ISO 28000 2007 SUPPLY CHAIN

SECURITY MANAGEMENT SYSTEM DEVELOPMENT PLAN

The following material presents a brief Supply Chain Security Management
System (SCSMS) Development Plan. It summarizes the general approach
you would take to develop your own SCSMS. It uses a PDCA approach and
is taken directly from our plain English version of the standard. If you use
our Plain English ISO 28000 Standard to develop your organization’s
SCSMS, you will automatically take the following steps:

  1. Define the scope of your organization’s SCSMS.
  2. Define your organization’s security management policy.
  3. Develop a methodology to identify threats and assess risks.
  4. Establish procedures to identify threats and assess risks.
  5. Identify your organization’s threats and assess your risks.
  6. Establish procedures to identify and select security controls.
  7. Select and implement your security control measures.
  8. Respect legal, statutory, and regulatory requirements.
  9. Establish your organization’s security objectives.
  10. Establish your organization’s security targets.
  11. Establish programs to achieve objectives and targets.
  12. Establish security management roles and responsibilities.
  13. Appoint a member of top management to manage security.
  14. Ensure the competence of those who influence security.
  15. Establish security training and awareness procedures.
  16. Implement security training and awareness procedures.
  17. Establish procedures to manage security communications.
  18. Establish a security management documentation system.
  19. Control your organization’s security documents and data.
  20. Implement operational security control measures.
  21. Establish emergency SCSMS plans and procedures.
  22. Monitor and measure your security performance.
  23. Maintain a record of monitoring and measuring activities.
  24. Evaluate your SCSMS plans, procedures, and capabilities.
  25. Investigate security incidents and take remedial action.
  26. Control your organization’s security management records.
  27. Perform regular audits of your organization’s SCSMS.
  28. Review your SCSMS at planned intervals.
  29. Update and improve your SCSMS.

OTHER ISO 28000 PAGES

Introduction to Supply Chain SecuritY Standard

Plain English Supply Chain Security Management Definitions

ISO 28000 Security Standard Translated into Plain English

Supply Chain Security Management Audit Tool

How to Carry out a Security Gap Analysis

Home Page

Our Libraries

A to Z Index

Customers

How to Order

Our Products

Our Prices

Guarantee

Praxiom Research Group Limited       help@praxiom.com      780-461-4514

Updated on July 17, 2012. First published on November 30, 2009.

Legal Restrictions on the Use of this Page
Thank you for visiting this webpage. You are welcome to view our material as often as
you wish, free of charge. And as long as you keep intact all copyright notices, you are also
welcome to print or make one copy of this page for your own personal, noncommercial,
home use. But, you are not legally authorized to print or produce additional copies or to
copy and paste any of our material onto another web site or to republish it in any way.

Copyright © 2009 - 2012 by Praxiom Research Group Limited. All Rights Reserved.

Praxiom Research Group Limited