What is ISO 28000?
ISO 28000 is an international standard that addresses the requirements of a Security Management System (SMS) for the supply chain. It specifies the aspects to help the organization to assess security threats and to manage them as they arise in their supply chain. Security Management is related to other aspects of business management. With ISO 28000, organizations can determine if appropriate security measures are in place and can protect their properties from various threats. Why is Supply Chain Security Management System important for you? An ISO 28000 certification demonstrates that you are an asset to your organization and that you are a trustworthy expert. It enables you to help the organization in establishing a Security Management System (SMS) that ensures the sufficient management and control of security and threats, coming from logistical operations and supply chain partners. With an ISO 28000 certification, you will gain visibility in the market and you will help your organization to improve their profitability and quality.
Benefits of ISO 28000:2007 Certification
Global recognition
Competitive advantage in the market
Enhanced reliability
Enhanced customer satisfaction
Opportunity to gain new businesses
The ability to control and manage threats within an organization
Check out the Who can be certified ISO 28000:2007 Certification Video
Who can be certified ISO 28000:2007?
ISO 28000 certification is applicable to all sizes of organizations, from small to multinational, in manufacturing, service, storage or transportation at any stage of the production or supply chain.
Manufacturing Companies
Ware Housing
Hospitals
Storage
Aerospace
Automotive
Food
Telecom
Document required for ISO 28000
- System Manual
- System Procedure
- Policy
- Objectives
- Mission & Vision
- Standard Operating Procedure (SOP)
- Checklist
- Forms
- Formats
- Records
The extent of Documented Information differs as per:
- Organization’s size
- Activities performed by the organization
- Processes undertaken by the Organization
- Products and services offered by the organization
- The complexity of processes undertaken
- Competence of persons involved
Role of Shamkris and Process of ISO 28000 - Risk Management
Shamkris adopts a results-oriented approach to effective system implementation in the organization. A simple and practical method of system implementation helps organizations increase business efficiency and sustainability. Shamkris supports 100% documentation to obtain an accreditation body of success in addition to enhanced performance.
The implementation process is described below:
Day 1
GAP Analysis, Certification Body, Selection, Cost Estimates
• Finding the GAP between existing system related to ISO requirements
• Selecting the appropriate certification Body
• Based on the scope of your business & certification Body you choose
Week 1
Developing Documents
• Management System Manual, Management System Procedures, Policy, Objectives, Forms etc.
• Review of Standard Operating Procedures (SOP)
Week 4
Implementing Management System
• ISO Awareness training for the top management and staff
• Implementing a well-documented management system throughout the organization
Week 8
Internal Audit
MRM
CAPA
• Internal audits identifying nonconformities related to ISO requirements
• Management Review Meetings
• Corrective and Preventive Action plan for nonconformities
Week 10
Certification Body
Audit
N-C Closing
• Shamkris acts on your behalf and assists you in the third-party audit
• Closing of any nonconformities identified by the certification body
Week 12
Certification Body
• ISO certificates issued for 1 years
Year on Year
Yearly Compliance
• Support of Yearly documentation for audit
ISO 28000 establishes a security system that will protect people, goods, infrastructure, equipment, and transportation against security incidents and other potentially devastating situations. It specifies the requirements to establish, implement, maintain, improve, and audit a security management system.
ISO 28000 is an international standard which addresses the requirements of a Security Management System (SMS) for the supply chain. It specifies the aspects to help the organization to assess security threats and to manage them as they arise in their supply chain.
Key clauses of ISO 28000:2007
The ISO 28000 is organized into the following main clauses:
Clause 4.2: Security management policy. Clause 4.3: Security risk assessment and planning.
Clause 4.4: Implementation and operation. Clause 4.5: Checking and corrective action.
Clause 4.6: Management review and continual improvement.