ISO 28001 (Supply Chain Security Management Systems)

The risks of security incidents affecting an organisation’s international supply chain pose a considerable threat to international trade and the economic growth of trading nations. The safety and security of people, goods, equipment and infrastructure should be of critical importance to the relevant companies and bodies. This is where ISO 28001:2007 comes in. 

What is ISO 28001

ISO 28001 was developed to codify operations of security within the broader supply chain management system, and this standard sets out best practices for implementing supply chain security, assessments and plans.

ISO 28001:2007 was developed to secure and facilitate global trade, so that organisations of varying sizes could apply the standard to supply chains of varying degrees of complexity.  This international standard was published in 2007 after it was prepared by the Technical Committee ISO/TC 8 Ships and Marine Technology in partnership with other relevant technical committees responsible for aspects of supply chain management.  ISO 28001:2007 replaced ISO 28001:2006 and was last reviewed and confirmed in 2012, which means that the 2007 version is still current.

ISO 28001:2007 sets forth requirements and guidance for organisations in international supply chains to:

  • develop and implement supply chain security processes;
  • establish and document a minimum level of security within a supply chain(s) or segment of a supply chain;
  • assist in meeting the applicable authorized economic operator (AEO) criteria, as outlined in the World Customs Organisation Framework of Standards (WHO SAFE) and conforming national supply chain security programmes.

ISO 28001:2007 is a multimodal standard, which was created to complement the WCO SAFE Framework and not to replace or duplicate the certification and validation requirements of international customs agencies. If government agencies have mutually agreed to accept each other’s certifications or validations of an organization, then that organization complies with this international standard.

To comply with ISO 28001:2007, organisations will:

  • define the portion of an international supply chain within which they have established security and prepare a Statement of Coverage;
  • conduct Security Assessments on that portion of the supply chain to determine vulnerabilities and threats, in order to develop adequate countermeasures;
  • develop and implement a supply chain Security Plan;
  • train security personnel in their security-related duties.

The benefits of Implementing ISO 28001:2007:

  • Systematised management practices
  • Integrated enterprise resilience
  • Enhanced credibility and brand recognition
  • Aligned terminology and conceptual usage
  • Greater compliance processes
  • Improved supply chain performance

In a nutshell, the implementation of ISO 28001:2007 will assist organisations in establishing adequate levels of security within those parts of an international supply chain which they control.

Certifications Process

The process starts with the client’s needs and expectations. DQS wants to learn about the client’s organization, its management system, size and types of operation. Together both parties will define objectives for the assessment and/or certification, including applicable standards and specifications.

DQS will provide a detailed offer for assessment and certification services, tailored to individual client needs, based on the information provided initially. A written contract will specify all relevant deliverables as well as applicable assessment and certification criteria.

A pre-audit can serve as initial performance or gap analysis, identifying strengths and areas for improvement. For larger assessment and certification projects a project planning meeting provides a valuable opportunity for the client to meet the lead assessor and develop a customized assessment plan for all functions and locations involved. Both services are optional.

The assessment procedure itself begins with review and evaluation of system documentation, goals, results of management review and internal audits. During this process, it will be determined whether the client’s management system is sufficiently developed and ready for certification. The assessor will explain findings and coordinate any required activities to prepare for the on-site system assessment.

The assigned auditor team will audit the client’s management system at the place of production or service delivery. Applying defined management system standards and specifications, the assessment team will evaluate the effectiveness of all functional areas as well as all management system processes, based upon observations, inspections, interviews, review of pertinent records, and other assessment techniques. The audit result, including all findings will be presented to the client during the closing meeting. Required action plans will be agreed upon as necessary.

The independent certification function of DQS will evaluate the audit process and its results, and decide independently about issuance of the certificate. The client receives an audit report, documenting the audit results. When all applicable requirements are fulfilled the client also receives the certificate.

Either semi-annually or at least once per year, there will be an on-site audit of the critical components of the management system. Improvement potential will be identified, with a focus on continual improvement and sustained effectiveness.

A management system certificate is valid for a limited period of time, frequently for a maximum of three years. At the end of this cycle, a re-audit will be carried out to ensure the ongoing fulfillment of all applicable requirements. Subject to this fulfillment, a new certificate will be issued.

Why DQS?

DQS is one of the leading Management System Certification, Audits, Assessment & Training organization globally. 


Truly Global Brand


Expert Auditors with High Emotional Intelligence


Local Capabilities & Delivery


Industry Leaders


Customized, Comprehensive & Actionable Insights


Pioneering Innovative Solutions


Passion for Quality & Excellence


Integrity & Trust

Want to Know more?

Ph: (080) 6661-6565 | +91 924 320 3043 | E: