ISO 28000 - Specification for security management systems for the supply chain

[Sidney Vianna]

http://www.iso.org/iso/en/commcentre/pressreleases/2005/Ref981.html
Ref.: 981
17 November 2005
ISO offers systematic approach to security management in global supply chains

With billions of dollars worth of goods moving at any given time along global supply chains, the newly published ISO/PAS 28000:2005 for security management systems will help combat threats to the safe and smooth flow of international trade.
"The publication of ISO/PAS 28000:2005 is a major security initiative," says Captain Charles Piersall, Chair of ISO technical committee ISO/TC 8, Ships and marine technology. "It is designed to enable better monitoring of freight flows, to combat smuggling and to respond to the threat of piracy and terrorist attacks as well as to create a safe and secure international supply chain regime."
Supply chain describes an overall process that results in goods being transported from the point of origin to final destination and includes the movement of the goods, the shipping data, and the associated processes as well as the series of dynamic relationships. It involves many entities such as producers of the goods, logistics management firms, consolidators, truckers, railroads, air carriers, marine terminal operators, ocean carriers, cargo/mode/customs agents, financial and information services, and buyers of the goods being shipped. For example, a company may employ more than one logistics firm, trucking companies may subcontract to operators or other companies, and vessel operating companies may divert the cargo to other carriers for various reasons.
As security hazards can enter the supply chain at any stage, adequate control throughout is essential. Security is a joint responsibility of all the actors in the supply chain and requires their combined efforts.
ISO/PAS 28000:2005, Specification for security management systems for the supply chain, outlines the requirements to enable an organization to establish, implement, maintain and improve a security management system, including those aspects critical to security assurance of the supply chain. These aspects include, but are not limited to, financing, manufacturing, information management and the facilities for packing, storing and transferring goods between modes of transport and locations.
ISO/PAS 28000:2005 can be used by a broad range of organizations – small, medium and large – in the manufacturing, service, storage and transportation sectors at any stage of the production or supply chain. Its implementation will reassure business partners that security is taken seriously within the organizations they deal with.
ISO/PAS 28000:2005 integrates the process-based approach of ISO's management system standards – ISO 9001:2000 and ISO 14001:2004 – including the Plan-Do-Check-Act (PDCA) cycle and requirement for continual improvement, as well as the risk management elements of ISO 14001:2004
While ISO/PAS 28000 can be implemented on its own, it is designed to be fully compatible with ISO 9001:2000 and ISO 14001:2004 and companies already using these management system standards may be able to use them as a foundation for developing the security management system of ISO/PAS 28000. To help users to do so, ISO/PAS 28000 includes a table showing the correspondence of its requirements with those of ISO 9001:2000 and ISO 14001:2004.
"ISO/PAS 28000, completed in less than one year, was truly remarkable and its success marks the deep spirit of cooperation and energies of all stakeholders," further noted Captain Piersall. "It was an extraordinary effort of cooperation and proves that standards can and will be accomplished to meet market needs 'on time'."
ISO/PAS 28000:2005 is one of several developments underway for intermodal supply chain security being undertaken by ISO/TC 8 that include the following documents:

• ISO/PAS 20858:2004, Ships and marine technology – Maritime port facility security assessments and security plan development , which was published in June 2004, is designed to assist in the implementation of the International Maritime Organization's International Ship &Port Security (ISPS) Code. ISO/PAS 28001, Best practices for custody in supply chain security, will assist industry to meet best practices as outlined in the World Customs Organization Framework. It is expected to be published in the second quarter of 2006.
• ISO/PAS 28004, Security management systems for the supply chain – General guidelines on principles, systems and supporting techniques, will assist users of ISO 28000. It will reference ISO 19011:2002, Guidelines for quality and/or environmental management systems auditing, and the future ISO/IEC 17021, Conformity assessment – Requirements for bodies providing audit and certification of management systems.

ISO/PAS 28000 is the output of ISO technical committee ISO/TC 8, Ships and marine technology, in collaboration with other technical committee chairs. Fourteen countries participated in its development, together with several international organizations and regional bodies. These included the International Maritime Organization, the International Association of Ports and Harbours, the International Chamber of Shipping, the World Customs Organization, the Baltic and International Maritime Council, the International Association of Classification Societies, the International Innovative Trade Network, the World Shipping Council, the Strategic Council on Security Technology, which has a Memorandum of Understanding with ISO/TC 8, and the US-Israel Science and Technology Foundation.
ISO/PAS 28000:2005 costs 81 Swiss francs and is available from ISO national member institutes (see the complete list with contact details) and from ISO Central Secretariat (see below). The new document is the work of ISO technical committee ISO/TC 8, Ships and marine technology, in collaboration with other TCs responsible for specific nodes of the supply chain.

