What is ISO 28000?

ISO 28000 is an international standard that addresses the requirements of a Security Management System (SMS) for the supply chain. It specifies the aspects to help the organization to assess security threats and to manage them as they arise in their supply chain. Security Management is related to other aspects of business management. With ISO 28000, organizations can determine if appropriate security measures are in place and can protect their properties from various threats. Why is Supply Chain Security Management System important for you? An ISO 28000 certification demonstrates that you are an asset to your organization and that you are a trustworthy expert. It enables you to help the organization in establishing a Security Management System (SMS) that ensures the sufficient management and control of security and threats, coming from logistical operations and supply chain partners. With an ISO 28000 certification, you will gain visibility in the market and you will help your organization to improve their profitability and quality.

Benefits of ISO 28000:2007 Certification

Global recognition

Competitive advantage in the market

Enhanced reliability

Enhanced customer satisfaction

Opportunity to gain new businesses

The ability to control and manage threats within an organization

Check out the Who can be certified ISO 28000:2007 Certification Video

Who can be certified ISO 28000:2007?

ISO 28000 certification is applicable to all sizes of organizations, from small to multinational, in manufacturing, service, storage or transportation at any stage of the production or supply chain.

Manufacturing Companies

Ware Housing

Hospitals

Storage

Aerospace

Automotive

Food

Telecom

Document required for ISO 28000

  • System Manual
  • System Procedure
  • Policy
  • Objectives
  • Mission & Vision
  • Standard Operating Procedure (SOP)
  • Checklist
  • Forms
  • Formats
  • Records

The extent of Documented Information differs as per:

  • Organization’s size
  • Activities performed by the organization
  • Processes undertaken by the Organization
  • Products and services offered by the organization
  • The complexity of processes undertaken
  • Competence of persons involved

Role of Shamkris and Process of ISO 28000 - Risk Management

Shamkris adopts a results-oriented approach to effective system implementation in the organization. A simple and practical method of system implementation helps organizations increase business efficiency and sustainability. Shamkris supports 100% documentation to obtain an accreditation body of success in addition to enhanced performance.

The implementation process is described below:

Day 1

GAP Analysis, Certification Body, Selection, Cost Estimates

• Finding the GAP between existing system related to ISO requirements
• Selecting the appropriate certification Body
• Based on the scope of your business & certification Body you choose

Week 1

Developing Documents

• Management System Manual, Management System Procedures, Policy, Objectives, Forms etc.
• Review of Standard Operating Procedures (SOP)

Week 4

Implementing Management System

• ISO Awareness training for the top management and staff
• Implementing a well-documented management system throughout the organization

Week 8

Internal Audit
MRM
CAPA

• Internal audits identifying nonconformities related to ISO requirements
• Management Review Meetings
• Corrective and Preventive Action plan for nonconformities

Week 10

Certification Body
Audit
N-C Closing

• Shamkris acts on your behalf and assists you in the third-party audit
• Closing of any nonconformities identified by the certification body

Week 12

Certification Body

• ISO certificates issued for 1 years

Year on Year

Yearly Compliance

• Support of Yearly documentation for audit

FAQ

ISO 28000 establishes a security system that will protect people, goods, infrastructure, equipment, and transportation against security incidents and other potentially devastating situations. It specifies the requirements to establish, implement, maintain, improve, and audit a security management system.

ISO 28000 is an international standard which addresses the requirements of a Security Management System (SMS) for the supply chain. It specifies the aspects to help the organization to assess security threats and to manage them as they arise in their supply chain.

Key clauses of ISO 28000:2007
The ISO 28000 is organized into the following main clauses:
Clause 4.2: Security management policy. Clause 4.3: Security risk assessment and planning.
Clause 4.4: Implementation and operation. Clause 4.5: Checking and corrective action.
Clause 4.6: Management review and continual improvement.