ISO 28000:2007 was developed such that organizations of varying scale could apply the standard to supply chains of various degrees of complexity. ISO 28000 sets requirements for Security of the Supply Chain to enable an organization to establish, implement, operate, monitor, review, maintain and improve a documented management system within the context of the organization’s overall security risks.
The general rational for organizations to adopt ISO 28000 pertains to:
- developing a security management system,
- internal compliance with objectives of a security management policy,
- external compliance with best practice benchmarks,
- Recognition through accreditation.
- Best practices in deployment of resources to mitigate security risks
Organization given the responsibility of ensuring the security of the supply lanes of their country and its associated ports are required by International Regulations to audit each of their ports on a periodic basis. Specific skills required for this auditing process must be provided to an adequate number of members of the organization in order to ensure the safety and security of the country’s Ports is maintained at the optimum levels at all times. As such they should have an adequate number of personnel trained and ready to meet this requirement.
Subject matter expertise in supply chain security is an essential part of keeping the homeland secure. The ISPS (International Ship & Port Security Code) only enables protection of the maritime assets (the ships and the ports). Upstream and downstream of the ports and ships remains a grey area. It is from here that the genesis of breaches in security takes place. It is therefore essential that the organization consider the risks and potential dangers by considering the security management of the supply chain in its entirety and beyond the maritime assets.
Going further and widening the sphere of responsibility for organization the following too needs to be considered by the TM (Top Management). ISO 9001:2008 provides the framework for ensuring efficiency and equates to the ISM (International Safety Management Code) in maritime terms. The ISO 9001 however does not cover the by-products of the processes and the pollution as also the dangers to the environment. Internally ISO 14001:2004 provides this guideline which in our maritime world is enforced based on MARPOL.
Taking this further with the global security situation being as it is, the protection givers have to be prepared, aware and have all the tools they require. ISO 28000 provides this essential security management tool. The US initiative on C-TPAT is based on ISO 28000. Some 10,600 companies are compliant with C-TPAT. ISO 28000 is fast becoming the basis for managing security of the global supply chain.
