#
ISO 28000:2022: Security and resilience - Security management systems - Requirements
#
Acronyms, Abbreviations, and Initialisms
#
Overview
ISO 28000 specifies requirements for a security management system, including those aspects critical to the security assurance of the supply chain. It requires the organization to:
- assess the security environment in which it operates including its supply chain (including dependencies and interdependencies);
- determine if adequate security measures are in place to effectively manage security-related risks;
- manage compliance with statutory, regulatory and voluntary obligations to which the organization subscribes;
- align security processes and controls, including the relevant upstream and downstream processes and controls of the supply chain to meet the organization's objectives.
ISO 28000 applies the Plan-Do-Check-Act (PDCA) model to planning, establishing, implementing, operating, monitoring, reviewing, maintaining and continually improving the effectiveness of an organization's security management system.
#
Noteworthy
- The focus of ISO 28000 is to assist organizations in the identification and implementation of controls to safeguard people, products, and assets.
- Similar to other ISO security-related management systems, ISO 28000 focuses on the use of PDCA as a lifecycle of continual improvement and enhancement.