ISO_PAS 28000 Outlines Security Mgmt. for Global Supply Chains

ISO/PAS 28000 Outlines Security Mgmt. for Global Supply Chains

November 28, 2005

In an effort to ensure the smooth and safe flow of international trade through the global supply chain, the International Organization for Standard (ISO) published ISO/PAS 28000:2005 for security management systems.

ISO/PAS 28000:2005 - Specification for security management systems for the supply chain "... is designed to enable better monitoring of freight flows, to combat smuggling and to respond to the threat of piracy and terrorist attacks as well as to create a safe and secure international supply chain regime," said Captain Charles Piersall, chair of ISO technical committee ISO/TC 8, Ships and marine technology.

According to the ISO, "supply chain" describes an overall process that results in goods being transported from the point of origin to final destination and includes the movement of goods, shipping data and associated processes and relationships. It involves many entities such as producers of goods, logistics management firms, consolidators, truckers, railroads, air carriers, marine terminal operators, ocean carriers, cargo/mode/customs agents, financial and information services, and buyers of the goods being shipped.

Adding complexity to the elements of the supply chain, a company may employ more than one logistics firm, trucking companies may subcontract to operators or other companies, and vessel operating companies may divert the cargo to other carriers for various reasons.

Because security hazards can enter the supply chain at any stage, adequate control throughout is essential and security becomes the joint responsibility of all the players in the supply chain, said the ISO.

ISO/PAS 28000:2005 outlines the requirements to enable an organization to establish, implement, maintain and improve a security management system, including those aspects critical to security assurance of the supply chain. These aspects include, but are not limited to, financing, manufacturing, information management and the facilities for packing, storing and transferring goods between modes of transport and locations.

ISO/PAS 28000:2005 may be used by a broad range of organizations - small, medium and large - in the manufacturing, service, storage and transportation sectors at any stage of the production or supply chain. Its implementation will reassure business partners that security is taken seriously within the organizations they deal with, said the ISO.

ISO/PAS 28000:2005 integrates the process-based approach of ISO's management system standards - ISO 9001:2000 and ISO 14001:2004 - including the Plan-Do-Check-Act (PDCA) cycle and requirement for continual improvement, as well as the risk management elements of ISO 14001:2004

While ISO/PAS 28000 may be implemented on its own, it is designed to be fully compatible with ISO 9001:2000 and ISO 14001:2004. Companies already using these management system standards may be able to use them as a foundation for developing the security management system of ISO/PAS 28000. To help users, ISO/PAS 28000 includes a table showing the correspondence of its requirements with those of ISO 9001:2000 and ISO 14001:2004.

ISO/PAS 28000:2005 is one of several developments underway for "intermodal supply chain security" being undertaken by ISO/TC 8 that include the following documents:

ISO/PAS 20858:2004 - Ships and marine technology - Maritime port facility security assessments and security plan development, published in June 2004, is designed to assist in the implementation of the International Maritime Organization's International Ship & Port Security (ISPS) Code.
ISO/PAS 28001 - Best practices for custody in supply chain security will assist industry to meet best practices as outlined in the World Customs Organization Framework. It is expected to be published in the second quarter of 2006.
ISO/PAS 28004 - Security management systems for the supply chain - General guidelines on principles, systems and supporting techniques, will assist users of ISO 28000. It will reference ISO 19011:2002 - Guidelines for quality and/or environmental management systems auditing, and the future ISO/IEC 17021 - Conformity assessment - Requirements for bodies providing audit and certification of management systems.

Fourteen countries participated in the development of ISO/PAS 28000, together with several international organizations and regional bodies, including the International Maritime Organization, the International Association of Ports and Harbours, the International Chamber of Shipping, the World Customs Organization, the Baltic and International Maritime Council, the International Association of Classification Societies, the International Innovative Trade Network, the World Shipping Council, the Strategic Council on Security Technology (which has a Memorandum of Understanding with ISO/TC 8) and the US-Israel Science and Technology Foundation.

Note: An ISO/PAS (Publicly Available Specification) is an alternative to "full fledged" international standards offered by ISO when swift development and publication is a priority. All PASs are reviewed every three years to determine if the document should be reconfirmed as a PAS for another three-year period or whether it should be further developed to become an ISO international standard.

Source: International Organization for Standardization (ISO).