ISO 28000 2007

TRANSLATED INTO PLAIN ENGLISH

ISO 28000 is a global supply chain security management standard.
Use it to establish your own supply chain security management system.

This page presents an overview of ISO 28000. It doesn't provide detail.
ISO 28000 2007 defines a set of supply chain security management
requirements. These requirements are listed in sections 4.1 to 4.6.
Therefore, the following material starts with section 4.1.

   

4.1
General Security Requirements

4.2
Security Policy Requirements

  • Authorize the establishment of a security management policy.

  • Document your organization's security management policy.

  • Implement your organization’s security management policy.

  • Maintain your organization’s security management policy.

4.3
Security Planning Requirements

4.3.1 Analyze Security Threats and Select Controls

  • Identify security threats and assess your risks.

    • Define a methodology to identify your organization's supply chain security threats and assess its security risks.

    • Establish procedures to identify threats and assess risks.

    • Use your security risk assessment methods and  procedures to identify threats and assess risks.

  • Identify security management control measures.

    • Establish procedures to identify and implement supply chain security management control measures.

    • Use your procedures to identify supply chain security management control measures.     

    • Use your procedures to implement your supply  chain security management control measures.

 

4.3.2 Respect Legal and Other Security Requirements

  • Establish procedures to manage the legal, statutory, and regulatory security requirements that you subscribe to.

  • Communicate information about all relevant, legal, statutory,  and regulatory security management requirements.

 

4.3.3 Set Security Management Objectives

  • Establish security management objectives.

  • Document security management objectives.

  • Implement security management objectives.

  • Maintain security management objectives.

 

4.3.4 Specify Security Management Targets

  • Establish security management targets.

  • Implement security management targets.

  • Maintain security management targets.

 

4.3.5 Develop Security Management Programs

  • Establish security programs to achieve objectives and targets.

  • Implement your organization's security management programs.

  • Maintain your organization's security management programs.

4.4
Security Implementation Requirements

4.4.1 Create a Security Management Structure

  • Establish a security management structure of roles, responsibilities, and authorities for your organization.

  • Communicate security management roles, responsibilities, and authorities to those who must implement and maintain your SMS.

  • Demonstrate a commitment to the development, implementation, and continual improvement of your organization's SMS.

 

4.4.2 Ensure Competence and Provide Security Training

  • Make sure that personnel responsible  for security are suitably qualified.                         

  • Establish procedures to make people who work  for you, or on your behalf, aware of your SMS.

  • Keep records of competence and training.

 

4.4.3 Develop Security Communication Procedures

  • Establish procedures to ensure that pertinent  security information is communicated.                 

 

4.4.4 Establish SMS Documents and Records

  • Establish and maintain a security management  documentation system for your organization.           

  • Establish the security sensitivity of information before you consider giving people access to it.

 

4.4.5 Control your SMS Documents and Data

  • Establish procedures to control the documents,  data, and information required by ISO 28000.

  • Maintain your organization's SMS document,  data, and information control procedures.   

 

4.4.6 Implement Operational SMS Control Measures

  • Identify the security activities and operations  that your organization needs to carry out.     

  • Carry out your security activities and  operations under specified conditions.         

  • Consider your security threats and risks before you decide  to revise your current arrangements or implement new ones.

 

4.4.7 Prepare Emergency SMS Plans and Procedures

  • Prepare appropriate emergency preparedness plans  and procedures to deal with security threats, incidents,  breaches, and emergencies.                                  

  • Prepare appropriate plans and procedures to  respond to security incidents and emergencies.

  • Prepare appropriate security recovery plans and procedures.

4.5
Security Checking Requirements

4.5.1 Monitor and Measure Security Performance

  • Establish procedures to monitor and measure security.

  • Use your procedures to monitor and measure security.

  • Maintain supply chain security management records.

 

4.5.2 Evaluate your Security Management System (SMS)

  • Evaluate supply chain security management plans.

  • Evaluate supply chain security management procedures.

  • Evaluate supply chain security management capabilities.

  • Evaluate compliance with regulations and best practices.

  • Evaluate conformance with security policy and objectives.

 

4.5.3 Investigate Security Incidents and Take Action

  • Establish security response procedures.

  • Implement your security response procedures.

  • Maintain your security response procedures.

 

4.5.4 Control your Security Management Records

  • Establish your organization's security management records.

  • Establish procedures to control security management records.

 

4.5.5 Audit your Security Management System (SMS)

  • Establish a security management audit program.

  • Establish security management audit procedures.

4.6
Security Review Requirements

  • Review your SMS by examining inputs.

  • Assess the results of your management reviews.

  • Generate management review outputs.
 
Attention

This page presents a preview of ISO 28000 2007.
It highlights the main points. It does not present detail.
To get the complete version, please consider purchasing
Title 80: ISO 28000 2007 Translated into Plain English.

Title 80 is detailed, accurate, and complete. It uses language
that is clear, precise, and easy to understand. We guarantee it

Title 80 can be delivered to you on CD or as an email attachment.
Title 80 is 77 pages long and comes in pdf and MS doc file formats.

Title 80 Contents

Place an Order

Check our Prices

Product License

OTHER SECURITY PAGES

Introduction to ISO 28000 Supply Chain Security

Plain English Supply Chain Security Management Definitions

Supply Chain Security Management System Development Plan

ISO 28000 Supply Chain Security Management Audit Tool

Knowledge and Skills Security Auditors Should Have

How to Carry out a Security Gap Analysis

OTHER RELATED STANDARDS

Auditing Standard

Risk Management Standard

Business Continuity Standard

Occupational Health and Safety Standard

Information Security Management Standard

Food Safety Management Standard

Home Page

Our Libraries

A to Z Index

Customers

How to Order

Our Products

Our Prices

Guarantee

Praxiom Research Group Limited         help@praxiom.com        780-461-4514

Updated on May 16, 2013. First published on November 30, 2009.

Legal Restrictions on the Use of this Page
Thank you for visiting this webpage. You are welcome to view our material as often as
you wish, free of charge. And as long as you keep intact all copyright notices, you are also
welcome to print or make one copy of this page for your own personal, noncommercial,
home use. But, you are not legally authorized to print or produce additional copies or to
copy and paste any of our material onto another web site or to republish it in any way.

Copyright © 2009 - 2013 by Praxiom Research Group Limited. All Rights Reserved.

Praxiom Research Group Limited