BS ISO 28000:2007 - Specification for security management systems for the supply chain – BSI British Standards

BS ISO 28000:2007

Specification for security management systems for the supply chain

Status : Under review, Current   Published : December 2007



BS ISO 28000:2007 Specification for security management systems for the supply chain

BS ISO 28000 is the international standard that specifies the requirements for a security management system, including those aspects critical to security assurance of the supply chain. Security management is linked to many other aspects of business management. Aspects include all activities controlled or influenced by organizations that affect supply chain security. These other aspects should be considered directly, where and when they have an impact on security management, including transporting these goods along the supply chain.

BS ISO 28000 is applicable to all sizes of organizations, from small to multinational, in manufacturing, service, storage or transportation at any stage of the production or supply chain that wishes to:

  • Establish, implement, maintain and improve a security management system
  • Assure conformance with stated security management policy
  • Demonstrate such conformance to others
  • Seek certification/registration of its security management system by an accredited third party Certification Body
  • Make a self-determination and self-declaration of conformance with this International Standard.

Organizations that choose third party certification can further demonstrate that they are contributing significantly to supply chain security.

BS ISO 2800 was developed in response industry demand for a security management standard. Its ultimate objective is to improve the security of supply chains. It is a high-level management standard that enables an organization to establish an overall supply chain security management system. It requires the organization to assess the security environment in which it operates and to determine if adequate security measures are in place and if other regulatory requirements already exist, with which the organization complies.

If security needs are identified by this process, the organization should implement mechanisms and processes to meet these needs. Since supply chains are dynamic in nature, some organizations managing multiple supply chains may look to their service providers to meet related governmental or ISO supply chain security standards as a condition of being included in that supply chain in order to simplify security management.

This standard is applicable where an organization’s supply chains need secure management. A formal approach to security management can contribute directly to the business capability and credibility of the organization.

BS ISO 28000 is based on the ISO format adopted by ISO 14001:2004 because of its risk-based approach to management systems. However, organizations that have adopted a process approach to management systems (e.g. ISO 9001:2000) may be able to use their existing management system as a foundation for a security management system.

BS ISO 28000 is based on the methodology known as Plan-Do-Check-Act (PDCA). PDCA can be described as follows.

  • Plan: establish the objectives and processes necessary to deliver results in accordance with the organization’s security policy
  • Do: implement the processes
  • Check: monitor and measure processes against security policy, objectives, targets, legal and other requirements, and report results.
  • Act: take actions to continually improve performance of the security management system.

Contents of BS ISO 28000 include:

  • Introduction
  • Scope
  • Normative references
  • Terms and definitions
  • Security management system elements
  • General requirements
  • Security management policy
  • Security risk assessment and planning
  • Implementation and operation
  • Checking and corrective action
  • Management review and continual improvement
  • Correspondence between ISO 28000:2007, ISO 14001:2004 and ISO 9001:2000
  • Bibliography

Also available:

Helping you manage the supply chain strategy – from raw materials to finished goods.

Managing Risk and Resilience in the Supply Chain

Read more


Standard NumberBS ISO 28000:2007
TitleSpecification for security management systems for the supply chain
StatusUnder review, Current
Publication Date31 December 2007
Confirm Date03 October 2014
Normative References(Required to achieve compliance to this standard)No other standards are normatively referenced
Informative References(Provided for Information)ISO 19011:2002, ISO/PAS 20858:2004, ISO 14001:2004, ISO/PAS 28004:2006, ISO 28000:2007, ISO/PAS 28001, ISO 9001:2000
ReplacesDD ISO/PAS 28000:2005
International RelationshipsISO 28000:2007
DescriptorsMaterials handling, Safety measures, Security, Transportation, Freight transport, Materials handling operations, Logistics, Quality assurance systems, Physical distribution management, Management
Title in FrenchSpécifications pour les systèmes de management de la sûreté pour la chaîne d'approvisionnement
Title in GermanSchiffe und Meerestechnik. Sicherheitsmangementsysteme für die Lieferketten
ISBN978 0 580 57619 5
File Size471 KB

 Your basket
Your basket is empty

Multi-user access to over 3,500 medical device standards, regulations, expert commentaries and other documents

Develop a PAS

Develop a fast-track standardization document in 9-12 months

Worldwide Standards
We can source any standard from anywhere in the world

Tracked Changes

Understand the changes made to a standard with our new Tracked Changes version

Customers who bought this product also bought

  • BS ISO 28001:2007
    Security management systems for the supply chain. Best practices for implementing supply chain security, assessments and plans. Requirements and guidance
  • BS ISO 28003:2007
    Security management systems for the supply chain. Requirements for bodies providing audit and certification of supply chain security management systems
  • BS EN ISO 14001:2015
    Environmental management systems. Requirements with guidance for use
  • BS EN ISO 9001:2015
    Quality management systems. Requirements