Gestion De Calidad

Scope

ISO 28000:2007 was developed to codify operations of security within the broader supply chain management system. The PDCA management systems structure was adopted in developing ISO 28000:2007 to bring the elements of this standard in congruence with related standards such as ISO 9001:2000 and ISO 14001:2004.[1][2]

[edit] Improved risk management integration

The development of an international standard addressing security risk management improves the broader interface with existing enterprise risk management in a common integrated platform. This integrated approach to risk management is often employed to better coordinate cross functional risk management mechanisms, improve performance measurement, ensure continual improvement and reducing misalignment of risk management objectives between silos.[3]

[edit] Application

ISO 28000:2007 was developed such that organizations of varying scale could apply the standard to supply chains of various degrees of complexity.

The general rational for organizations to adopt ISO 28000:2007 pertains to:

developing a security management system,

internal compliance with objectives of a security management policy,

external compliance with best practice benchmarks,

ISO accreditation.

[edit] Benefits

Adopting the ISO 28000 has broad strategic, organisational and operational benefits that are realized throughout supply chains and business practices.[4]

Benefits include, but are not limited to:

Integrated enterprise resilience

Systematised management practices

Enhanced credibility and brand recognition

Aligned terminology and conceptual usage

Improved supply chain performance

Benchmarking against internationally recognisable criteria

Greater compliance processes

[edit] Accreditation

ISO 28000:2007 is a certifiable standard.[5]

[edit] See also

Enterprise Resilience

International Organization for Standardization

ISO 31000

Security

Security risk

Security Risk Management

Supply Chain Management

Supply Chain Security

Total Security Management

[edit] References

1.^ ISO 28004: 2007 Guidelines for implementation of ISO 28000

2.^ Siegal, M. Standards Changing the World of Security Professionals. ASIS International: Virtual Seminar. 2008

3.^ Integrated Risk Management

4.^ Building SRM into Business Practice

5.^ ISO 28000: 2007 Specifications for security risk management systems for the supply chain http://www.iso.org/iso/iso_catalogue/catalogue_ics/catalogue_detail_ics.htm?csnumber=44641

[show]

­v ·

­t ·

­e

ISO standards

: · · ·: ·

­ ·

­ ·

­ ·

­ ·

­ ·

­ ·

­ ·

­ ·

­ ·

­( ·

­ ·

­ ·

­ ·

­ ·

­ ·

­ ·

­ ·

­ ·

­ ·

­ ·

­ ·

­ ·

­)

·

­ ·

­ ·

­ ·

­ ·

­ ·

­ ·

­ ·

­ ·

­ ·

­ ·

­ ·

­ ·

­ ·

­( ·

­ ·

­ ·

­ ·

­)

·

­ ·

­ ·

­ ·

­ ·

­ ·

­

...