ISO 28000 – Specification for security Management Systems for supply chain


ISO/PAS 28000:2007 (Specification for security management systems for the supply chain) is an International Organization for Standardization publicly available specification, on requirements of a security management system particularly dealing with security assurance in the supply chain.

ISO 28000:2007 was developed to codify security operations, within the broader supply chain management system.

The development of an international standard addressing security risk management, improves the broader interface with existing enterprise risk management in a common integrated platform.

ISO 28000:2007 was developed in such a way, that organizations could apply the standard for supply chains, in a context of various degrees of complexity.

The general needs for organizations to adopt ISO 28000:2007 are mainly:

  • developing a security management system,
  • internal compliance with objectives of a security management policy,
  • external compliance with best practice benchmarks,
  • Notifying the Organization as ISO certified.

ISO 28000:2007 benefits include, but are not limited to:

  • Integrated enterprise resilience
  • Systematised management practices
  • Enhanced credibility and brand recognition
  • Aligned terminology and conceptual usage
  • Improved supply chain performance
  • Benchmarking against internationally recognisable criteria
  • Greater compliance processes

Swiss Approval International guarantees currently non-accredited certification, giving to Organizations the suitable passport for International market, ensuring with accuracy and independency the principles and rules established by the standard ISO 28000:2007.