SUPPLY CHAIN SECURITY MANAGEMENT ISO 28000

Experiencing security issues is usually not a matter of if but when. Organizations are continuously facing security risks that seriously threaten their operations. High-value products are prone to theft, confidential information is prone to hacking, and personnel are prone to injury. Such security incidents will not only cause financial and business losses but may also lead to legal consequences and reputational damage. This is why security management has become a crucial aspect of organizations. In this regard, ISO 28000 provides organizations with a comprehensive approach to security management.

What is ISO 28000?

ISO 28000 specifies the requirements for establishing, implementing, maintaining, and improving a security management system (SeMS), including the aspects relevant to the security of the supply chain. 

ISO 28000:2022 Security and resilience – Security management systems – Requirements replaces the ISO 28000:2007 Specification for security management systems for the supply chain. The title of the standard has been changed to emphasize the fact that ISO 28000 requirements are not only applicable to organizations in the supply chain, but to all organizations, regardless of the type, size, or industry. 

The new edition of ISO 28000 follows the harmonized structure of ISO, where the requirements for the SeMS are outlined in clauses 4 to 10. This enables organizations to integrate the SeMS with other management systems based on ISO standards.

The new edition of ISO 28000 includes additional recommendations as well. In clause 4, recommendations on eight principles for security management have been added to ensure better alignment with ISO 31000 (the standard for risk management). In addition, clause 8 sets out recommendations related to security strategies, procedures, processes and treatments, and security plans that ensure consistency with ISO 22301 (the standard for business continuity management).

What are the benefits of an effective SeMS based on ISO 28000?

A security management system based on ISO 28000 enables organizations to achieve their security management objectives. In particular, it enables organizations to: 

• Enhance business capabilities 
• Ensure the security of the environment in which they operate
• Comply with statutory, regulatory, and voluntary security obligations
• Identify and address risks and opportunities related to security management 
• Effectively deal with security violations 
• Recover from disruptions in the supply chain 
• Manage relationships with all relevant interested parties in the supply chain 
• Manage security-related risks
• Create and protect value
• Align security processes and controls with the organization’s objectives
• Gain a competitive advantage

Why choose PECB?

• As a global provider of training, examination, and certification services, PECB aims to help you demonstrate your commitment and competence by providing you with valuable education, evaluation, and certification against internationally recognized standards. A PECB ISO 28000 certification will give you a competitive advantage in the fast-paced and ever-evolving field of security. The PECB ISO 28000 certification program is globally recognized and will help you become a highly competent and knowledgeable professional in the field.

  Which PECB Certified ISO 28000 training course is the most appropriate for me? 

Enhance your knowledge and improve your career security management competencies by attending one of the PECB ISO 28000 training courses below

ISO 28000 FOUNDATION

ISO 28000 LEAD IMPLEMENTER

ISO 28000 LEAD AUDITOR

ISO 28000 TRANSITION