Surf Wiki
Save to docs
general/iso-standards

From Surf Wiki (app.surf) — the open knowledge base

ISO 28000

Management system standard

Summary

Management system standard

'*ISO 28000:2022, *Security and resilience – Security management systems – Requirements''''', is a management system standard published by International Organization for Standardization (ISO) that specifies requirements for a security management system including aspects relevant to the supply chain.

The standard was originally developed by ISO/TC 8 on "Ships and maritime technology" and published in 2007. In 2015 the responsibility for the ISO 28000 series was transferred to ISO/TC 292 on "Security and resilience", who in 2019 decided to start a revision. A justification study for the revision was accepted by ISO TMB (Technical Management Board). The revised version of ISO 28000 was published on March 15, 2022.

Scope and contents

Similar to other management system standards by ISO, the requirements specified in ISO 28000 are generic and intended to be applicable to all organizations, regardless of type, size, and industry. However, the extent of applicability of the requirements depends on the organization's environment and complexity.

ISO 28000:2022 is divided into 10 main clauses and has adopted the harmonized structure and standardized text set out by Annex SL.

The standard is divided as follows:

  1. Scope
  2. Normative references
  3. Terms and definitions
  4. Context of the organization
  5. Leadership
  6. Planning
  7. Support
  8. Operation
  9. Performance evaluation
  10. Improvement

ISO 28000:2007 was developed to standardize security within the broader supply chain management system. In the revision the PDCA management systems structure was adopted in expanding ISO 28000 to bring the elements of this standard in congruence with related standards such as ISO 9001:2000, ISO 14001:2004 and in particular ISO 22301:2018. Also the limitations of security within the supply chain were eliminated so that now it is clear that it can be used throughout all aspects of security of the organization.

Benefits

Implementing ISO 28000 has broad strategic, organisational and operational benefits that are realized throughout the organization.

Benefits include, but are not limited to:

  • Improved security and thereby enhancing resilience
  • Systematised management practices
  • Enhanced credibility and brand recognition
  • Aligned terminology and conceptual usage
  • Improved organizational performance including aspects of the supply chain
  • Benchmarking against internationally recognisable criteria
  • Greater compliance processes

Improved risk management integration

The international standard addresses specifically the assessment and treatment of security-related risks (risks that relate to the security of the organization and its interested parties) and in this context refers to ISO 31000. This improves the broader interface with existing enterprise risk management in a common integrated platform. This integrated approach to risk management is recommended by ISO 31000 to better coordinate cross functional risk management mechanisms, improve performance measurement, ensure continual improvement and prevent silo thinking within the organization.

Application

ISO 28000:2007 was initially developed so that organizations of varying scale could apply the standard to their supply chains of various degrees of complexity. Now, after the revision, ISO 28000:2022 can be applied beyond the supply chain to all aspects of the organization.

The general rational for an organization to adopt ISO 28000:2022 pertains to:

  • developing a security management system,
  • internal compliance with objectives of a security management policy,
  • external compliance with best practice benchmarks,
  • conformity assurance with the standard,
  • enhancing the organization's resilience by an effective, coordinated and integrated application of its security management system.

ISO 28000:2022 is a certifiable standard. In 2016, the countries with the highest number of certificates were India (425), Japan (299), Spain (231), US (223) and UK (197).

History

ISO 28000 was originally developed as a Publicly Available Specification by ISO technical committee ISO/TC 8 on Ships and marine technology and published in 2005. In 2007, ISO/PAS 28000:2005 was withdrawn and replaced by a full ISO standard under the title ISO 28000:2007. In 2014, ISO 28000:2007 was reviewed and confirmed. In 2015, ISO/TC 292 Security and resilience took over the responsibility of the standard and decided later in 2019 to initiate a revision of the standard. In March 2022 the revised second edition of the standard was published.

YearDescription
2005ISO/PAS 28000
2007ISO 28000 (1st edition)
2022ISO 28000 (2nd edition)

References

References

  1. (4 May 2022). "Iso 28000:2022".
  2. (17 November 2020). "ISO/TC 8 - Ships and marine technology".
  3. "Isotc292".
  4. ISO 28000: 2022 Security and resilience -- Security management systems - Requirements [http://www.iso.org/iso/iso_catalogue/catalogue_ics/catalogue_detail_ics.htm?csnumber=44641]
  5. https://www.iso.org/standard/44641.html ISO 28000:2007 Specification for security management systems for the supply chain
  6. "ISOTC292".
  7. "ISOTC292".
  8. "ISO 28000:2007".
  9. "ISO 28004-2:2014".
Wikipedia Source

This article was imported from Wikipedia and is available under the Creative Commons Attribution-ShareAlike 4.0 License. Content has been adapted to SurfDoc format. Original contributors can be found on the article history page.

iso-standards supply-chain-management iso-publicly-available-specifications
Want to explore this topic further?

Ask Mako anything about ISO 28000 — get instant answers, deeper analysis, and related topics.

Research with Mako

Free with your Surf account

Content sourced from Wikipedia, available under CC BY-SA 4.0.

This content may have been generated or modified by AI. CloudSurf Software LLC is not responsible for the accuracy, completeness, or reliability of AI-generated content. Always verify important information from primary sources.

Report