BS ISO 28001:2007
Current
The latest, up-to-date edition.
Security management systems for the supply chain. Best practices for implementing supply chain security, assessments and plans. Requirements and guidance
12-31-2007
Foreword
Introduction
1 Scope
2 Normative references
3 Terms and definitions
4 Field of application
4.1 Statement of application
4.2 Business partners
4.3 Internationally accepted certificates or
approvals
4.4 Business partners exempt from security
declaration requirement
4.5 Security reviews of business partners
5 Supply chain security process
5.1 General
5.2 Identification of the scope of security
assessment
5.3 Conduction of the security assessment
5.4 Development of the supply chain security plan
5.5 Execution of the supply chain security plan
5.6 Documentation and monitoring of the supply
chain security process
5.7 Actions required after a security incident
5.8 Protection of the security information
Annex A (informative) - Supply chain security process
A.1 General
A.2 Identification of the scope of the
security assessment
A.3 Conduction of the security assessment
A.4 Development of the security plan
A.5 Execution of the security plan
A.6 Documentation and monitoring of the
security process
A.7 Continual improvement
Annex B (informative) - Methodology for security risk
assessment and development of
countermeasures
B.1 General
B.2 Step one - Consideration of the security
threat scenarios
B.3 Step two - Classification of consequences
B.4 Step three - Classification of likelihood
of security incidents
B.5 Step four - Security incident scoring
B.6 Step five - Development of countermeasures
B.7 Step six - Implementation of countermeasures
B.8 Step seven - Evaluation of countermeasures
B.9 Step eight - Repetition of the process
B.10 Continuation of the process
Annex C (informative) - Guidance for obtaining advice
and certification
C.1 General
C.2 Demonstrating conformance with
ISO 28001 by audit
C.3 Certification of ISO 28001 by third
party certification bodies
Bibliography
Access your standards online with a subscription
Features
-
Simple online access to standards, technical information and regulations.
-
Critical updates of standards and customisable alerts and notifications.
-
Multi-user online standards collection: secure, flexible and cost effective.