HOME

TheInfoList



OR:

ISO 28000:2022, ''Security and resilience – Security management systems – Requirements'', is a management system standard published by
International Organization for Standardization The International Organization for Standardization (ISO ) is an international standard development organization composed of representatives from the national standards organizations of member countries. Membership requirements are given in Ar ...
that specifies requirements for a security management system including aspects relevant to the supply chain. The standard was originally developed by ISO/TC 8 on "Ships and maritime technology" and published in 2007. In 2015 the responsibility for the ISO 28000 series was transferred to
ISO/TC 292 ISO/TC 292 Security and resilience is a technical committee of the International Organization for Standardization formed in 2015 to develop standards in the area of security and resilience. The Technical Management Board of ISO (TMB) decided in ...
on "Security and resilience", who in 2019 decided to start a revision. A justification study for the revision was accepted by ISO TMB (Technical Management Board). The revised version of ISO 28000 was published on March 15, 2022.


Scope and contents

Similar to other management system standards by ISO, the requirements specified in ISO 28000 are generic and intended to be applicable to all organizations, regardless of type, size, and industry. However, the extent of applicability of the requirements depends on the organization's environment and complexity. ISO 28000:2022 is divided into 10 main clauses and has adopted the harmonized structure and standardized text set out by
Annex SL The Annex SL (also known as Annex L in the 2019th edition) is a section of the ISO/IEC Directives part 1 that prescribes how ISO Management System Standard (MSS) standards should be written. The aim of Annex SL is to enhance the consistency and ali ...
. The standard is divided as follows: # Scope # Normative references # Terms and definitions # Context of the organization # Leadership # Planning # Support # Operation # Performance evaluation # Improvement ISO 28000:2007 was developed to standardize security within the broader supply chain management system. In the revision the
PDCA PDCA (plan–do–check–act or plan–do–check–adjust) is an iterative design and management method used in business for the control and continual improvement of processes and products. It is also known as the Shewhart cycle, or the control ...
management systems structure was adopted in expanding ISO 28000 to bring the elements of this standard in congruence with related standards such as
ISO 9001 The ISO 9000 family is a set of five quality management systems (QMS) standards that help organizations ensure they meet customer and other stakeholder needs within statutory and regulatory requirements related to a product or service. ISO 90 ...
:2000,
ISO 14001 ISO 14000 is a family of standards related to environmental management that exists to help organizations (a) minimize how their operations (processes, etc.) negatively affect the environment (i.e. cause adverse changes to air, water, or land); (b ...
:2004 and in particular
ISO 22301 ISO 22301:2019, ''Security and resilience – Business continuity management systems – Requirements'', is a management system standard published by International Organization for Standardization that specifies requirements to plan, establish, im ...
:2018. Also the limitations of security within the supply chain were eliminated so that now it is clear that it can be used throughout all aspects of security of the organization.


Benefits

Implementing ISO 28000 has broad strategic, organisational and operational benefits that are realized throughout the organization. Benefits include, but are not limited to: * Improved security and thereby enhancing resilience * Systematised management practices * Enhanced credibility and brand recognition * Aligned terminology and conceptual usage * Improved organizational performance including aspects of the supply chain * Benchmarking against internationally recognisable criteria * Greater compliance processes


Improved risk management integration

The international standard addresses specifically the assessment and treatment of security-related risks (risks that relate to the security of the organization and its interested parties) and in this context refers to
ISO 31000 ISO 31000 is a family of standards relating to risk management codified by the International Organization for Standardization. ISO 31000:2018 provides principles and generic guidelines on managing risks that could be negative faced by organizatio ...
. This improves the broader interface with existing
enterprise risk management Enterprise risk management (ERM) in business includes the methods and processes used by organizations to manage risks and seize opportunities related to the achievement of their objectives. ERM provides a framework for risk management, which typic ...
in a common integrated platform. This integrated approach to risk management is recommended by ISO 31000 to better coordinate cross functional risk management mechanisms, improve performance measurement, ensure continual improvement and prevent silo thinking within the organization.


Application

ISO 28000:2007 was initially developed so that organizations of varying scale could apply the standard to their supply chains of various degrees of complexity. Now, after the revison, ISO 28000:2022 can be applied beyond the supply chain to all aspects of the organization. The general rational for an organization to adopt ISO 28000:2022 pertains to: * developing a security management system, * internal compliance with objectives of a security management policy, * external compliance with best practice benchmarks, * conformity assurance with the standard, * enhancing the organization's resilience by an effective, coordinated and integrated application of its security management system. ISO 28000:2022 is a certifiable standard. In 2016, the countries with the highest number of certificates were India (425), Japan (299), Spain (231), US (223) and UK (197).


