ISO 28000:2007 (Specification for security management systems for the supply chain) is an International Organization for Standardization standard specifying requirements of a security management system particularly dealing with security assurance in the supply chain. Parts of the standard are considered publicly available, while the entire specification can be purchased from the International Standards Organization.
ISO 28000:2007 was developed to codify operations of security within the broader supply chain management system. The PDCA management systems structure was adopted in developing ISO 28000:2007 to bring the elements of this standard in congruence with related standards such as ISO 9001:2000 and ISO 14001:2004.
The development of an international standard addressing security risk management improves the broader interface with existing enterprise risk management in a common integrated platform. This integrated approach to risk management is often employed to better coordinate cross functional risk management mechanisms, improve performance measurement, ensure continual improvement and reducing misalignment of risk management objectives between silos.
ISO 28000:2007 was developed such that organizations of varying scale could apply the standard to supply chains of various degrees of complexity.
The general rational for organizations to adopt ISO 28000:2007 pertains to:
Adopting the ISO 28000 has broad strategic, organisational and operational benefits that are realized throughout supply chains and business practices.
Benefits include, but are not limited to:
ISO 28000:2007 is a certifiable standard.
The Annex SL is a section of the ISO/IEC Directives part 1 that prescribes how ISO Management System Standard (MSS) standards should be written. The aim of Annex SL is to enhance the consistency and alignment of MSS by providing a unifying and agreed upon high level structure, identical core text and common terms and core definitions. The aim being that all ISO Type A MSS (and B where appropriate) are aligned and the compatibility of these standards is enhanced.
Before 2012, various standards for management systems were written in different ways. Several attempts have been made since the late 90s to harmonize the way to write these but the first group that succeeded to reach an agreement was the Joint Technical Coordination Group (JTCG) set up by ISO/Technical Management Board.
Various of Technical Committees within ISO are currently working on revising all MSS published before Annex SL was adopted. Many standards are already following Annex SL such as ISO 9001, and ISO 14001).Bolaji Akinola
Bolaji Akinola is a Nigerian maritime expert, spokesperson of the Seaport Terminal Operators Association of Nigeria and the Chief Executive Officer of Ships and Ports Communication.DP World
DP World is a global port operator that was founded in 2005 by a merger of Dubai Ports Authority and Dubai Ports International.DQS
DQS Holding GmbH based in Frankfurt am Main is the holding company of the worldwide DQS Group. The group provides assessments and certifications of management systems and processes of any type.ISO/TC 292
ISO/TC 292 Security and resilience is a technical committee of the International Organization for Standardization formed in 2015 to develop standards in the area of security and resilience.
In June 2014 the Technical management Board of ISO (TMB) took the decision to create a new ISO Technical committee called ISO/TC 292 where three committees were merged into one. The official starting date for the work of TC 292 was 2015-01-01, when the three committees were disbanded and their work incorporated into ISO/TC 292. The committee was also assigned the responsibility for the area of supply chain security, including the ISO 28000 series previously developed by ISO/TC 8.
The creation of ISO/TC 292 clarifies ISO’s structural organization on security matters, and prepares ISO to tackle future topics in this field by creating a de facto coordination body within the TC central structure. This structure is optimized to limit and prevent conflict or duplication of work. It will assist public administrations/authorities with a general interest and protective mission to optimize their participation in ISO's work in this sector. Non-Profit organizations with limited resources will also benefit from this simplified structure.
The following committees were merged into ISO/TC 292.
ISO/TC 223 Societal security (2001-2014)
ISO/TC 247 Fraud countermeasures and controls (2009-2014)
ISO/PC 284 Management system for quality of PSC operations (2013-2014)ISO 31000
ISO 31000 is a family of standards relating to risk management codified by the International Organization for Standardization. The purpose of ISO 31000:2009 is to provide principles and generic guidelines on risk management. ISO 31000 seeks to provide a universally recognised paradigm for practitioners and companies employing risk management processes to replace the myriad of existing standards, methodologies and paradigms that differed between industries, subject matters and regions.
Currently, the ISO 31000 family is expected to include:
ISO 31000:2009 – Principles and Guidelines on Implementation
ISO/IEC 31010:2009 – Risk Management – Risk Assessment Techniques
ISO Guide 73:2009 – Risk Management – VocabularyISO also designed its ISO 21500 Guidance on Project Management standard to align with ISO 31000:2009.Indian Register Quality Systems
Indian Register Quality Systems (IRQS) is an Indian company that specializes in implementing quality management systems and training companies on these certifications. IRQS is department functioning under the parent organisation Indian register of shipping (IRS) which was formed as a public limited company.List of International Organization for Standardization standards
This is a list of published International Organization for Standardization (ISO) standards and other deliverables. For a complete and up-to-date list of all the ISO standards, see the ISO catalogue.The standards are protected by copyright and most of them must be purchased. However, about 300 of the standards produced by ISO and IEC's Joint Technical Committee 1 (JTC1) have been made freely and publicly available.List of International Organization for Standardization standards, 28000-29999
This is a list of published International Organization for Standardization (ISO) standards and other deliverables. For a complete and up-to-date list of all the ISO standards, see the ISO catalogue.The standards are protected by copyright and most of them must be purchased. However, about 300 of the standards produced by ISO and IEC's Joint Technical Committee 1 (JTC1) have been made freely and publicly available.Risk assessment
Broadly speaking, a risk assessment is the combined effort of 1. identifying and analyzing potential (future) events that may negatively impact individuals, assets, and/or the environment (i.e., risk analysis); and 2. making judgments "on the tolerability of the risk on the basis of a risk analysis" while considering influencing factors (i.e., risk evaluation). Put in simpler terms, a risk assessment analyzes what can go wrong, how likely it is to happen, what the potential consequences are, and how tolerable the identified risk is. As part of this process, the resulting determination of risk may be expressed in a quantitative or qualitative fashion. The risk assessment is an inherent part of an overall risk management strategy, which attempts to, after a risk assessment, "introduce control measures to eliminate or reduce" any potential risk-related consequences.Supply-chain security
Supply-chain security refers to efforts to enhance the security of the supply chain, the transport and logistics system for the world's cargo. It combines traditional practices of supply-chain management with the security requirements driven by threats such as terrorism, piracy, and theft.
Typical supply-chain security activities include:
Credentialing of participants in the supply chain
Screening and validating of the contents of cargo being shipped
Advance notification of the contents to the destination country
Ensuring the security of cargo while in-transit via the use of locks and tamper-proof seals
Inspecting cargo on entryTotal security management
Total Security Management (TSM) is the business practice of developing and implementing comprehensive risk management and security practices for a firm’s entire value chain. This business process improvement strategy seeks to create added value for companies by managing security and resilience requirements as core business functions rather than as reactionary expenditures. TSM implementation involves a thorough evaluation of key internal and external stakeholders, distribution channels, and policies and procedures in terms of a firm’s level of preparedness for a variety of disruptive events.
TSM encourages companies to manage security initiatives as investments with a measurable return and seeks to transform security from a net cost to a net benefit. In applying TSM, the theory holds that companies may be able to realize cost savings, improve business processes, reduce theft, enhance asset management, increase brand equity and goodwill, and improve preparedness and resiliency.
ISO standards by standard number