Supply Chain Security is a topic that is receiving increasing attention as the implications of our increasing harmonized trade environment sink in. To provide organizations with the tools necessary to protect their supply chains, the ISO community has been working on the ISO 28000 series of standards. Now the newly expanded ISO 28004 series provides you with tangible guidelines for the implementation of ISO 28000 principles. And there’s even a Part 4 dedicated to implementation when compliance with ISO 28001 is desired (the best practices standard for security management.)
Let’s review the series:
ISO 28004-1, 1st Edition, “Security management systems for the supply chain — Guidelines for the implementation of ISO 28000 — Part 1: General principles.”
This standard was originally released in 2007 as ISO 28004. The corrigendum in 2012 renumbered the standard so that it is now Part 1 of the series. ISO 28004-1 gives certifying bodies guidance for assessing an organization’s conformance with ISO 28000. This can be helpful to a company in the process of certification to understand how they will be judged. Since it’s a generic overview, the 3 new parts below address some special cases that warrant more attention.
ISO 28004-2, 1st Edition, “Security management systems for the supply chain – Guidelines for the implementation of ISO 28000 – Part 2: Guidelines for adopting ISO 28000 for use in medium and small seaport operations.”
This new Part 2 is intended to be used by port facility security when adopting ISO 28000. It provides self-evaluation criteria, not necessarily for certification, that will help determine the security capability of a seaport. This has been developed to support the International Ship and Port Facility Security (ISPS) Code that requires every maritime port facility to develop a comprehensive security plan.
ISO 28004-3, 1st Edition, “Security management systems for the supply chain – Guidelines for the implementation of ISO 28000 – Part 3: Additional specific guidance for adopting ISO 28000 for use by medium and small businesses (other than marine ports).”
Some smaller organizations have had a hard time defining what needs to be done to meet each of the requirements in ISO 28000. So this new Part 3 was developed to provide guidance for small and medium size businesses. This is particularly important since goods that are introduced into the transportation system can be an inherent risk to supply chain security if not properly vetted. This Part 3 supports the on-going reviews and verification necessary to conform with regulations and best practices.
ISO 28004-4, 1st Edition, “Security management systems for the supply chain – Guidelines for the implementation of ISO 28000 – Part 4: Additional specific guidance on implementing ISO 28000 if compliance with ISO 28001 is a management objective.”
So far the series has focused on meeting ISO 28000 requirements. Here in the new Part 4, additional guidance is given to organizations that are planning on not only adopting the ISO 28000, but also integrating the best practices of ISO 28001 into their security system. The likely goal? Establishing and documenting a specific level of security for the Authorized Economic Operator (AEO) program as part of the World Customs Organization (WCO) framework of standards.
What does this Part 4 address? Demonstrated compliance with customs requirements, a satisfactory system for the management of commercial records, financial viability, and consultation, co-operation, and communication. This is the framework for providing the link between the SAFE Framework Authorized Economic Operator requirements of the WCO and the various clauses of the ISO 28000 and ISO 28001.
If you need the ISO standards above, or any other ISO standard (current or obsolete), go to the Document Center webstore at www.document-center.com. Or you can contact our staff by phone (650-591-7600), fax (650-591-7617) or email (info@document-center.com). We are here to assist you in procuring, maintaining, and expanding your compliance documentation. Ask us about the support services we offer to help you with your standards requirements. And make us your Standards Experts!