 

[Sidney Vianna]

http://www.iso.org/iso/en/commcentre/pressreleases/2006/Ref1025.html

Ref.: 1025
1 September 2006
ISO publishes best practice guidelines for implementing supply chain security

One of the main challenges facing the international trading system is the security hazard to global supply chains. ISO is contributing to a solution in the form of two essential reference documents in the ISO 28000 family of standards for supply chain security designed to protect people, goods, infrastructure and equipment, including means of transport, against security incidents and to prevent their potentially devastating effects.

These two latest documents will help to implement the recently published ISO/PAS 28000:2005, currently a publicly available specification for security management systems for the supply chain. They are part of a suite of standards being developed by ISO's technical committee ISO/TC 8, Ships and marine technology, in partnership with other ISO technical committees, several international organizations and regional bodies, to secure intermodal supply chains.
"Disruptions to international trade can have drastic consequences for everybody. International problems truly need international solutions to mitigate potential threats. Unilateral government actions won't work and are not enforceable globally. ISO is providing a focal point that provides industry with a clear, uniform global approach for implementation of supply chain security requirements," says Captain Charles Piersall, Chair of ISO/TC 8 .
"The new documents are designed to enable better monitoring of supply flows, to combat smuggling and to respond to the threat of piracy and terrorist attacks, as well as to create a safe and secure international supply chain regime."
The first of the two new documents is a publicly available specification ISO/PAS 28001:2006, Security management systems for the supply chain – Best practices for implementing supply chain security – Assessments and plans, that will enable organizations to establish and document reasonable levels of security within international supply chains and their components. It will allow organizations to make better risk management decisions.
ISO/PAS 28001:2006 provides an option for independent auditing – including by private sector bodies – of the security established by the operator. This allows customs agencies to check and verify completed work rather than being directly involved in the assessment, thus leveraging their work force and saving resources.
It is intended to be used in conjunction with, and to complement, the World Customs Organization's framework of standards to secure and facilitate global trade, as well as the Authorized Economic Operator concept.
The second document, ISO/PAS 28004:2006, Security management systems for the supply chain – Guidelines for the implementation of ISO/PAS 28000, will assist users to understand and implement ISO/PAS 28000:2005 and therefore help to maximize the benefits. It includes the complete requirements of ISO/PAS 28000, clause-by clause, followed by relevant guidance.
While ISO/PAS 28000 can be implemented on its own, it is designed to be fully compatible with ISO 9001:2000 and ISO 14001:2004 and companies already using these management system standards may be able to use them as a foundation for developing a security management system according to ISO/PAS 28000. An informative annex provides a table of correspondence between ISO/PAS 28000:2005, ISO 14001:2004 and ISO 9001:2000. It is anticipated that conformity to the documents' requirements will be verified by third-party auditing.
The new ISO documents can be used by a broad range of organizations – small, medium and large – in the manufacturing, service, storage and transportation sectors at any stage of the production or supply chain. Their implementation will reassure business partners that security is taken seriously within the organizations with which they deal.
ISO/PAS 28001:2006 costs 114 Swiss francs and ISO/PAS 28004 costs 154 Swiss francs. They are available from ISO national member institutes (see the complete list with contact details) and from ISO Central Secretariat (see below).
Note to editors:An ISO/PAS (Publicly Available Specification) is one of several alternatives to fully fledged International Standards offered by ISO for cases where market needs dictate priority for swift development and publication. All Publicly Available Specifications are reviewed every three years to determine if the document should be reconfirmed as a PAS for another three-year period or whether it should be further developed to become an ISO International Standard.
For more information:
CAPT. Charles H. Piersall
Chair of ISO/TC 8
Tel: + 1 717-252- 4222
Fax: + 1 717-252-4223
E-mail: [email protected]

ISO Store: to order​

ISO/PAS 28001:2006, Security management systems for the supply chain – Best practices for implementing supply chain security – Assessments and plans
ISO/PAS 28004:2006, Security management systems for the supply chain – Guidelines for the implementation of ISO/PAS 28000
Enquiries about orders:
Ms. Sonia Rosas Friot
Marketing Services
Tel. +41 22 749 03 36
Fax +41 22 749 09 47
E-mail [email protected]
Press contact:
Ms. Elizabeth Gasiorowski-Denis
Journalist and Editor, ISO Focus
Public Relations
Tel. +41 22 749 01 11
Fax +41 22 733 34 30
E-mail [email protected]

 

[Sidney Vianna]

http://www.iso.org/iso/en/commcentre/pressreleases/2006/Ref1035.html

26 October 2006
ISO/PAS 28003 gives requirements for auditing and certification of supply chain security management systems

The latest in ISO's series of documents for supply chain security management systems provides the requirements for ensuring that the bodies which carry out certification of these systems perform their work competently and reliably.
The aim is to give confidence to private sector and governmental customers who require suppliers like air, sea, road and rail transporters to implement security management systems and to have them independently audited and certified.
The new ISO publicly available specification ISO/PAS 28003:2006, Security management systems – Requirements for bodies providing audit and certification of supply chain security management systems, is a companion document to ISO/PAS 28000:2005, Specification for security management systems for the supply chain.
Certification of conformity to ISO/PAS 28000:2005 is not a requirement of the document. However, organizations may choose certification, or it may be required by their private or public customers, because c ertification provides independent verification that the supply chain security management system of the organization conforms to specified requirements, is capable of consistently achieving its stated policy and objectives and is implemented effectively.
ISO/PAS 28003:2006, which contains both principles and requirements

• provides harmonized guidance for the accreditation (official approval) of certification bodies as competent to perform certification to ISO/PAS 28000 (or to similar requirements);
• defines the rules applicable for the audit and certification of supply chain security management systems conforming to the ISO/PAS 28000 requirements (or similar requirements).

