ISO 28001:2007

ISO 28001:2007 Security management systems for the supply chain


What is a Supply Chain?


A supply chain is an associated set of resources and processes that begin with the sourcing of raw materials and extend through the delivery of products or services to the end user across modes of transport.

A supply chain may include vendors, manufacturing facilities, logistics providers, internal distribution centres, distributors, wholesalers and other entities that lead to the end user.


ISO 28001:2007 Supply Chain Security Management System is an international standard, ISO 28001 defines the requirements of supply chain security management system and this system provides an administrative model for organizations which want to implement.


ISO 28001:2007 provides requirements and guidance for organizations in international supply chains to

  • develop and implement supply chain security processes;
  • establish and document a minimum level of security within a supply chain(s) or segment of a supply chain;
  • assist in meeting the applicable authorized economic operator (AEO) criteria set forth in the World Customs Organization Framework of Standards and conforming national supply chain security programmes.

In addition, ISO 28001:2007 establishes certain documentation requirements that would permit verification.

Users of ISO 28001:2007 will

  • define the portion of an international supply chain within which they have established security;
  • conduct security assessments on that portion of the supply chain and develop adequate countermeasures;
  • develop and implement a supply chain security plan;
  • train security personnel in their security related duties.

Supply chain security - the business benefits


Some of the key benefits include:

  • Integrated enterprise resilience
  • Systematized management practices
  • Enhanced credibility and brand recognition
  • Aligned terminology and conceptual usage
  • Improved supply chain performance
  • Benchmarking against internationally recognizable criteria
  • Greater compliance processes


Consultancy Services Road Map:


  • Gap Analyses
  • Designing, Documentation and Implementation (System Development)
  • Internal Auditing
  • Management Review
  • Certification Process Guidance