This page is currently queued for revision.
Specification for security management systems for the supply chain
Acronyms, Abbreviations, and Initialisms
|Short Form||Full Form|
|ISO||International Organization for Standardization|
Focus is to assist organizations in the identification and implementation of controls to safeguard people, products, and assets.
In line with other ISO security-related management systems, ISO 28000 focuses on the use of PDCA as a lifecycle of continual improvement and enhancement.
ISO 28000 defines a set of security management requirements and provides for certification against certain relevant elements that relate to risk:
- Security management policy
- Organizational objectives
- Risk management practices
- Documented practices and records
- Supplier relationships
- Roles, responsibilities, and authorities
- Use of PDCA
- Organizational procedures and processes
Because ISO 28000 defines a set of security management requirements, the onus is on the organization to establish a security management system that meets the standard's requirements.