ISO 28000 is a supply chain security management standard. Its purpose is to help improve the security of supply chains.ISO 28000 can help organizations protect people, products, and property. ISO 28000 applies to any organization that is part of a local, national, or international supply chain. And since almost all organizations belong to a supply chain, it applies to virtually all organizations. It doesn’t matter what size they are or what they do. ISO 28000 applies to both exporters and importers. It applies to airports, seaports, and terminals as well as to organizations that move products by air, sea, rail, or road. It applies to logistics, storage, transportation, and service companies as well as to manufacturers, shippers, wholesalers, and distributors.
ISO 28000 defines a set of security management requirements.
If your organization is part of a supply chain, ISO 28000 expects you to establish a security management system (SMS) that complies with these requirements. It then expects you to use this system to protect people, products, and property.
A SMS is a network of interrelated and interacting elements that combine to resist, fend off, or withstand unauthorized acts that are designed to cause intentional harm or damage to a supply chain. These elements include a security management policy as well as the many objectives, targets, programs, procedures, plans, practices, processes, controls, documents, records, roles, relationships, responsibilities, authorities, and resources that are used to
implement this policy.