TT Talk - Supply Chain Security - ISO 28000 & the regulatory context


  • Date: 18/02/2008
  • Source: TT Talk 106

In TT Talk Edition 102 (16 October 2007) Hart Security introduced the new ISO 28000 security management standard. A longer description of the business benefits offered by engaging in this standard was set out in House-to-House December 2007. This article continues the theme by identifying how this management standard fits into the current regulatory arena.

The adoption of ISO 28000 requires a company continually to assess the security environment in which it operates to determine the adequacy of security measures in place to protect its business interests and ensure compliance with international regulatory requirements (ie. ISPS Code and other international supply chain security initiatives such as the EU Authorised Economic Operator or AEO). If any security vulnerabilities - strategic or operational - are identified in the assessment process a company will have the ability to implement effective mechanisms and processes to address these gaps, utilising the ISO security management system.

One of the main purposes of ISO 28000 is to be a common value-adding, verifiable, internationally recognised standard that bridges governmental and industry-driven supply chain initiatives and it currently stands alone in being able to fulfil the requirements for reciprocity between them. ISO 28000 is based on all currently prevalent and relevant global security initiatives, including C-TPAT (US Customs-Trade Partnership against Terrorism), AEO and the World Customs Organization s Framework of Standards to secure global trade.

Indeed, a major port operator has already been able to satisfy the US Customs & Border Protection that it meets the requirements of C-TPAT through its ISO 28000 certification. The European Union s AEO initiative also recognises the ISO standard as providing the requirements for the Safety & Security certificate.

The standard therefore does not duplicate security legislative codes, but rather complements international code requirements and additionally demonstrates continued compliance in these regulatory areas. ISO 28000 has been designed to be fully compatible with other ISO management standards. By applying a process approach and the Plan-Do-Check-Act methodology to address potential risks to the supply chain, ISO 28000 is consistent with other management system standards such as ISO 9001 (Quality Management) and ISO 14001 (Environmental Management). Companies which already have other ISO systems in place may be able to use them as a foundation for developing a security management system.

ISO 28000 offers a systematic approach to security management that can both improve operational capabilities and increase confidence on the part of customers and regulators. All businesses that are reliant on the supply chain for business continuity will benefit by adopting the sound management principles in ISO 28000.

24 Hour Claims Hotline
+44 7000 882582

Through Transport Mutual Insurance Association Limited and TT Club Mutual Insurance Limited, trading as the TT Club. TT Club Mutual Insurance Limited, registered in the UK (Company number: 02657093) is authorised by the Prudential Regulation Authority and regulated in the UK by the Financial Conduct Authority and Prudential Regulation Authority. In Hong Kong, TT Club Mutual Insurance Limited is authorised and regulated by the Hong Kong Insurance Authority, in Singapore by the Monetary Authority of Singapore and in Australia by the Australian Prudential Regulation Authority. In the United States, TT Club Mutual Insurance Limited is approved as a surplus lines insurer in all states and is accessible through properly licensed surplus lines brokers. The registered offices are: 90 Fenchurch Street, London, EC3M 4ST.

Through Transport Mutual Insurance Association Limited, registered in Bermuda (Company number: 1750) is authorised and regulated in Bermuda by the Bermuda Monetary Authority and is authorised in the UK by the Prudential Regulation Authority and regulated in the UK by the Financial Conduct Authority and Prudential Regulation Authority.

The UK VAT Identification number for Through Transport Mutual Insurance Association Limited is: GB 564 5244 35 and for TT Club Mutual Insurance Limited is: GB 564 3375 30. The Italian VAT Identification number for TT Club Mutual Ltd is: 03627210101.