ISO 28000:2022

ISO 28000:2022

March 2022
International standard Current

Security and resilience - Security management systems - Requirements

This document specifies requirements for a security management system, including aspects relevant to the supply chain.This document is applicable to all types and sizes of organizations (e.g. commercial enterprises, government or other public agencies and non-profit organizations) which intend to establish, implement, maintain and improve a security management system. It provides a holistic and common approach and is not industry or sector specific.This document can be used throughout the life of the organization and can be applied to any activity, internal or external, at all levels.

See more
View the extract
Main informations

Collections

International ISO standards

Thematics

Développement durable et RSE, Sécurité, QSE, Management et performance

Publication date

March 2022

Number of pages

20 p.

Reference

ISO 28000:2022

ICS Codes

03.100.70   Management systems
03.100.01   Company organization and management in general

Print number

1
Sumary
Security and resilience - Security management systems - Requirements

This document specifies requirements for a security management system, including aspects relevant to the supply chain.

This document is applicable to all types and sizes of organizations (e.g. commercial enterprises, government or other public agencies and non-profit organizations) which intend to establish, implement, maintain and improve a security management system. It provides a holistic and common approach and is not industry or sector specific.

This document can be used throughout the life of the organization and can be applied to any activity, internal or external, at all levels.

Replaced standards (1)
ISO 28000:2007
September 2007
International standard Cancelled
Specification for security management systems for the supply chain

ISO 28000:2007 specifies the requirements for a security management system, including those aspects critical to security assurance of the supply chain. Security management is linked to many other aspects of business management. Aspects include all activities controlled or influenced by organizations that impact on supply chain security. These other aspects should be considered directly, where and when they have an impact on security management, including transporting these goods along the supply chain. ISO 28000:2007 is applicable to all sizes of organizations, from small to multinational, in manufacturing, service, storage or transportation at any stage of the production or supply chain that wishes to: a) establish, implement, maintain and improve a security management system; b) assure conformance with stated security management policy; c) demonstrate such conformance to others; d) seek certification/registration of its security management system by an Accredited third party Certification Body; or e) make a self-determination and self-declaration of conformance with ISO 28000:2007. There are legislative and regulatory codes that address some of the requirements in ISO 28000:2007. It is not the intention of ISO 28000:2007 to require duplicative demonstration of conformance. Organizations that choose third party certification can further demonstrate that they are contributing significantly to supply chain security.

ZOOM ON ... the Requirements department
To comply with a standard, you need to quickly understand its issues in order to determine its impact on your activity.

The Requirements department helps you quickly locate within the normative text:
- mandatory clauses to satisfy,
- non-essential but useful clauses to know, such as permissions and recommendations.

The identification of these types of clauses is based on the document “ISO / IEC Directives, Part 2 - Principles and rules of structure and drafting of ISO documents ”as well as on a constantly enriched list of verbal forms.

With Requirements, quickly access the main part of the normative text!

With Requirements, quickly access the main part of the normative text!
What is the Redline format?
The Redline + service - standards comparator allows you to easily and simply identify major changes between the current standard and its last canceled version.

At a glance, you will be able to identify the additions, deletions or modifications to a text, table, figure and formula.
At a glance, you will be able to identify the additions, deletions or modifications to a text, table, figure and formula

The Redlines + service is offered to you on the collection of French standards in force, in French language and in HTML and PDF format.

For an overview of the service, click on View a standard in redline format
Need to identify, monitor and decipher standards?

COBAZ is the simple and effective solution to meet the normative needs related to your activity, in France and abroad.

Available by subscription, CObaz is THE modular solution to compose according to your needs today and tomorrow. Quickly discover CObaz!

Request your free, no-obligation live demo

I discover COBAZ