Security incidents against international supply chains are threats to international trade and the economic growth of trading nations. People, goods, infrastructure and equipment, including means of transport, should be protected against security incidents and their potentially devastating effects. Such protection benefits the economy and society as a whole.
International supply chains are highly dynamic and consist of many entities and business partners. This Publicly Available Specification recognizes this complexity. It has been developed to allow an individual organization in the supply chain to apply its requirements in conformance with the organization’s particular business model and its role and function in the international supply chain.
DD ISO/PAS 28001:2006 provides requirements and guidance for organizations in international supply chains to:
- develop and implement supply chain security processes
- establish and document a minimum level of security within a supply chain(s) or segment of a supply chain
- assist in meeting the applicable Authorized Economic Operators criteria set forth in the World Customs Organization Framework of Standards and conforming national supply chain security programmes.
NOTE: Only a participating National Customs Agency can designate organizations as Authorized Economic Operators in accordance with its supply chain security programme and its attendant certification and validation requirements. In addition, this Publicly Available Specification establishes certain documentation requirements that would permit verification.
Users of this Publicly Available Specification will
- define the portion of an international supply chain they have established security within
- conduct security vulnerability assessments on that portion of the supply chain and develop adequate countermeasures
- develop and implement a supply chain security plan
- train security personnel in their security related duties.
Contents
Foreword
Introduction
1 Scope
2 Normative references
3 Terms and definitions
4 Field of application
4.1 Statement of application
4.2 Business partners
4.3 Internationally accepted certificates or approvals
4.4 Business partners exempt from security declaration requirement
4.5 Security reviews of business partners
5 Supply chain security process
5.1 General
5.2 Identification of the scope of security assessment
5.3 Conduction of the security assessment
5.4 Development of the supply chain security plan
5.5 Execution of the supply chain security plan
5.6 Documentation and monitoring of the supply chain security process
5.7 Actions required after a security incident
5.8 Protection of the security information
Annex A (informative) Supply chain security process
Annex B (informative) Methodology for security risk assessment and development of countermeasures
Annex C (informative) Guidance for obtaining advice and certification Bibliography