What do you mean by ISO 28000:2007?
ISO 28000:2007 (Specification for security
management systems for the supply chain), is actually an ISO standard brought
into use by ISO that involves requirements necessary for security management
system, mainly focusing on security assurance service in supply chain. This
standard developed by ISO/TC 8 on Ships and maritime technology, was published
back in 2007. But in 2015, the responsibility to look after ISO 28000
series was given to ISO/TC 292 basically focusing on security and resilience.
In 2019, they came onto decision of revising it that will take likely 3 years.
ISO TMB i.e. TMB stands for Technical Management Board, it has accepted and has
permitted justification studies for the same purpose.
What are the scopes of ISO 28000:2007?
ISO 28000:2007 came into development with an
intention of codifying security operations within broader supply chain
management system. PDCA management system structure was brought into use for
developing ISO 28000:2007 in order to maintain congruence between
elements of this standard and related ones such as ISO 9001:2000 and ISO
14001:2004.
The scope for revised documents are to be changed only in accordance and
conformity to present way of writing standards. The standard talks about and
specifies requirements of security management system, including aspects that
are important for assurance of security for supply chain.
What are the benefits of using ISO 28000:2007?
Using
ISO 28000 has several benefits that are broad strategic, organizational
and operational in nature, utilized throughout supply chains and various
business practices.
The
benefits include but are not only confined to :
- Integration of enterprise resilience
- Management practices that are systematized
- Increased credibility along with recognition of brand
- Terminologies that are aligned and usage involving concepts
- Improvement in the performance of supply chains
- Compliance greater than before
- Bench marking which is against internationally recognized
criteria
What is the history of ISO 28000:2007 ?
ISO
28000 was firstly developed as a specification that was publicly made available
and was published back in 2005. But in 2007, ISO/PAS 28000:2005 was replaced
with a full ISO standard titled as ISO 28000:2007. In 2014, ISO
28000:2007 then underwent reviewing process and was confirmed .
Why is there need of improved integration for risk management?
When
an international standard is developed in order to address risk managements for
security purpose, it not only ensures this but also brings improvement in
broader interface with enterprise risk management in a platform that is common
and integrated. The approach can be and is usually used for risk management and
is also used for better coordination of cross functional risk management
mechanisms, also better measurement performance, make sure of continuous
improvements, and also minimizing misalignment for risk management objectives.
What are the rational for organizations in order to adopt ISO
28000:2007 ?
ISO 28000:2007 has been
developed in such a way that any kind of organization, can give an application
for the standard.
The general rational for
any organization for adoption of ISO 28000:2007 pertains to following
things:
- Development
of security management system
- Compliance
established internally with objectives set by security management policy
- Compliance
established externally with best practice benchmarks
- Accreditation
of ISO
Conclusion:
ISO 28000:2007 helps
organizations looking for security assurance in their supply chains. Therefore,
they can enhance their business practices with security assured by the help of ISO
28000:2007. So, ISO 28000:2007 turns out to be really important for
organizations and business practices.