ISO 28000:2007

For organisations working within, or relying on, the logistics industry, certification to the ISO 28000:2007 supply chain management standard provides a valuable framework. It will help minimise the risk of security incidents and so help provide problem-free 'just in time' delivery of goods and supplies. It will also provide substantial support in achieving the EU Authorised Economic Operator (AEO) certification, a crucial certificate for companies importing and exporting with the EU.

How can ISO 28000 benefit my organisation?

Lloyd's Register Quality Assurance (LRQA) is at the leading edge of supply chain security management system certification. We have experience of security assessments gained from carrying out audits to the International Ship and Port Facility code (ISPS). Having issued the first ISO 28000 global certificate, we are in a prime position to share our experience and expertise to help our clients manage security risks and assure continuity of supply.

Most organisations rely in some way on the supply chain to ensure business continuity and are vulnerable if supplies are interrupted. To help prevent this and manage security risks and so be better able to assure continuity of supply in this current volatile world climate, ISO has published ISO 28000:2007, with valuable and extensive input from Lloyd's Register.

This new management system standard provides, for the first time, a framework for organisations that operate or rely on any aspect of the supply chain. It can help all sectors of industry to assess security risks and implement controls and mitigating arrangements to manage potential security threats and impacts from the supply chain, in the same way that other fundamental business principles such as quality, safety and customer satisfaction are managed.

The standard is a plan-do-check-act based management system that has been modelled on the well proven ISO 14001 standard. This means organisations already familiar with the same risk-based approach used by ISO 14001 will be able to use a similar approach when analysing supply chain security risks and threats.

ISO 28000 and EU regulation for Authorised Economic Operator (AEO)

The EC Regulation for Enhancing Supply Chain Security, related to the EU Customs, has introduced the concept of Authorised Economic Operator (AEO) which can be regarded as an essential part of the EU answer to the US Customs and Border Protection initiative - Customs Trade Partnership against Terrorism (C-TPAT).

Companies shipping goods into and/or out of the EU (and who are dealing with Customs) can apply for certification as an AEO, which implies that they have demonstrated compliance on a number of issues. Supply Chain Security is a major subject in the requirements. The ISO 28000 series therefore has acted as the baseline to the AEO requirements.

Companies who can demonstrate ISO 28000 certification (issued through an independent third-party) are therefore considered to comply with the most extensive part of the AEO requirements. This will mean substantially reduced efforts are needed to demonstrate compliance to AEO requirements. They will also benefit from the competitive advantage of having an internationally-renowned certificate to demonstrate their extensive security management procedures to their clients.

How can we gain certification to ISO 28000:2007?

We are able to provide assessment services to this recently-launched standard.

• If you would like to speak to one of our business advisors, call 0800 783 2179. They will ask you a few key details about your organisation to assist your enquiry.
• Alternatively, complete the enquiry form on this website.
• To learn more about how the LRQA assessment process works, please see our (insert appropriate link).

Background to ISO 28000:2007

ISO 28000:2007 is a management system standard which has been developed specifically for logistics companies and organisations that manage supply chain operations. Published as a Publicly Available Specification by the International Standards Organisation in 2005, this was replaced in 2007 by the full standard, ISO 28000:2007.

ISO 28000:2007 is suitable for all sizes and types of organisations involved in manufacturing, service, storage or transportation that wish to implement and maintain a security management system.

The standard may be used:

• by businesses that are going out to tender for their services.
• to provide a consistent approach by all service providers in a supply chain.
• to benchmark supply chain security management.
• as the basis for an independent assessment.
• to demonstrate the ability to meet customer requirements.
• to improve services.

Home   Contact   Find Us   Events   Worldwide   RSS Feeds (not yet available)