History

ISO 28000 was originally developed as a
Publicly Available Specification A Publicly Available Specification or PAS is a standardization document that closely resembles a formal standard in structure and format but which has a different development model. The objective of a Publicly Available Specification is to speed up ...
by ISO technical committee ISO/TC 8 on Ships and marine technology and published in 2005. In 2007, ISO/PAS 28000:2005 was withdrawn and replaced by a full ISO standard under the title ISO 28000:2007. In 2014, ISO 28000:2007 was reviewed and confirmed.
In 2015,
ISO/TC 292 ISO/TC 292 Security and resilience is a technical committee of the International Organization for Standardization formed in 2015 to develop standards in the area of security and resilience. The Technical Management Board of ISO (TMB) decided in ...
Security and resilience took over the responsibility of the standard and decided later in 2019 to initiate a revision of the standard. In March 2022 the revised second edtion of the standard was published.


Related standards

ISO 28000 is the first of a series of ISO security management standards including: *
ISO 28001 ISO is the most common abbreviation for the International Organization for Standardization. ISO or Iso may also refer to: Business and finance * Iso (supermarket), a chain of Danish supermarkets incorporated into the SuperBest chain in 2007 * Iso ...
:2007 Security management systems for the supply chain – Best practices for implementing supply chain security, assessments and plans – Requirements and guidance *
ISO 28002 ISO is the most common abbreviation for the International Organization for Standardization. ISO or Iso may also refer to: Business and finance * Iso (supermarket), a chain of Danish supermarkets incorporated into the SuperBest chain in 2007 * Iso ...
:2011 Security management systems for the supply chain – Development of resilience in the supply chain – Requirements with guidance for use *
ISO 28003 ISO is the most common abbreviation for the International Organization for Standardization. ISO or Iso may also refer to: Business and finance * Iso (supermarket), a chain of Danish supermarkets incorporated into the SuperBest chain in 2007 * Iso ...
:2007 Security management systems for the supply chain – Requirements for bodies providing audit and certification of supply chain security management systems * ISO 28004 Security management systems for the supply chain – Guidelines for the implementation of ISO 28000 ** ISO 28004-1:2007 Part 1: General principles **
ISO 28004-2 ISO is the most common abbreviation for the International Organization for Standardization. ISO or Iso may also refer to: Business and finance * Iso (supermarket), a chain of Danish supermarkets incorporated into the SuperBest chain in 2007 * Iso ...
:2014 Part 2: Guidelines for adopting ISO 28000 for use in medium and small seaport operations **
ISO 28004-3 ISO is the most common abbreviation for the International Organization for Standardization. ISO or Iso may also refer to: Business and finance * Iso (supermarket), a chain of Danish supermarkets incorporated into the SuperBest chain in 2007 * Iso ...
:2014 Part 3: Additional specific guidance for adopting ISO 28000 for use by medium and small businesses (other than marine ports) **
ISO 28004-4 ISO is the most common abbreviation for the International Organization for Standardization. ISO or Iso may also refer to: Business and finance * Iso (supermarket), a chain of Danish supermarkets incorporated into the SuperBest chain in 2007 * Iso ...
:2014 Part 4: Additional specific guidance on implementing ISO 28000 if compliance with ISO 28001 is a management objective * ISO 28005 Security management systems for the supply chain – Electronic port clearance (EPC) **
ISO 28005-1 ISO is the most common abbreviation for the International Organization for Standardization. ISO or Iso may also refer to: Business and finance * Iso (supermarket), a chain of Danish supermarkets incorporated into the SuperBest chain in 2007 * Iso ...
:2013 Part 1: Message structures **
ISO 28005-2 ISO is the most common abbreviation for the International Organization for Standardization. ISO or Iso may also refer to: Business and finance * Iso (supermarket), a chain of Danish supermarkets incorporated into the SuperBest chain in 2007 * Iso ...
:2011 Part 2: Core data elements


See also

*
International Organization for Standardization The International Organization for Standardization (ISO ) is an international standard development organization composed of representatives from the national standards organizations of member countries. Membership requirements are given in Ar ...
*
ISO 31000 ISO 31000 is a family of standards relating to risk management codified by the International Organization for Standardization. ISO 31000:2018 provides principles and generic guidelines on managing risks that could be negative faced by organizatio ...
*
Security Security is protection from, or resilience against, potential harm (or other unwanted coercive change) caused by others, by restraining the freedom of others to act. Beneficiaries (technically referents) of security may be of persons and social ...
*
Security risk In simple terms, risk is the possibility of something bad happening. Risk involves uncertainty about the effects/implications of an activity with respect to something that humans value (such as health, well-being, wealth, property or the environme ...
*
Supply chain management In commerce, supply chain management (SCM) is the management of the flow of goods and services including all processes that transform raw materials into final products between businesses and locations. This can include the movement and stor ...
*
Supply chain security __NOTOC__ Supply chain security (also "supply-chain security") activities aim to enhance the security of the supply chain or value chain, the transport and logistics systems for the world's cargo and to "facilitate legitimate trade".Government o ...
* Total security management


References

{{DEFAULTSORT:ISO 28000 #28000 Supply chain management #28000