ISO 28001:2007

The ISO 28001 focuses on the overall security of an organization's supply chain, acting as an umbrella standard that incorporates the requirements of all major international supply chain security initiatives. It integrates both the process-based approach of ISO's management systems, and the 'plan-do-check-act' model. ISO 28001:2007- Security management systems for the supply chain - Best practices for implementing supply chain security, assessments and plans - Requirements and guidance.


ISO 28001:2007 provides requirements and guidance for organizations in international supply chains to
  • Develop and implement supply chain security processes
  • Establish and document a minimum level of security within a supply chain(s) or segment of a supply chain
  • Assist in meeting the applicable authorized economic operator (AEO) criteria set forth in the World Customs Organization Framework of Standards and conforming national supply chain security programmes

Key Elements

The scope includes critical aspects for security assurance of supply chains

  • Corporate security policy and top management commitment
  • Employee training and awareness
  • Facilities for storage, packaging and transfer of goods
  • Financing
  • Goods in transportation or storage
  • Information flow and management
  • Manufacturing sites
Who should apply?

The scope includes critical aspects for security assurance of supply chains

  • Relevant to all organizations eager to implement and maintain a proven security management system
  • Applicable to all sectors of industry, and to any type and size of organization at any point in the supply chain
  • Facilities for storage, packaging and transfer of goods
  • Of interest to any organization looking to assure conformance with international security management standards
Users of ISO 28001:2007 will
  • Define the portion of an international supply chain within which they have established security;
  • Conduct security assessments on that portion of the supply chain and develop adequate countermeasures
  • Develop and implement a supply chain security plan
  • Train security personnel in their security related duties