ISO 28000 - Supply Chain Security - Guidelines for auditors on information security controls

2024 Edition IOS 28000 Supply Chain Security Audit Avaialbe for immediate download

Security ManualISO 28000:2007 is necessary for support of an organization implementing and managing a Supply Chain Security Management System (SCSMS)

ISO 28000 - Supply Chain Security - With companies that have a high reliance on just-in-time delivery, aging infrastructure and increased natural and human-made threats. As a result Supply Chain Security has become a very important item for them, especially when viewed in relation with Business Continuity Management, Risk Management and Security Management.

Order Supply Chain Audit Program Download sample

ISO 28000 Definition

"This International Standard (ISO 28000) specifies the requirements for a security management system, including those aspects critical to the security assurance of the supply chain. Security management is linked to many other aspects of business management. Aspects include all activities controlled or influenced by organizations that impact on supply chain security. These other aspects should be considered directly, where and when they have an impact on security management, including transporting goods along the supply chain".

Supply Chain Audit program comes as an Excel Spread sheet that is 23 pages in length with 369 individual audit points covering:

    1. Security Risk Assessment
      • Risk Assessment
    2. Supply Chain Security Management Objectives
      • Internal Security Organization
      • Implementation and Operation of Supply Chain Security
    3. Organizational Supply Chain Management Objectives
      • Responsibility for Supply Chain
      • Information Classification System
    4. Human Resource Management Objectives
      • Security prior to employment
      • Security during employment
      • Security at termination
    5. Physical and Environmental Supply Chain Security Management Objectives
      • Secure areas
      • Enterprise equipment
      • Remote Devices
    6. Communication and Operations Management Objectives
      • Procedures and Responsibilities
      • Third Party Service Delivery
      • System Planning Activities
      • Malicious and Mobile Code
      • Backup Procedures
      • Computer Networks
      • Information Media
      • Exchange of Information
      • Interfaces (Blockchain)
    7. Information Access Control Management Objectives
      • Access to Information
      • User Access Rights
      • Access Practices
      • Access to Network Services
      • Access to Operation Systems
      • Access to Applications
      • Mobile and Remote Users
    8. System Development and Maintenance Objectives
      • Information System Application Security
      • Applications Processing Information
      • Cryptographic Controls
      • System files
      • Development and Support Processes
    9. Information Security Incident Management Objectives
      • Security Events and Weaknesses
      • Managing Security Incidents and Improvement
    10. Disaster Recovery Plan and Business Continuity Objectives
      • DRP/BCP
    11. Compliance Management Objectives
      • Mandated Security Requirements
      • Security Compliance Reviews
      • Information System Audits

Security Supply Chain Audit Program is easy to use and automatically generates graphics that can be used in management and compliance review presentations.

28000 Supply Chain Compliance Review

ISO 28000  was developed by the ISO Technical Committee TC8 "Ships and Maritime Technology". It is based on the ISO format adopted by ISO 14001:2004 because of its risk-based approach to management standards. The  ISO 28000 series of standards consists of:

  • ISO 28000:2007 - The Security Management Standard (SMS)  requirements standard, a specification for an SMS against which organizations can certify compliance.
  • ISO 28001:2007 - Provides requirements and guidance for organizations in international supply chains.
  • Assists in meeting the applicable authorized economic operator (AEO) criteria outlined in the World Customs Organization Framework of Standards and conforming to national supply chain security programs.
  • ISO 28002:2011 - Development of resilience in the supply chain - Requirements with guidance for use.
  • ISO 28003:2007 -  Requirements for bodies providing audit and certification of supply chain security management systems
  • ISO 28004:2007 - provides generic advice on the application of ISO 28000:2007.
  • ISO/AWI 28005 - ( Under development) Electronic port clearance (EPC) -- Part 1: Message structures.
  • ISO/AWI 28005 - Electronic port clearance (EPC) -- Part 2: Core data elements

ISO 28000 Supply Chain Audit Program - Standard Edition

Meets all of the ISO 28000:2007 mandates. Comes in an easy to use Excel spreadsheet which generates graphics that can be used in management and compliance presentations. Included is a sample of a completed audit program which was for a larger inter-modal shipper that implemented Blockchain technologies.

ISO 28000 Supply Chain Audit Program - Premium Edition

With this edition you get everything in the Standard addition plus a complete copy of Janco's industry standard Security Manual that includes easy to customize procedures which support all of the security and compliance mandates in the US, the EU and the UK

ISO 28000 Supply Chain Audit Program - Gold Edition

With this edition you get everything in the Standard addition plus the job description for:

  • Manager Network - Computing Services
  • Manager Network Services
  • Manager Security and Workstations
  • Manager Training - Documentation
  • Manager Voice and Data Communication
  • Manager Wireless Systems
  • Identity Management Protection Analyst
  • Information Security Analyst
  • Network Security Analyst
  • System Administrator - Linux
  • System Administrator - Unix
  • System Administrator - Windows
  • Wi-Fi Administrator

In addition you get 28 electronic forms

Forms that can be Emailed, completed via a computer or tablet, and stored electronically including:

  • Application & File Server Inventory
  • Blog Policy Compliance Agreement
  • BYOD Access and Use Agreement
  • Company Asset Employee Control Log
  • Email Employee Acknowledgement
  • Employee Termination Checklist
  • Internet Access Request
  • Internet & Electronic Communication Employee Acknowledgement
  • Internet Access Request
  • Internet Use Approval
  • Mobile Device Access and Agreement
  • Mobile Device Security and Compliance Checklist
  • New Employee Security Acknowledgement and Release
  • Outsourcing and Cloud Security Compliance Agreement
  • Outsourcing Security Compliance Agreement
  • Preliminary Security Audit Checklist
  • Privacy Compliance Policy Acceptance Agreement
  • Security Access Application
  • Security Audit Report
  • Security Violation
  • Sensitive Information Policy Compliance Agreement
  • Social Network Compliance Agreement
  • Telecommuting Work Agreement
  • Text Messaging Sensitive Information Agreement
  • Threat and Vulnerability Assessment
  • Work From Home Work Agreement
  • Plus more

Order Supply Chain Audit Program Download sample