In TT Talk Edition 102 (16 October 2007) Hart Security introduced the new ISO 28000 security management standard. A longer description of the business benefits offered by engaging in this standard was set out in House-to-House December 2007. This article continues the theme by identifying how this management standard fits into the current regulatory arena.

The adoption of ISO 28000 requires a company continually to assess the security environment in which it operates to determine the adequacy of security measures in place to protect its business interests and ensure compliance with international regulatory requirements (ie. ISPS Code and other international supply chain security initiatives such as the EU Authorised Economic Operator or AEO). If any security vulnerabilities - strategic or operational - are identified in the assessment process a company will have the ability to implement effective mechanisms and processes to address these gaps, utilising the ISO security management system.

One of the main purposes of ISO 28000 is to be a common value-adding, verifiable, internationally recognised standard that bridges governmental and industry-driven supply chain initiatives and it currently stands alone in being able to fulfil the requirements for reciprocity between them. ISO 28000 is based on all currently prevalent and relevant global security initiatives, including C-TPAT (US Customs-Trade Partnership against Terrorism), AEO and the World Customs Organization s Framework of Standards to secure global trade.

Indeed, a major port operator has already been able to satisfy the US Customs & Border Protection that it meets the requirements of C-TPAT through its ISO 28000 certification. The European Union s AEO initiative also recognises the ISO standard as providing the requirements for the Safety & Security certificate.

The standard therefore does not duplicate security legislative codes, but rather complements international code requirements and additionally demonstrates continued compliance in these regulatory areas. ISO 28000 has been designed to be fully compatible with other ISO management standards. By applying a process approach and the Plan-Do-Check-Act methodology to address potential risks to the supply chain, ISO 28000 is consistent with other management system standards such as ISO 9001 (Quality Management) and ISO 14001 (Environmental Management). Companies which already have other ISO systems in place may be able to use them as a foundation for developing a security management system.

ISO 28000 offers a systematic approach to security management that can both improve operational capabilities and increase confidence on the part of customers and regulators. All businesses that are reliant on the supply chain for business continuity will benefit by adopting the sound management principles in ISO 28000.