BS ISO 28003 Security management systems for the supply chain. Requirements for bodies providing audit and certification of supply chain security management systems

Find Similar Items

This product falls into the following categories.

You may find similar items within these categories by selecting from the choices below:

BS ISO 28003:2007

Security management systems for the supply chain. Requirements for bodies providing audit and certification of supply chain security management systems

Status : Current   Published : December 2007

Format
PDF

Format
HARDCOPY



BS ISO 28003:2007 Security management systems for the supply chain. Requirements for bodies providing audit and certification of supply chain security management systems

BS ISO 28003 is the standard that contains principles and requirements for bodies providing the audit and certification of supply chain security management systems according to management system specifications and standards such as BS ISO 28000.

It defines the minimum requirements of a certification body and its associated auditors, recognizing the unique need for confidentiality when auditing and certifying/registering a client organization.

Requirements for supply chain security management systems can originate from a number of sources, and BS ISO 28003 was developed to assist in the certification of supply chain security management systems that fulfil the requirements of BS ISO 28000 Specification for security management systems for the supply chain, and other supply chain security management system standards.

BS ISO 28003 may also be used to support certification of supply chain security management systems that are based on other specified supply chain security management system requirements.

What does BS ISO 28003 offer? The standard:

  • Provides harmonized guidance for the accreditation of certification bodies applying for ISO 28000 (or other specified supply chain security management system requirements) certification/registration
  • Defines the rules applicable for the audit and certification of a supply chain security management system complying with the supply chain security management system standard’s requirements (or other sets of specified supply chain security management system requirements)
  • Provides the customers with the necessary information and confidence about the way certification of their suppliers has been granted.

Certification of a supply chain security management system is sometimes also called registration, and certification bodies are sometimes called registrars.

A certification body can be nongovernmental or governmental (with or without regulatory authority). BS ISO 28003 can be used as a criteria document for accreditation or peer assessment or other audit processes.

BS ISO 28003 is intended for use by bodies that carry out audit and certification of supply chain security management systems. Certification of supply chain security management systems is a third party conformity assessment activity. Bodies performing this activity are therefore third party conformity assessment bodies, named 'certification body/bodies' in this BS ISO 28003. This wording should not be an obstacle to the use of BS ISO 28003 by bodies with other designations that undertake activities covered by the scope of BS ISO 28003. Indeed, this International Standard will be usable by any body involved in the assessment of supply chain security management systems.

Certification of supply chain security management systems of an organization is one means of providing assurance that the organization has implemented a system for supply chain security management in line with its policy.

Certification of supply chain security management systems will be delivered by certification bodies accredited by a recognized body, such as International Accreditation Forum (IAF) members.

BS ISO 28003 specifies requirements for certification bodies. Observance of these requirements is intended to ensure that certification bodies operate supply chain security management systems certification in a competent, consistent and reliable manner, thereby facilitating the recognition of such bodies and the acceptance of their certifications on a national and international basis. This International Standard will serve as a foundation for facilitating the recognition of supply chain security management systems certification in the interests of international trade.

Certification of a supply chain security management system provides independent verification that the supply chain security management system of the organization

  • Conforms to specified requirements
  • Is capable of consistently achieving its stated policy and objectives
  • Is effectively implemented.

Certification of a supply chain security management system thereby provides value to the organization, its customers and interested parties.

BS ISO 28003 aims at being the basis for recognition of the competence of certification bodies in their provision of supply chain security management system certification.

BS ISO 28003 can be used as the basis for recognition of the competence of certification bodies in their provision of supply chain security management system certification (such recognition may be in the form of notification, peer assessment, or direct recognition by regulatory authorities or industry consortia).

Observance of the requirements in BS ISO28003 is intended to ensure that certification bodies operate supply chain security management system certification in a competent, consistent and reliable manner, thereby facilitating the recognition of such bodies and the acceptance of their certifications on a national and international basis. BS ISO28003 will serve as a foundation for facilitating the recognition of supply chain security management system certification in the interests of international trade.

