TT Talk - Supply Chain Security - new ISO standard

Supply Chain Security has been a hot topic for some years now with the vulnerability of international trade to threats such as economic and political terrorism, smuggling and organised crime becoming an increasing focus for companies. The Club is pleased to be working with Hart Security on these issues and welcomes this introductory item from Hart alerting readers to the new ISO security management standard.

Security of any international supply chain involves a number of different entities and generally spans many borders. Each entity will have their own specific objectives and needs driven by different initiatives dependent on the practice of the market in which they operate. The one common factor is that supply chains need to co-operate to ensure integrity throughout the whole chain as the security of any chain is only as good as its weakest link.

Several countries, regions and industries have developed initiatives to address supply chain security, including ISPS (International Ship and Port Facility Security Code), C-TPAT (Customs-Trade Partnership Against Terrorism), TAPA (Transported Asset Protection Association) and EU AEO (Authorised Economic Operator). Although these have undoubtedly collectively improved security there is still disharmony and confusion with companies either unsure what they should choose to do and what benefits it will bring, or frustrated at auditing or checking processes required for a number of different initiatives.

The International Organization for Standardization (ISO) has now developed ISO 28000:2007 Specification for Security Management Systems for the Supply Chain, released as a full standard on 21 September 2007. In the introduction to ISO 28000 it states: 'This International Standard has been developed in response to demand from industry for a security management standard. Its ultimate objective is to improve the security of supply chains. It is a high level management standard that enables an organisation to establish an overall supply chain security management system.'

ISO 28000 has been developed along the same lines as ISO 9001 and ISO 14001 with the Plan-Do-Check-Act methodology and with the vast array of operators within the supply chain in mind, whether they be small or large. Clearly, the need for assimilation with other regulations and initiatives was desirable. Consequently regulatory compatibility was considered throughout the development process and the Standard has been developed to provide an overall management system that will provide the majority of requirements for any initiative or regulation currently in practice.

ISO 28000 requirements address security from a management perspective. A security management system which supports the operational and functional requirements of the supply chain demonstrates to customers, business partners and employees a company's commitment to effective security practices and the protection of their personnel, goods and assets. By developing security requirements through a management system approach businesses will see immediate benefits and can feel certain that their security practices will easily be adapted to any future initiatives or regulations.

Staff Author

TT Club