ISO 28000

Specification for Security Management Systems for the Supply Chain

ISO 28000 standard specifies the requirements for developing, implementing, maintaining and improving a security management system for the organisation’s supply chain. Such management system includes aspects critical to security assurance of the supply chain. Security management systems integrates and relates to many processes of business management, including processes implemented or influenced by the organisation which may impact the security of the supply chain. Any organisation chooses certification against ISO 28000 can further demonstrate its significant contribution towards the security of the supply chains.

This standard can be used by any organisation, regardless of its size, scope, field of business, public or private, to develop and implement an effective security management system for its supply chain.  

ISO 28000 provides requirements for establishing security management system elements, including establishing security management policy. Implementing a security management system requires establishing processes for security risk assessment and planning, and the implementation of appropriate risk treatment plans and controls across the supply chain. The organisation is required to establish its security management objectives, with setting targets and implementation programmes to achieve these objectives. Part of implementing this standard is to establish and implement emergency preparedness and response plans to manage security incidents and ensure security recovery of the organisation.


Achieving ISO 28000 Security Management System for the supply chain certification will help your organisation:

  • Align your security management practices to international best practices and standards.
  • Identify security threats and risks within your supply chain and establish risk treatment plans and controls.
  • Achieve cost efficiencies in managing and maintaining security processes.
  • Develop and implement verified security objectives and targets to ensure the security of your operations and supply chain.
  • Build trust with stakeholders and customers with professional recognition of your supply chain security management practices.
  • Establish a framework for monitoring and improving security management practices within the organisation.