ISO 28001:2007 provides requirements and guidance for organizations in international supply chains to
- develop and implement supply chain security processes;
- establish and document a minimum level of security within a supply chain(s) or segment of a supply chain;
- assist in meeting the applicable authorized economic operator (AEO) criteria set forth in the World Customs Organization Framework of Standards and conforming national supply chain security programmes.
ISO 28000 does not prescribe specific measures. This is why compliance measures like AEO and C-TPAT can be “managed” through an ISO 28000 system. By providing guidance for a risk management process, you remain in control to make relevant and cost-effective decisions.
ISO 28002:2011 specifies requirements for a resilience management system in the supply chain to enable an organization to develop and implement policies, objectives, and programs, taking into account legal, regulatory and other requirements to which the organization subscribes; information about significant risks, hazards and threats that may have consequences to the organization, its stakeholders, and on its supply chain; protection of its assets and processes; and management of disruptive incidents