Organizations require security assurance of their supply chain. Almost every day, there is a news article concerning a disruption to a supply chain, whether it be a security issue with physical transport or through a cybersecurity incident.
Wherever you fit into the supply chain – from supplying raw materials to delivering finished goods – the integrity of the customer’s property within the supply chain is essential.
ISO 28000:2007, Specifications for security management systems for the supply chain, establishes a security system that will protect people, goods, infrastructure, equipment, and transportation against security incidents and other potentially disruptive situations. It also provides an organization a solid base to identify, assess, control and mitigate its supply chain security risks. This standard requires identification of the following security risks:
- Physical failure threats and risks
- Operational threats and risks
- Natural environmental events
- Factors outside the organization’s control
- Stakeholder threats and risks
- Design and installation of security equipment
- Information and data management and communications
- Threats to the continuity of operations
Updating standards is essential to maintain their value and relevancy. This standard is currently undergoing revision and the draft international standard is currently under review. The expected final draft and full publication is expected between Q4 2021 and Q1 2022. Radian’s own Lisa DuBrock is a member of the ISO U.S. technical committee for this standard and will provide relevant updates.
Why implement and certify to a supply chain security management (SCSM)?
- Identify risks to supply chain security and create effective risk treatment plans.
- Create security plans to address disruptions up chain or down chain to ensure you can meet your contractual requirements.
- Conduct a 3rd party assessment to this standard which will provide an organization a competitive edge in a very competitive market.