Certification activities involve the audit of an organization's supply chain security management system. The form of attestation of conformity of an organization's supply chain security management system to a specific standard (for example ISO 28000) or other specified requirements is normally a certification document or a certificate.

It is for the organization being certified to develop its own supply chain security management systems (including ISO 28000 supply chain security management system, other sets of specified supply chain security management system requirements, quality systems, environmental supply chain security management systems or occupational health and safety supply chain security management systems) and, other than where relevant legislative requirements specify to the contrary, it is for the organization to decide how the various components of these are to be arranged.

The degree of integration between the various supply chain security management system components will vary from organization to organization. It is therefore appropriate for certification bodies that operate in accordance with this International Standard to take into account the culture and practices of their clients in respect of the integration of their supply chain security management system within the wider organization.

Contents of BS ISO 28003 contain:

  • Scope
  • Normative references
  • Terms and definitions
  • Principles for certification bodies
  • Impartiality
  • Competence
  • Responsibility
  • Openness
  • Confidentiality
  • Resolution of complaints
  • Legal and contractual matters
  • Management of impartiality
  • Liability and financing
  • Structural requirements
  • Organizational structure and top management
  • Committee for safeguarding impartiality
  • Resource requirements
  • Competence of management and personnel
  • Personnel involved in the certification activities
  • Use of external auditors and external technical experts
  • Personnel records
  • Outsourcing
  • Information requirements
  • Publicly accessible information
  • Certification documents
  • Directory of certified clients
  • Reference to certification and use of marks
  • Confidentiality
  • Information exchange between a certification body and its clients
  • Process requirements
  • General requirements applicable to any audit
  • Initial audit and certification
  • Surveillance activities
  • Recertification
  • Special audits
  • Suspending, withdrawing or reducing scope of certification
  • Appeals
  • Complaints
  • Records on applicants and clients
  • Management system requirements for certification bodies
  • Management system requirements in accordance with ISO 9001
  • General management system requirements
  • Guide for process to determine auditor time
  • Criteria for auditing organizations with multiple sites
  • Auditor education, work and audit experience and training durations
  • Auditor competence requirements
  • Bibliography



Standard NumberBS ISO 28003:2007
TitleSecurity management systems for the supply chain. Requirements for bodies providing audit and certification of supply chain security management systems
StatusCurrent
Publication Date31 December 2007
Cross ReferencesISO/IEC 17000:2004, ISO 19011:2002, ISO 28000, ISO 10002, ISO/IEC 17030:2003, ISO 9001:2000, ISO 17021
ReplacesDD ISO/PAS 28003:2006
International RelationshipsISO 28003:2007
DescriptorsFreight transport, Management, Security, Physical distribution management, Materials handling, Safety measures, Transportation, Materials handling operations, Quality assurance systems, Logistics, Certification bodies, Approval organizations, Quality auditing, Certification (approval)
ICS03.100.10
03.100.70
47.020.99
Title in FrenchSystèmes de management de la sûreté pour la chaîne d'approvisionnement. Exigences pour les organismes effectuant l'audit et la certification des systèmes de management de la sûreté pour la chaîne d'approvisionnement
Title in GermanSicherheitsmanagementsysteme für die Lieferkette. Anforderungen an Institute, die Sicherheitsmanagementssysteme auditieren und zertifizieren
CommitteeSME/32
ISBN978 0 580 58090 1
PublisherBSI
FormatA4
DeliveryYes
Pages52
File Size514.6 KB
Price£228.00


 Your basket
Your basket is empty

Take the smart route to manage medical device compliance


ISO 14004

Everything you need to create an Environmental Management System


BSOL

The faster, easier way to work with standards


BSI Essentials

Get ISO 9001 and ISO 9000 with 15% discount.


Customers who bought this product also bought

  • BS ISO 28000:2007
    Specification for security management systems for the supply chain
  • BS ISO 28001:2007
    Security management systems for the supply chain. Best practices for implementing supply chain security, assessments and plans. Requirements and guidance