iTeh StandardsiTeh Standards
EURUSD
Your shopping cart is empty!
ISO

ISO/DIS 28000

(Main)

Security and resilience - Security management systems – Requirements for the supply chain

Security and resilience - Security management systems – Requirements for the supply chain

Titre manque

General Information

Status
Published
ICS
03.100.01 - Company organization and management in general
03.100.70 - Management systems
Technical Committee
ISO/TC 292 - Security and resilience
Drafting Committee
ISO/TC 292/WG 8 - Supply chain security
Current Stage
2020 - Working draft (WD) study initiated
Start Date
05-Feb-2020
Ref Project

RELATIONS

Revised
ISO 28000:2007 - Specification for security management systems for the supply chain
Effective Date
23-Apr-2020

Buy Standard

ISO/DIS 28000ISO/DIS 28000
PreviousNext
Draft
ISO/DIS 28000 - Security and resilience - Security management systems – Requirements for the supply chain
English language
20 pages
sale 15% off
Preview
sale 15% off
Preview

Standards Content (sample)

DRAFT INTERNATIONAL STANDARD
ISO/DIS 28000
ISO/TC 292 Secretariat: SIS
Voting begins on: Voting terminates on:
2021-02-23 2021-05-18
Security and resilience - Security management systems –
Requirements for the supply chain
ICS: 03.100.01; 03.100.70
THIS DOCUMENT IS A DRAFT CIRCULATED
FOR COMMENT AND APPROVAL. IT IS
THEREFORE SUBJECT TO CHANGE AND MAY
NOT BE REFERRED TO AS AN INTERNATIONAL
STANDARD UNTIL PUBLISHED AS SUCH.
IN ADDITION TO THEIR EVALUATION AS
BEING ACCEPTABLE FOR INDUSTRIAL,
This document is circulated as received from the committee secretariat.
TECHNOLOGICAL, COMMERCIAL AND
USER PURPOSES, DRAFT INTERNATIONAL
STANDARDS MAY ON OCCASION HAVE TO
BE CONSIDERED IN THE LIGHT OF THEIR
POTENTIAL TO BECOME STANDARDS TO
WHICH REFERENCE MAY BE MADE IN
Reference number
NATIONAL REGULATIONS.
ISO/DIS 28000:2021(E)
RECIPIENTS OF THIS DRAFT ARE INVITED
TO SUBMIT, WITH THEIR COMMENTS,
NOTIFICATION OF ANY RELEVANT PATENT
RIGHTS OF WHICH THEY ARE AWARE AND TO
PROVIDE SUPPORTING DOCUMENTATION. ISO 2021
---------------------- Page: 1 ----------------------
ISO/DIS 28000:2021(E)
COPYRIGHT PROTECTED DOCUMENT
© ISO 2021

All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may

be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting

on the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address

below or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland
ii © ISO 2021 – All rights reserved
---------------------- Page: 2 ----------------------
ISO/DIS 28000:2021(E)
Contents Page

Foreword ..........................................................................................................................................................................................................................................v

Introduction ................................................................................................................................................................................................................................vi

1 Scope ................................................................................................................................................................................................................................. 1

2 Normative references ...................................................................................................................................................................................... 1

3 Terms and definitions ..................................................................................................................................................................................... 1

4 Context of the organization ....................................................................................................................................................................... 4

4.1 Understanding the organization and its context ....................................................................................................... 4

4.2 Understanding the needs and expectations of interested parties .............................................................. 4

4.2.1 General...................................................................................................................................................................................... 4

4.2.2 Legal, statutory and other security regulatory requirements .................................................. 4

4.2.3 Principles ................................................................................................................................................................................ 4

4.3 Determining the scope of the security management system .......................................................................... 6

4.4 Security management system .................................................................................................................................................... 7

5 Leadership .................................................................................................................................................................................................................. 7

5.1 Leadership and commitment ..................................................................................................................................................... 7

5.2 Policy ............................................................................................................................................................................................................... 7

