# ISO 28000:2007*

Specification for security management systems for the supply chain

# Acronyms, Abbreviations, and Initialisms

Short Form Full Form
ISO International Organization for Standardization
PDCA Plan-Do-Check-Act

# Overview

Focus is to assist organizations in the identification and implementation of controls to safeguard people, products, and assets.

In line with other ISO security-related management systems, ISO 28000 focuses on the use of PDCA as a lifecycle of continual improvement and enhancement.

ISO 28000 defines a set of security management requirements and provides for certification against certain relevant elements that relate to risk:

  • Security management policy
  • Organizational objectives
  • Risk management practices
  • Documented practices and records
  • Supplier relationships
  • Roles, responsibilities, and authorities
  • Use of PDCA
  • Organizational procedures and processes

Because ISO 28000 defines a set of security management requirements, the onus is on the organization to establish a security management system that meets the standard's requirements.