This International Standard provides generic advice on the application of ISO 28000:2007, Specification for security management systems for the supply chain. It explains the underlying principles of ISO 28000 and describes the intent, typical inputs, processes and typical outputs, for each requirement of ISO 28000. This is to aid the understanding and implementation of ISO 28000. This International Standard does not create additional requirements to those specified in ISO 28000, nor does it prescribe mandatory approaches to the implementation of ISO 28000. ISO 28000 1 Scope This International Standard specifies the requirements for a security management system, including those aspects critical to security assurance of the supply chain. These aspects include, but are not limited to, financing, manufacturing, information management and the facilities for packing, storing and transferring goods between modes of transport and locations. Security management is linked to many other aspects of business management. These other aspects should be considered directly, where and when they have an impact on security management, including transporting these goods along the supply chain. This International Standard is applicable to all sizes of organizations, from small to multinational, in manufacturing, service, storage or transportation at any stage of the production or supply chain that wishes to:
a) establish, implement, maintain and improve a security management system;
b) assure compliance with stated security management policy;
c) demonstrate such compliance to others;
d) seek certification/registration of its security management system by an Accredited third party Certification Body; or
e) make a self-determination and self-declaration of compliance with this International Standard.
There are legislative and regulatory codes that address some of the requirements in this International Standard. It is not the intention of this International Standard to require duplicative demonstration of compliance. Organizations that choose third party certification can further demonstrate that they are contributing significantly to supply chain security.
Tämän julkaisun valmistelusta Suomessa vastaa SFS Suomen Standardit, puh. 09 149 9331.
Sisällysluettelo
Foreword
Introduction
1 Scope
2 Normative references
3 Terms and definitions
4 Security management system elements
4.1 General requirements
4.2 Security management policy
4.3 Security risk assessment and planning
4.4 Implementation and operation
4.5 Checking and corrective action
4.6 Management review and continual improvement
Annex A Correspondence between ISO 28000:2007, ISO 14001:2004 and ISO 9001:2000 (informative)