ISO 28000:2007 供应链的安全管理系统规范

标准编号：ISO 28000:2007

中文名称：供应链的安全管理系统规范

英文名称：Specification for security management systems for the supply chain

发布日期：2007-09

标准范围

ISO 28000:2007规定了安全管理系统的要求，包括对供应链安全保证至关重要的方面。安全管理与业务管理的许多其他方面相关联。方面包括所有受组织控制或影响的、对供应链安全产生影响的活动。这些其他方面应该直接考虑，它们在何时何地对安全管理产生影响，包括在供应链上运输这些货物。ISO 28000:2007适用于所有规模的组织，从小型到跨国公司，在生产或供应链的任何阶段进行制造、服务、储存或运输，以期:a） 建立、实施、维护和完善安全管理体系；b） 确保符合规定的安全管理政策；c） 向他人展示这种一致性；d） 寻求经认证的第三方认证机构对其安全管理系统进行认证/注册；或e） 根据ISO 28000:2007进行自我决定和自我声明。ISO 28000:2007中有一些立法和监管规范解决了一些要求。ISO 28000:2007无意要求对一致性进行重复证明。选择第三方认证的组织可以进一步证明他们对供应链安全做出了重大贡献。

ISO 28000:2007 specifies the requirements for a security management system, including those aspects critical to security assurance of the supply chain. Security management is linked to many other aspects of business management. Aspects include all activities controlled or influenced by organizations that impact on supply chain security. These other aspects should be considered directly, where and when they have an impact on security management, including transporting these goods along the supply chain.ISO 28000:2007 is applicable to all sizes of organizations, from small to multinational, in manufacturing, service, storage or transportation at any stage of the production or supply chain that wishes to:a) establish, implement, maintain and improve a security management system;b) assure conformance with stated security management policy;c) demonstrate such conformance to others;d) seek certification/registration of its security management system by an Accredited third party Certification Body; ore) make a self-determination and self-declaration of conformance with ISO 28000:2007.There are legislative and regulatory codes that address some of the requirements in ISO 28000:2007.It is not the intention of ISO 28000:2007 to require duplicative demonstration of conformance.Organizations that choose third party certification can further demonstrate that they are contributing significantly to supply chain security.

标准预览图