In addition, by providing customers with information about the certification process, it may increase their confidence in the supplier, the certificate and the certification body – with benefits to supply chains and international trade.
ISO/PAS 28003:2006, Security management systems – Requirements for bodies providing audit and certification of supply chain security management systems costs 138 Swiss francs and is available from ISO national member institutes (see the complete list with contact details) and from the ISO Central Secretariat (see below). It was prepared by ISO technical committee ISO/TC 8, Ships and marine technology, in collaboration with the ISO Committee on conformity assessment (ISO/CASCO)

 

[Sidney Vianna]

A year later

http://www.iso.org/iso/pressrelease.htm?refid=Ref1086

New suite of ISO supply chain management standards to reduce risks of terrorism, piracy and fraud
2007-10-25

The ISO 28000 series of standards on supply chain security management systems, which have just been upgraded from their status of Publicly Available Specifications to that of fully fledged International Standards, will help to reduce risks to people and cargo within the supply chain. The standards address potential security issues at all stages of the supply process, thus targeting threats such as terrorism, fraud and piracy.
ISO Secretary-General, Alan Bryden, commented: “Threats in the international market-place know no borders. The ISO 28000 series provides a global solution to this global problem. With an internationally recognized security management system, stakeholders in the supply chain can ensure the safety of cargo and people, while facilitating international trade, thus contributing to the welfare of society as a whole.”
The ISO 28000 series of International Standards specifies the requirements for a security management system to ensure safety in the supply chain. Its standards can be applied by organizations of all sizes involved in manufacturing, service, storage or transportation by air, rail, road and sea at any stage of the production or supply process. The series includes provisions to:

• establish, implement, maintain and improve a security management system;
• assure conformity with security management policy;
• demonstrate such conformity;
• seek certification/registration of conformity by an accredited third party organization; or
• make a self-determination and self-declaration of conformity.

The following standards have been recently published:
• ISO 28000:2007, Specification for security management systems for the supply chain;
• ISO 28001:2007, Security management systems for the supply chain – Best practices for implementing supply chain security – Assessments and plans – Requirements and guidance;
• ISO 28003:2007, Security management systems for the supply chain – Requirements for bodies providing audit and certification of supply chain security management systems;
• ISO 28004:2007, Security management systems for the supply chain – Guidelines for the implementation of ISO 28000.

The ISO 28000 series will facilitate trade and the transport of goods across borders. It will increase the ability of organizations in the supply chain to effectively implement mechanisms that address security vulnerabilities at strategic and operational levels, as well as to establish preventive actions plans. Organizations can then continually assess their security measures to protect their business interests, and ensure compliance with international regulatory requirements. By encouraging the implementation of these standards by the various actors in the supply chains, countries will be able to maximize the use of government’s resources, while maintaining a level of optimal security.
The ISO 28000 series indeed assist in implementing governmental and international customs agency security initiatives, including the World Customs Organization's Framework of Standards to Secure and Facilitate Global Trade, the EU Authorized Economic Operators Programme, the US Customs Trade Partnership against Terrorism, and the International Maritime Organization’s (IMO) International Ship and Port Facility Security Code.
The report of IMO’s Maritime Safety Committee meeting held earlier this month, acknowledged that "the ISO 28000 series were now published and numerous ports, terminals and organizations were being certified by third party independent accredited certification bodies;” while recognizing that “ISO standards could be applied to all ships, irrespective of size, type, purpose and whether operated internationally, domestically or within internal waters.” The same can be said of all other transport segments in the supply chain.
The ISO 28000 series was developed by ISO/TC 8, Ships and marine technology, in cooperation with other organizations and stakeholders. Captain Charles Piersall, Chair of ISO/TC 8 explained that “in order to deliver a much needed timely aid, the standards were made available to the public as PAS, prior to publication as International Standards.” ISO/TC 8 has published over 100 standards in support of international organizations.
ISO 28005, Ships and marine technology – Computer applications – Electronic port clearance (EPC) is currently being developed as the latest addition to the series.
ISO 28000, ISO 28001, ISO 28003 and ISO 28004 are available from ISO national member institutes (see the complete list with contact details) and from the ISO Central Secretariat through the ISO Store or by contacting the Marketing & Communication department (see right-hand column). .