5.2.1 Establishing the security policy .......................................................................................................................... 7

5.2.2 Security policy requirements ................................................................................................................................ 8

5.3 Roles, responsibilities and authorities ............................................................................................................................... 8

6 Planning ......................................................................................................................................................................................................................... 8

6.1 Actions to address risks and opportunities ................................................................................................................... 8

6.1.1 General...................................................................................................................................................................................... 8

6.1.2 Determining security risks and identifying opportunities .......................................................... 9

6.1.3 Addressing security risks and exploiting opportunities ............................................................... 9

6.2 Security objectives and planning to achieve them ................................................................................................... 9

6.2.1 Establishing security objectives ......................................................................................................................... 9

6.2.2 Determining security objectives......................................................................................................................10

6.3 Planning changes to the security management system ....................................................................................10

7 Support ........................................................................................................................................................................................................................10

7.1 Resources ..................................................................................................................................................................................................10

7.2 Competence ............................................................................................................................................................................................10

7.3 Awareness ................................................................................................................................................................................................11

7.4 Communication ...................................................................................................................................................................................11

7.5 Documented information ............................................................................................................................................................11

7.5.1 General...................................................................................................................................................................................11

7.5.2 Creating and updating ..............................................................................................................................................11

7.5.3 Control ...................................................................................................................................................................................12

8 Operation ..................................................................................................................................................................................................................12

8.1 Operational planning and control .......................................................................................................................................12

8.2 Identification of processes and activities ......................................................................................................................13

8.3 Risk assessment and treatment ............................................................................................................................................13

8.4 Controls ......................................................................................................................................................................................................13

8.5 Security strategies, procedures, processes and treatments ..........................................................................14

8.5.1 Identification and selection of strategies and treatments ........................................................14

8.5.2 Resource requirements ...........................................................................................................................................14

8.5.3 Implementation of Treatments ........................................................................................................................14

8.6 Security plans ........................................................................................................................................................................................14

8.6.1 General...................................................................................................................................................................................14

8.6.2 Response structure .....................................................................................................................................................14

8.6.3 Warning and communication ............................................................................................................................15

8.6.4 Content of the Security plans .............................................................................................................................16

© ISO 2021 – All rights reserved iii
---------------------- Page: 3 ----------------------
ISO/DIS 28000:2021(E)

8.6.5 Recovery ...............................................................................................................................................................................16

9 Performance evaluation ............................................................................................................................................................................16

9.1 Monitoring, measurement, analysis and evaluation ............................................................................................16

9.2 Internal audit .........................................................................................................................................................................................17

9.2.1 Conducting internal audits ...................................................................................................................................17

9.2.2 Audit program .................................................................................................................................................................17

9.3 Management review ........................................................................................................................................................................17

9.3.1 General...................................................................................................................................................................................17

9.3.2 Management review output ................................................................................................................................18

9.3.3 Management review input ...................................................................................................................................18

10 Improvement .........................................................................................................................................................................................................18

10.1 Nonconformity and corrective action ..............................................................................................................................18

10.2 Continual improvement ...............................................................................................................................................................19

Bibliography .............................................................................................................................................................................................................................20

iv © ISO 2021 – All rights reserved
---------------------- Page: 4 ----------------------
ISO/DIS 28000:2021(E)
Foreword

ISO (the International Organization for Standardization) is a worldwide federation of national standards

bodies (ISO member bodies). The work of preparing International Standards is normally carried out

through ISO technical committees. Each member body interested in a subject for which a technical

committee has been established has the right to be represented on that committee. International

organizations, governmental and non-governmental, in liaison with ISO, also take part in the work.

ISO collaborates closely with the International Electrotechnical Commission (IEC) on all matters of

electrotechnical standardization.

The procedures used to develop this document and those intended for its further maintenance are

described in the ISO/IEC Directives, Part 1. In particular, the different approval criteria needed for the

different types of ISO documents should be noted. This document was drafted in accordance with the

editorial rules of the ISO/IEC Directives, Part 2 (see www .iso .org/ directives).

