Eurocert S.A.

Developed in response to the need by the logistics and transportation industries for an applicable security management norm, ISO 28000 is commonly accepted as the specific standard for companies needing to assess security risks, implement controls, and better manage potential security threats and issues related to the supply chain.

ISO 28000 is suitable to all sizes and types of organizations involved in purchasing, manufacturing, service, storage, transportation and/or sales processes wishing to implement and maintain a secure management system for their supply chain. Examples of such organizations include the following activities:

• Manufacturing companies

• Packing facilities

• Logistics / storage / warehousing facilities

• Transportation companies

• Couriers

ISO 28000 is a standard that sets the requirements to establish, implement, maintain and improve a security management system for the supply chain. This standard is not aligned with the new structure of ISO 9001:2015. It sets the requirements for a security management system, focusing on the application of the best practice approach to managing the risks in the supply chain, the satisfaction of interested parties’ requirements, the motivation and implication of top management, the establishment and monitoring of objectives and the continual improvement. The ‘Plan-Do-Check-Act’ principle also applies to this standard.

The structure of ISO 28000:2007 is the following:

Scope
Normative references
Terms and definitions
Security management system elements
General requirements
Security management policy
Security risk assessment and planning
Implementation and operation
Checking and corrective action
Management review and continual improvement

With the development of international commerce, it has become more complicated for organizations to manage supply chain security. Today’s complex supply chains are vulnerable to a wide range of risk parameters that can be a threat to an organization’s operations and its profitability. In cases of serious incidents in the supply chain, those companies involved often experience serious financial losses and customer problems. Examples of such risks are natural environmental events, fires, terrorism, issues such as fraud or cybersecurity breaches, raw material shortages and many more. ISO 28000 helps by providing the basis for an overarching security management system in the supply chain, delivering confidence, consistency and a market advantage to the organizations. This security management system provides a framework to develop a structured approach to supply chain risk management in order to optimize reliability throughout the value chain.

The basic benefits from setting and implementing a Security Management Systems for the Supply Chain according to the requirements of ISO 28000:2007 are the following:

• Provides reliable approach by service providers within the supply chain

• Augments security risk assessment, asset protection and inventory management

• Assures supply continuity for sustainable business development and reduction of time to delivery

• Mitigate supply chain risks

• Enhance business continuity

• Reliable decision making

• Enhanced stakeholder confidence through compliance and improved reputation

• Prevention and mitigation of unexpected failures or incidents in the supply chain

• Reduces losses of theft during exportation, importation and transport

• Increased organizational resilience

• Achieve cost savings through reducing security or safety incidents

• Improved level of safety and security for employees and subcontractors

• Demonstrates market innovation

• Improvement of the corporate image of the company

ISO 28000 is the first of a series of ISO standards including:

• ISO 28002:2011 Security management system for the supply chain – development of resilience in the supply chain

• ISO 28004-1:2007 Safety management system supply chain guide for implementing ISO 28000 – General principles.

• ISO 28004-2:2014 Guidelines for adopting ISO 28000 for use in medium and small seaport operations.

• ISO 28004-3:2014 Additional specific guidance for adopting ISO 28000 for small and medium businesses, with the exception of seaports.

• ISO 28004-4:2014 Additional specific guidance on implementing ISO 28000 if compliance with ISO 28001 is the goal.

• We are the largest Greek independent certification body, accredited by ESYD, with offices in more than 35 countries worldwide. Certification with Eurocert means evaluation and acceptance from an accredited and recognized/well-respected Certification body.

• We have strong and experienced staff and associates, who as inspectors / auditors and / or technical experts carry out inspections of high added value for your company.

• We make sure to keep you informed and updated of any local and/or international changes that concern your certification scope

• Our accreditation covers a wide range of standards and products; thus we are able to provide you with holistic solutions regarding management system certification

Please read the attachments for more information

Leaflet ISO28000_en

Typically, in addition to the time for the development of the Management System, a sufficient period of time is required for its implementation and the creation of files, although of course this time depends on various factors. The main issue is that the organization demonstrates that its management system is fully implemented and meets all the requirements of the standard. Top management and employees’ level of awareness is also a crucial point to determine the necessary time for gaining certification.

No. ISO 28000:2007 is a voluntary certification aiming at continual improvement and does not substitute any public or official audit. However, it improves the company’s organization, so that it complies with all relevant applicable legislation and helps avoiding any unexpected problems or fines during these audits acting pre-cautiously.