- +1 (281)-895-8736
- info@tuvcertiq.com
ISO 28000:2007 specifies the requirements for a security management system, including those aspects critical to the security assurance of the supply chain. Security management is linked to many other parts of business management. Factors include all activities controlled or influenced by organizations that impact supply chain security.
These aspects should be considered directly, where and when they affect security management, including transporting them along the supply chain. It is an International Standard that enables organizations to establish an overall supply chain security management system. It was developed to codify security operations within the broader supply chain management system.
ISO 28000 Addresses the requirements and aspects critical to security assurance of the supply chain. It enables the Organizations to determine whether appropriate security measures are in place and protect their properties from various threats of terrorism, fraud, and piracy.
Based on the methodology known as Plan-Do-Check-Act (PDCA)
ISO 28000:2007 applies to all sizes of organizations, from minor to multinational, in manufacturing, service, storage, or transportation at any stage of the production or supply chain that wishes to:
There are legislative and regulatory codes that address some of the requirements in this standard.
It is not the intention of the Supply Chain Management System to require a duplicative demonstration of conformance.
Organizations that choose third-party certification can further demonstrate that they contribute significantly to supply chain security.
If your company is looking for this Certification on Supply Chain Security System-based standard, you might be overwhelmed with fighting out where to start. To help with this, here is an overview of the steps needed to help you make sure that nothing is missed during your implementation and preparation for certification.
It is the most critical. Without the support of management, your implementation of SCMS will almost certainly fail. Plan your sales pitch well to convince your management that this is a good idea.
Determine the cut-off period by which you need to have ISO 28000 certification in place. Enables reverse engineering of the project and the importance of timelines, including the early start-off date. Identify the project leader. Identify the products or services to be included in the scope of certification. Do the costing. It includes implementation learning costs and certification fees.
It is required to gain A to Z of the fundamentals of this standard. Therefore, we need to cover all resources in the scope. This training is imparted in batches by specialists and industry experts. Evidence of training records needs to be maintained for demonstration during the certification Audit.
The implementation can no longer be tasked to a single person or group of few persons in the organization. This standard is premised on Risk-Based Thinking, and risk management must be done at the hands of respective departments and functions, such that the head of the departments are the “Risk-Owners.”
Therefore, the implementation team would include Heads of the departments, deputies, or other critical resources besides the central team in each function.
Defining the context, scope, and policy of your supply chain management system will help ensure you know the limits of what needs to be done so that you do not include areas of your business that might not affect your system.
The essential tool to define the scope is the dependency matrix which will be the first document you will need to create for the Supply chain management system.
Risk Assessment and Risk Treatment are the backbone of ISO 28000 objectives to help conduct dipstick checks of performance levels.
In addition, documentation will include the mandatory procedures defined by the SCMS standard and any additional processes and procedures required by your company to ensure consistent and adequate results concerning the supply chain system.
The main thing is to define all the processes in your company and look at how they interact with your organization. It is in these interactions that problems can occur. The extent of documentation depends on the organization’s size, the complexity of the people’s processes, and competence.
Often, these processes will already be in place at your company and must be adequately documented procedures. Still, deciding which one needs to be is essential to ensure compliant products and services.
ISO 28000 standard requires the organization to train a team of internal auditors who regularly perform audits on one another. Therefore, internal Auditors need to be competent. In addition, the organization shall need a specialist industry expert to impart internal auditor training to evidence the same.
Before the Lead Auditors of the Certification body visit to audit your system, ISO 28000 mandates that you audit each process internally. It will allow you to ensure that the processes are going as planned. You will also have a chance to implement the necessary corrective actions to fix any problems you find.
It is the step where you find the root cause of any problems found during your measurements, internal audits and management review, deviations from established processes, and customer concerns, and take action to correct the root cause. It is the critical step toward continual improvement.
Just as management must support the implementation of ISO 28000. it is also essential that they fully maintain the supply chain system. Top management needs to review specific data from the activities of the supply chain system to ensure that the processes have adequate resources to be effective and improve.
Specialist industry experts do this to help the organization in gap analysis so that gaps identified during pre-assessment/Gap analysis are plugged before the organization proceeds with the certification audit. In addition, it is a crucial step to raise the confidence level of the auditees.
It can be a crucial step in determining how effective your implementation is. The certification body is the company that will ultimately audit your supply chain system and decides if it complies with ISO 28000 requirements and whether it is effective and improving.
When you collect the records required in audits to show that your processes meet the requirements set out for them, improvements are being made in your supply chain system as needed. Certification bodies need this to happen over a certain length of time (generally not less than three months), which they will identify to ensure that the system is mature enough to show compliance.
It is a review of your documentation by the certification body auditors to verify that, on paper, you have addressed all the requirements of the ISO 28000 standard.
The Auditors will issue a report outlining where you comply and where there are problems, and you will have a chance to implement any corrective actions to address the problems. It may occur during the time frame defined for the initial operation of the supply chain system.
It is the leading audit when the certification body auditors review the records you have accumulated by operating your supply chain system processes, including your internal audit records, management review, and corrective actions. This review will take several days to issue a report detailing their findings and whether your supply chain system is effective and compliant with the ISO 28000 requirements.
The auditors will also recommend certification if you meet all requirements. However, if you have any significant non-Conformances, you will need to take corrective action for those problems before recommended certification.
A good plan will help a lot when you implement ISO 28000 and work toward certification, so do take the time to plan and know what resources you need- this will save you time and resources later on.
In Addition, to ISO 28000:2007 Audits also offer a range of complimentary services:
ISO 28000 applies to all sizes of organizations, from small to multinational, in manufacturing, service, storage, or transportation at any stage of the production or supply chain.