Attention is drawn to the possibility that some of the elements of this document may be the subject of

patent rights. ISO shall not be held responsible for identifying any or all such patent rights. Details of

any patent rights identified during the development of the document will be in the Introduction and/or

on the ISO list of patent declarations received (see www .iso .org/ patents).

Any trade name used in this document is information given for the convenience of users and does not

constitute an endorsement.

For an explanation of the voluntary nature of standards, the meaning of ISO specific terms and

expressions related to conformity assessment, as well as information about ISO's adherence to the

World Trade Organization (WTO) principles in the Technical Barriers to Trade (TBT), see www .iso .org/

iso/ foreword .html.

This document was prepared by Technical Committee ISO/TC 292 Security and resilience.

This second edition cancels and replaces the first edition (ISO 28000:2007), which has been technically

revised but maintains existing requirements to provide continuity for organizations using the previous

edition. The main changes compared with the previous edition are as follows:
— ISO directives Annex L, Appendix 2 has been followed

— Recommendations on principles have been added in clause 4 to give better coordination with

ISO 31000

— Recommendations have been added in clause 8 for better consistency with ISO 22301 facilitating

integration including:
o security strategies, procedures, processes and treatments,
o security plans
A list of all parts in the ISO 28000 series can be found on the ISO website.

Any feedback or questions on this document should be directed to the user’s national standards body. A

complete listing of these bodies can be found at www .iso .org/ members .html.
© ISO 2021 – All rights reserved v
---------------------- Page: 5 ----------------------
ISO/DIS 28000:2021(E)
Introduction

There is an increasing uncertainty and volatility in the security environment experienced by most

organizations. As a consequence, they face security issues impacting on their objectives and want

to address them systematically within their management system. A formal approach to security

management can contribute directly to the business capability and credibility of the organization.

This document specifies requirements for a security management system, including those aspects

critical to security assurance of the supply chain. It requires the organization to:

— Assess the security environment in which it operates including its supply chain (including

dependencies and interdependencies);

— Determine if adequate security measures are in place to effectively manage security related risks;

— Manage compliance with statutory, regulatory, and voluntary obligations to which the organization

subscribes; and,

— Align security processes and controls, including the relevant upstream and downstream processes

and controls of the supply chain to meet the organization’s objectives.

It requires the organization to assess the security environment in which it operates and to determine

if adequate security measures are in place to effectively manage security related risks and if other

regulatory security related requirements already exist with which the organization complies.

If security objectives are identified, the organization implements controls to meet these objectives.

Security management is linked to many aspects of business management. They include all activities

controlled or influenced by organizations including but not limited to those that impact on the supply

chain. All activities, functions, and operations should be considered that have an impact on the security

management of the organization including (but not limited to) its supply chain.

With regard to the supply chain it has to be considered that supply chains are dynamic in nature.

Therefore, some organizations managing multiple supply chains may look to their providers to meet

related security standards as a condition of being included in that supply chain in order to meet

requirements for security management.

This document applies the “Plan-Do-Check-Act” (PDCA) model to planning, establishing, implementing,

operating, monitoring, reviewing, maintaining and continually improving the effectiveness of an

organization’s security management system.
Table 1 — Explanation of the PDCA model

Pl a n Establish security policy, objectives, targets, controls, processes and pro-

(Establish) cedures relevant to improving security in order to deliver results that align

with the organization’s overall policies and objectives.

Do Implement and operate the security policy, controls, processes and procedures.

