specified in ISO 28000 are generic and intended to be applicable to all organizations, regardless of type, size, and industry. However, the extent of applicability of the requirements depends on the organization’s environment and complexity.

ISO 28000:2007 was developed to standardize security within the broader supply chain management system. In the revision the PDCA management systems structure was adopted in expanding ISO 28000 to bring the elements of this standard in congruence with related standards such as ISO 9001:2000, ISO 14001:2004 and in particular ISO 22301:2018. Also the limitations of security within the supply chain were eliminated so that now it is clear that it can be used throughout all aspects of security of the organization

Benefits

Implementing ISO 28000 has broad strategic, organisational and operational benefits that are realized throughout the organization.

Benefits include, but are not limited to:

• Improved security and thereby enhancing resilience
• Systematised management practices
• Enhanced credibility and brand recognition
• Aligned terminology and conceptual usage
• Improved organizational performance including aspects of the supply chain
• Benchmarking against internationally recognisable criteria
• Greater compliance processes

Improved risk management integration

The international standard addresses specifically the assessment and treatment of security-related risks (risks that relate to the security of the organization and its interested parties) and in this context refers to ISO 31000. This improves the broader interface with existing enterprise risk management in a common integrated platform. This integrated approach to risk management is recommended by ISO 31000 to better coordinate cross functional risk management mechanisms, improve performance measurement, ensure continual improvement and prevent silo thinking within the organization.