ISO 28004-1:2007/DAmd 3

DRAFT AMENDMENT ISO 28004:2007/DAmd 3
ISO/TC 8 Secretariat: SAC
Voting begins on: Voting terminates on:
2010-09-01 2011-02-01

INTERNATIONAL ORGANIZATION FOR STANDARDIZATION • МЕЖДУНАРОДНАЯ ОРГАНИЗАЦИЯ ПО СТАНДАРТИЗАЦИИ • ORGANISATION INTERNATIONALE DE NORMALISATION

Systèmes de management de la sûreté pour la chaîne d'approvisionnement — Lignes directrices pour la mise

AMENDEMENT 3: Guide spécifique additionnel si la conformité avec l'ISO 28001 est un objectif du

In accordance with the provisions of Council Resolution 15/1993 this document is circulated in

Conformément aux dispositions de la Résolution du Conseil 15/1993, ce document est distribué

To expedite distribution, this document is circulated as received from the committee secretariat.

ISO Central Secretariat work of editing and text composition will be undertaken at publication

Pour accélérer la distribution, le présent document est distribué tel qu'il est parvenu du

secrétariat du comité. Le travail de rédaction et de composition de texte sera effectué au

THIS DOCUMENT IS A DRAFT CIRCULATED FOR COMMENT AND APPROVAL. IT IS THEREFORE SUBJECT TO CHANGE AND MAY NOT BE

IN ADDITION TO THEIR EVALUATION AS BEING ACCEPTABLE FOR INDUSTRIAL, TECHNOLOGICAL, COMMERCIAL AND USER PURPOSES, DRAFT

INTERNATIONAL STANDARDS MAY ON OCCASION HAVE TO BE CONSIDERED IN THE LIGHT OF THEIR POTENTIAL TO BECOME STANDARDS TO

RECIPIENTS OF THIS DRAFT ARE INVITED TO SUBMIT, WITH THEIR COMMENTS, NOTIFICATION OF ANY RELEVANT PATENT RIGHTS OF WHICH

This PDF file may contain embedded typefaces. In accordance with Adobe's licensing policy, this file may be printed or viewed but shall

not be edited unless the typefaces which are embedded are licensed to and installed on the computer performing the editing. In

downloading this file, parties accept therein the responsibility of not infringing Adobe's licensing policy. The ISO Central Secretariat

Details of the software products used to create this PDF file can be found in the General Info relative to the file; the PDF-creation

parameters were optimized for printing. Every care has been taken to ensure that the file is suitable for use by ISO member bodies. In the

unlikely event that a problem relating to it is found, please inform the Central Secretariat at the address given below.

This ISO document is a Draft International Standard and is copyright-protected by ISO. Except as permitted

under the applicable laws of the user's country, neither this ISO draft nor any extract from it may be

reproduced, stored in a retrieval system or transmitted in any form or by any means, electronic, photocopying,

Requests for permission to reproduce should be addressed to either ISO at the address below or ISO's

Foreword ............................................................................................................................................................iv

Introduction.........................................................................................................................................................v

1 Scope......................................................................................................................................................1

2 Normative references............................................................................................................................2

3 General information..............................................................................................................................2

4 Organization of this addendum : .........................................................................................................3

Economic Operator requirements .......................................................................................................3

6 Practical guidance as to where the various requirements of ISO 28001 would plug into

ISO 28000 as inputs, processes or outputs........................................................................................6

7 Notes on terminology............................................................................................................................7

ISO (the International Organization for Standardization) is a worldwide federation of national standards bodies

(ISO member bodies). The work of preparing International Standards is normally carried out through ISO

technical committees. Each member body interested in a subject for which a technical committee has been

established has the right to be represented on that committee. International organizations, governmental and

non-governmental, in liaison with ISO, also take part in the work. ISO collaborates closely with the

International Electrotechnical Commission (IEC) on all matters of electrotechnical standardization.

International Standards are drafted in accordance with the rules given in the ISO/IEC Directives, Part 2.

The main task of technical committees is to prepare International Standards. Draft International Standards

adopted by the technical committees are circulated to the member bodies for voting. Publication as an

International Standard requires approval by at least 75 % of the member bodies casting a vote.

Attention is drawn to the possibility that some of the elements of this document may be the subject of patent

rights. ISO shall not be held responsible for identifying any or all such patent rights.

Amendment 3 to ISO 28004:2007 was prepared by Technical Committee ISO/TC 8, Ships and marine

This Addendum has been developed to supplement ISO 28004. In addition the additional guidance in this

addendum to ISO 28004 while amplifying the general guidance provided in the main body of ISO 28004 does

not conflict with the general guidance. While ISO 28000 is less specific than ISO 28001 on certain technical

security requirements they do not conflict. This Addendum helps to meet the Authorized Economic Operator

This addendum to ISO 28004 provides additional guidance for organizations adopting ISO 28000 that also

wish to incorporate the Best Practices identified in ISO 28001 as a management objective on their

international supply chains. The Best Practices in ISO 28001 both help organizations establish and document

levels of security within an international supply chain and facilitate validation in national Authorized Economic

Operator (AEO) programmes that are designed in accordance with the World Customs Organization

This addendum is not designed as a standalone document. The main body of ISO 28004 provides significant

guidance pertaining to required inputs, processes, outputs and other elements required by ISO 28000. The

guidance in this addendum provides additional specific guidance on implementing ISO 28000 if compliance

Some requirements specified in the WCO AEO program are government functions and are not addressed in

Customs shall take into account the demonstrated compliance history of a prospective AEO when

The AEO shall maintain timely, accurate, complete and verifiable records relating to import and export.

Maintenance of verifiable commercial records is an essential element in the security of the international

Financial viability of the AEO is an important indicator of an ability to maintain and improve upon

Customs, other competent authorities and the AEO, at all levels, international, national and local, should

consult regularly on matters of mutual interest, including supply chain security and facilitation measures,

in a manner which will not jeopardize enforcement activities. The results of this consultation should

contribute to Customs development and maintenance of its risk management strategy.

The following referenced documents are indispensable for the application of this document. For dated

references, only the edition cited applies. For undated references, the latest edition of the referenced

ISO 20858, Ships and marine technology - Maritime port facility security assessments and security plan

ISO 28001, Security management systems for the supply chain - Best practices for implementing supply chain

ISO 28004, Security management systems for the supply chain - Guidelines for the implementation of

The diagram in Figure 1 provides an illustration of how compliance and possible certification to ISO 28000

incorporating the best practices of ISO 28001 complements the requirements of national, regional or

economic Authorized Economic Operator programs and as well as those of certain industry programs and

facilitates the validations of such programs. Organizations may also choose to adopt ISO 28000/28001 to

improve and document supply chain security management without the goal of achieving AEO certification.

a) A series of charts showing the synergy between the World Customs Organization SAFE Framework

Authorized Economic Operator requirements and the clauses in ISO 28000 and ISO 28001 that

b) Practical guidance as to where the various requirements of ISO 28001 would plug into ISO 28000 as