(Implement and operate)
C h e c k Monitor and review performance against security policy and objectives,

(Monitor and review) report the results to management for review, and determine and authorize

actions for remediation and improvement.
Ac t Maintain and improve the Security Management system (SMS) by taking cor-

(Maintain and improve) rective action, based on the results of management review and reappraising

the scope of the SMS and security policy and objectives.
vi © ISO 2021 – All rights reserved
---------------------- Page: 6 ----------------------
ISO/DIS 28000:2021(E)
Figure 1 — PDCA model applied to the security management system

This ensures a degree of consistency with other management systems standards, such as ISO 9001,

Quality management systems – Requirements, ISO 14001, Environmental management systems

- Requirements with guidance for use, ISO 22301, Security and resilience - Business continuity

management systems – Requirements, ISO/IEC 27001, Information technology - Security techniques -

Information security management systems – Requirement, ISO 45001, Occupational health and safety

management systems - Requirements with guidance for use, etc. thereby supporting consistent and

integrated implementation and operation with related management systems.

Compliance with an International Standard does not in itself confer immunity from legal obligations.

For organizations that so wish, compliance of the security management system with this International

Standard may be verified by an external or internal auditing process.
[editorial note to the DIS:

NSBs are invited to discuss for part three of the title the desirable degree of alignment with the scope

agreed to by TMB and TC 292 in the justification study - part three of the title would read:

»Requirements including aspects relevant for the supply chain«]
© ISO 2021 – All rights reserved vii
---------------------- Page: 7 ----------------------
DRAFT INTERNATIONAL STANDARD ISO/DIS 28000:2021(E)
Security and resilience - Security management systems –
Requirements for the supply chain
1 Scope

This International Standard specifies requirements for a security management system, including

aspects relevant to the supply chain.

This document is applicable to all types and sizes of organizations (e.g. commercial enterprises,

government or other public agencies and non-profit organizations) which intend to establish, implement,

maintain and improve a security management system. It provides an holistic and common approach

and is not industry or sector specific.

This document can be used throughout the life of the organization and can be applied to any activity,

internal and external at all levels.
2 Normative references

The following documents are referred to in the text in such a way that some or all of their content

constitutes requirements of this document. For dated references, only the edition cited applies. For

undated references, the latest edition of the referenced document (including any amendments) applies.

ISO 22300, Security and resilience – Vocabulary
ISO 31000, Risk management — Guidelines
3 Terms and definitions

For the purposes of this document, the terms and definitions in ISO 22300 and the following terms and

definitions apply.

ISO and IEC maintain terminological databases for use in standardization at the following addresses:

— ISO Online browsing platform: available at https:// www .iso .org/ obp
— IEC Electropedia: available at http:// www .electropedia .org/
3.1
organization

person or group of people that has its own functions with responsibilities, authorities and relationships

to achieve its objectives (3.8)

Note 1 to entry: The concept of organization includes, but is not limited to, sole-trader, company, corporation, firm,

enterprise, authority, partnership, charity or institution, or part or combination thereof, whether incorporated

or not, public or private.
3.2
interested party (preferred term)
stakeholder (admitted term)

person or organization (3.1) that can affect, be affected by, or perceive itself to be affected by a decision

or activity
© ISO 2021 – All rights reserved 1
---------------------- Page: 8 ----------------------
ISO/DIS 28000:2021(E)
3.3
requirement
need or expectation that is stated, generally implied or obligatory

Note 1 to entry: “Generally implied” means that it is custom or common practice for the organization and

interested parties that the need or expectation under consideration is implied.

Note 2 to entry: A specified requirement is one that is stated, e.g. in documented information.

3.4
management system

set of interrelated or interacting elements of an organization (3.1) to establish policies (3.7) and

objectives (3.8) and processes (3.12) to achieve those objectives

Note 1 to entry: A management system can address a single discipline or several disciplines.

Note 2 to entry: The system elements include the organization’s structure, roles and responsibilities, planning

and operation.

Note 3 to entry: The scope of a management system can include the whole of the organization, specific and

identified functions of the organization, specific and identified sections of the organization, or one or more

functions across a group of organizations.
3.5
top management

person or group of people who directs and controls an organization (3.1) at the highest level

Note 1 to entry: Top management has the power to delegate authority and provide resources within the

organization.

Note 2 to entry: If the scope of the management system (3.4) covers only part of an organization, then top

management refers to those who direct and control that part of the organization.
3.6
effectiveness
extent to which planned activities are realized and planned results achieved
3.7
policy

intentions and direction of an organization (3.1), as formally expressed by its top management (3.5)

3.8
objective
result to be achieved
Note 1 to entry: An objective can be strategic, tactical, or operational.

Note 2 to entry: Objectives can relate to different disciplines (such as financial, health and safety, and

environmental goals) and can apply at different levels (such as strategic, organization-wide, project, product and

process (3.12)).

Note 3 to entry: An objective can be expressed in other ways, e.g. as an intended outcome, a purpose, an

operational criterion, as a security objective, or by the use of other words with similar meaning (e.g. aim, goal, or

target).

Note 4 to entry: In the context of security management systems, security objectives are set by the organization,

consistent with the security policy, to achieve specific results.
3.9
risk
effect of uncertainty on objectives

Note 1 to entry: An effect is a deviation from the expected. It can be positive, negative or both, and can address,

create or result in opportunities and threats.
2 © ISO 2021 – All rights reserved
---------------------- Page: 9 ----------------------
ISO/DIS 28000:2021(E)

Note 2 to entry: Objectives can have different aspects and categories, and can be applied at different levels.

Note 3 to entry: Risk is usually expressed in terms of risk sources, potential events, their consequences and their

likelihood.
3.10
competence
ability to apply knowledge and skills to achieve intended results
3.11
documented information

information required to be controlled and maintained by an organization (3.1) and the medium on

which it is contained

Note 1 to entry: Documented information can be in any format and media, and from any source.

Note 2 to entry: Documented information can refer to:
— the management system (3.4), including related processes (3.12);

— information created in order for the organization (3.1) to operate (documentation);

— evidence of results achieved (records).
[SOURCE: ISO/IEC 27000, 3.19]
3.12
process

set of interrelated or interacting activities which transforms inputs into outputs

3.13
performance
measurable results

Note 1 to entry: Performance can relate either to quantitative or qualitative findings.

Note 2 to entry: Performance can relate to managing activities, processes (3.12), products (including services),

systems or organizations (3.1).
3.14
outsource (verb)

make an arrangement where an external organization (3.1) performs part of an organization’s function

or process (3.12)

Note 1 to entry: An external organization is outside the scope of the management system (3.4), although the

outsourced function or process is within the scope.
3.15
monitoring
determining the status of a system, a process (3.12) or an activity

Note 1 to entry: To determine the status, there can be a need to check, supervise or critically observe.

3.16
measurement
process (3.12) to determine a value
3.17
audit

systematic, independent and documented process (3.12) for obtaining audit evidence and evaluating it

objectively to determine the extent to which the audit criteria are fulfilled

Note 1 to entry: An audit can be an internal audit (first party) or an external audit (second party or third party),

and it can be a combined audit (combining two or more disciplines).
© ISO 2021 – All rights reserved 3
---------------------- Page: 10 ----------------------
ISO/DIS 28000:2021(E)

Note 2 to entry: An internal audit is conducted by the organization itself, or by an external party on its behalf.

Note 3 to entry: “Audit evidence” and “audit criteria” are defined in ISO 19011.
3.18
conformity
fulfilment of a requirement (3.3)
3.19
nonconformity
non-fulfilment of a requirement (3.3)
3.20
corrective action

action to eliminate the cause(s) of a nonconformity (3.19) and to prevent recurrence

3.21
continual improvement
recurring activity to enhance performance (3.13)
4 Context of the organization
4.1 Understanding the organization and its context

The organization shall determine external and internal issues that are relevant to its purpose and that

affect its ability to achieve the intended outcome(s) of its security management system.

4.2 Understanding the needs and expectations of interested parties
4.2.1 General
The
...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.

This May Also Interest You

ISO
ISO 22313:2020(Main)
Security and resilience -- Business continuity management systems -- Guidance on the use of ISO 22301

This document gives guidance and recommendations for applying the requirements of the business continuity management system (BCMS) given in ISO 22301. The guidance and recommendations are based on good international practice. This document is applicable to organizations that: a) implement, maintain and improve a BCMS; b) seek to ensure conformity with stated business continuity policy; c) need to be able to continue to deliver products and services at an acceptable predefined capacity during a d...view more

    • sale 15% off
    • Standard
      55 pages
      English language
    • sale 15% off
    • Standard
      58 pages
      French language
ISO
ISO 22301:2019(Main)
Security and resilience -- Business continuity management systems -- Requirements

This document specifies requirements to implement, maintain and improve a management system to protect against, reduce the likelihood of the occurrence of, prepare for, respond to and recover from disruptions when they arise. The requirements specified in this document are generic and intended to be applicable to all organizations, or parts thereof, regardless of type, size and nature of the organization. The extent of application of these requirements depends on the organization's operating env...view more

    • sale 15% off
    • Standard
      21 pages
      English language
    • sale 15% off
    • Standard
      21 pages
      English language
    • sale 15% off
    • Standard
      22 pages
      French language
    • sale 15% off
    • Standard
      22 pages
      French language
ISO
ISO/TS 22331:2018(Main)
Security and resilience -- Business continuity management systems -- Guidelines for business continuity strategy

This document gives guidance for business continuity strategy determination and selection. It is applicable to all organizations regardless of type, size and nature, whether in the private, public or not-for-profit sectors. It is intended for use by those responsible for, or participating in, strategy determination and selection.

    • sale 15% off
    • Technical specification
      25 pages
      English language
    • sale 15% off
    • Technical specification
      28 pages
      French language
ISO
ISO/TS 22330:2018(Main)
Security and resilience -- Business continuity management systems -- Guidelines for people aspects of business continuity

This document gives guidelines for the planning and development of policies, strategies and procedures for the preparation and management of people affected by an incident. This includes: — preparation through awareness, analysis of needs, and learning and development; — coping with the immediate effects of the incident (respond); — managing people during the period of disruption (recover); — continuing to support the workforce after returning to business as usual (restore). The management of pe...view more

    • sale 15% off
    • Technical specification
      38 pages
      English language
ISO
ISO/TS 22317:2015(Main)
Societal security -- Business continuity management systems -- Guidelines for business impact analysis (BIA)

ISO/TS 22317:2015 provides guidance for an organization to establish, implement, and maintain a formal and documented business impact analysis (BIA) process. This Technical Specification does not prescribe a uniform process for performing a BIA, but will assist an organization to design a BIA process that is appropriate to its needs. ISO/TS 22317:2015 is applicable to all organizations regardless of type, size, and nature, whether in the private, public, or not-for-profit sectors. The guidance c...view more

    • sale 15% off
    • Technical specification
      27 pages
      English language
    • sale 15% off
    • Technical specification
      29 pages
      French language
ISO
ISO/TS 22318:2015(Main)
Societal security -- Business continuity management systems -- Guidelines for supply chain continuity

ISO/TS 22318:2015 gives guidance on methods for understanding and extending the principles of BCM embodied in ISO 22301 and ISO 22313 to the management of supplier relationships. This Technical Specification is generic and applicable to all organizations (or parts thereof), regardless of type, size and nature of business. It is applicable to the supply of products and services, both internally and externally. The extent of application of this Technical Specification depends on the organization's...view more

    • sale 15% off
    • Technical specification
      22 pages
      English language
ISO
ISO 28004-3:2014(Main)
Security management systems for the supply chain -- Guidelines for the implementation of ISO 28000

ISO 28004-3:2014 has been developed to supplement ISO 28004-1 by providing additional guidance to medium and small businesses (other than marine ports) that wish to adopt ISO 28000. The additional guidance in ISO 28004-3:2014, while amplifying the general guidance provided in the main body of ISO 28004-1, does not conflict with the general guidance, nor does it amend ISO 28000.

    • sale 15% off
    • Standard
      15 pages
      English language
ISO
ISO 28004-4:2014(Main)
Security management systems for the supply chain -- Guidelines for the implementation of ISO 28000

ISO 28004-4:2014 provides additional guidance for organizations adopting ISO 28000 that also wish to incorporate the Best Practices identified in ISO 28001 as a management objective on their international supply chains. The Best Practices in ISO 28001 both help organizations establish and document levels of security within an international supply chain and facilitate validation in national Authorized Economic Operator (AEO) programmes that are designed in accordance with the World Customs Organi...view more

    • sale 15% off
    • Standard
      6 pages
      English language
ISO
ISO 28002:2011(Main)
Security management systems for the supply chain -- Development of resilience in the supply chain -- Requirements with guidance for use

ISO 28002:2011 specifies requirements for a resilience management system in the supply chain to enable an organization to develop and implement policies, objectives, and programs, taking into account legal, regulatory and other requirements to which the organization subscribes; information about significant risks, hazards and threats that may have consequences to the organization, its stakeholders, and on its supply chain; protection of its assets and processes; and management of disruptive inci...view more

    • sale 15% off
    • Standard
      55 pages
      English language
ISO
ISO 28001:2007(Main)
Security management systems for the supply chain -- Best practices for implementing supply chain security, assessments and plans -- Requirements and guidance

ISO 28001:2007 provides requirements and guidance for organizations in international supply chains to develop and implement supply chain security processes; establish and document a minimum level of security within a supply chain(s) or segment of a supply chain; assist in meeting the applicable authorized economic operator (AEO) criteria set forth in the World Customs Organization Framework of Standards and conforming national supply chain security programmes. In addition, ISO 28001:2007 establi...view more

    • sale 15% off
    • Standard
      27 pages
      English language
ISO
ISO 28004-1:2007(Main)
Security management systems for the supply chain -- Guidelines for the implementation of ISO 28000

ISO 28004:2007 provides generic advice on the application of ISO 28000:2007, Specification for security management systems for the supply chain. It explains the underlying principles of ISO 28000 and describes the intent, typical inputs, processes and typical outputs for each requirement of ISO 28000. This is to aid the understanding and implementation of ISO 28000. ISO 28004:2007 does not create additional requirements to those specified in ISO 28000, nor does it prescribe mandatory approaches ...view more

    • sale 15% off
    • Standard
      56 pages
      English language
    • sale 15% off
    • Standard
      61 pages
      French language
ISO
ISO 28000:2007(Main)
Specification for security management systems for the supply chain
SIST ISO 28000:2018

ISO 28000:2007 specifies the requirements for a security management system, including those aspects critical to security assurance of the supply chain. Security management is linked to many other aspects of business management. Aspects include all activities controlled or influenced by organizations that impact on supply chain security. These other aspects should be considered directly, where and when they have an impact on security management, including transporting these goods along the supply...view more

    • sale 15% off
    • Standard
      16 pages
      English language
    • sale 10% off
    • Standard
      22 pages
      English language
    • e-Library read for
      1 day
    • sale 15% off
    • Standard
      16 pages
      French language
ISO
ISO 28003:2007(Main)
Security management systems for the supply chain -- Requirements for bodies providing audit and certification of supply chain security management systems

ISO 28003:2007 contains principles and requirements for bodies providing the audit and certification of supply chain security management systems according to management system specifications and standards such as ISO 28000. It defines the minimum requirements of a certification body and its associated auditors, recognizing the unique need for confidentiality when auditing and certifying/registering a client organization. Requirements for supply chain security management systems can originate fro...view more

    • sale 15% off
    • Standard
      43 pages
      English language
    • sale 15% off
    • Standard
      47 pages
      French language
ISO
ISO 22313:2020(Main)
Security and resilience -- Business continuity management systems -- Guidance on the use of ISO 22301

This document gives guidance and recommendations for applying the requirements of the business continuity management system (BCMS) given in ISO 22301. The guidance and recommendations are based on good international practice. This document is applicable to organizations that: a) implement, maintain and improve a BCMS; b) seek to ensure conformity with stated business continuity policy; c) need to be able to continue to deliver products and services at an acceptable predefined capacity during a d...view more

    • sale 15% off
    • Standard
      55 pages
      English language
    • sale 15% off
    • Standard
      58 pages
      French language
ISO
ISO 22301:2019(Main)
Security and resilience -- Business continuity management systems -- Requirements

This document specifies requirements to implement, maintain and improve a management system to protect against, reduce the likelihood of the occurrence of, prepare for, respond to and recover from disruptions when they arise. The requirements specified in this document are generic and intended to be applicable to all organizations, or parts thereof, regardless of type, size and nature of the organization. The extent of application of these requirements depends on the organization's operating env...view more

    • sale 15% off
    • Standard
      21 pages
      English language
    • sale 15% off
    • Standard
      21 pages
      English language
    • sale 15% off
    • Standard
      22 pages
      French language
    • sale 15% off
    • Standard
      22 pages
      French language
ISO
ISO 44002:2019(Main)
Collaborative business relationship management systems -- Guidelines on the implementation of ISO 44001

This document gives guidelines for organizations on implementing ISO 44001 (see Figure 3) in order to achieve successful collaborative business relationships, as well as helping organizations use and implement the framework specification effectively. This document explains what is intended by each requirement of ISO 44001, why each is important, and recommends approaches to take for their practical implementation. How to meet the requirements is individually evaluated and applied in the context ...view more

    • sale 15% off
    • Standard
      80 pages
      English language
ISO
ISO 56002:2019(Main)
Innovation management -- Innovation management system -- Guidance

1.1 This document provides guidance for the establishment, implementation, maintenance, and continual improvement of an innovation management system for use in all established organizations. It is applicable to: a) organizations seeking sustained success by developing and demonstrating their ability to effectively manage innovation activities to achieve the intended outcomes; b) users, customers, and other interested parties, seeking confidence in the innovation capabilities of an organization; ...view more

    • sale 15% off
    • Standard
      26 pages
      English language
    • sale 15% off
    • Standard
      29 pages
      French language
    • sale 15% off
    • Standard
      29 pages
      Spanish language
ISO
ISO/TS 22331:2018(Main)
Security and resilience -- Business continuity management systems -- Guidelines for business continuity strategy

This document gives guidance for business continuity strategy determination and selection. It is applicable to all organizations regardless of type, size and nature, whether in the private, public or not-for-profit sectors. It is intended for use by those responsible for, or participating in, strategy determination and selection.

    • sale 15% off
    • Technical specification
      25 pages
      English language
    • sale 15% off
    • Technical specification
      28 pages
      French language
ISO
ISO/TS 22330:2018(Main)
Security and resilience -- Business continuity management systems -- Guidelines for people aspects of business continuity

This document gives guidelines for the planning and development of policies, strategies and procedures for the preparation and management of people affected by an incident. This includes: — preparation through awareness, analysis of needs, and learning and development; — coping with the immediate effects of the incident (respond); — managing people during the period of disruption (recover); — continuing to support the workforce after returning to business as usual (restore). The management of pe...view more

    • sale 15% off
    • Technical specification
      38 pages
      English language
ISO
ISO 44001:2017(Main)
Collaborative business relationship management systems -- Requirements and framework
SIST ISO 44001:2017

ISO 44001:2017 specifies requirements for the effective identification, development and management of collaborative business relationships within or between organizations. ISO 44001:2017 is applicable to private and public organizations of all sizes, from large multinational corporations and government organizations, to non-profit organizations and micro/small businesses. Application of ISO 44001:2017 can be on several different levels, e.g. · a single application (including operating unit, oper...view more

    • sale 15% off
    • Standard
      60 pages
      English language
    • sale 10% off
    • Standard
      68 pages
      English language
    • e-Library read for
      1 day