ISO 28000 - Supply Chain Security - Guidelines for auditors on information security controls
Order Security Manual Template Download sample Version History
ISO 28000:2007 is necessary for support of an organization implementing and managing a Supply Chain Security Management System (SCSMS)
ISO 28000 - Supply Chain Security - With companies that have a high reliance on just-in-time delivery, aging infrastructure and increased natural and human-made threats, Supply Chain Security has become a very important item for them, especially when viewed in relation with Business Continuity Management, Risk Management and Security Management.
ISO 28000 Definition
"This International Standard (ISO 28000) specifies the requirements for a security management system, including those aspects critical to the security assurance of the supply chain. Security management is linked to many other aspects of business management. Aspects include all activities controlled or influenced by organizations that impact on supply chain security. These other aspects should be considered directly, where and when they have an impact on security management, including transporting goods along the supply chain".
The business environment is constantly changing - along with threats to a company's survival. Organizations need to be ahead of the game, and an excellent defence can be built around audit of the controls used to support the information security. ISO 28000:2007 is applicable to all sizes of organizations, from small to multinational, in manufacturing, service, storage or transportation at any stage of the production or supply chain that wish to:
- establish, implement, maintain and improve a security management system;
- assure conformance with stated security management policy;
- demonstrate such conformance to others;
- seek certification/registration of its security management system by an Accredited third party Certification Body; or
- make a self-determination and self-declaration of conformance with ISO 28000:2007.
ISO 28000 was developed by the ISO Technical Committee TC8 "Ships and Maritime Technology". It is based on the ISO format adopted by ISO 14001:2004 because of its risk based approach to management standards. The ISO 28000 series of standards consists of:
- ISO 28000:2007 - The Security Management Standard (SMS) requirements standard, a specification for an SMS against which organizations can certify compliant.
- ISO 28001:2007 - Provides requirements and guidance for organizations in international supply chains.
- Assists in meeting the applicable authorized economic operator (AEO) criteria set forth in the World Customs Organization Framework of Standards and conforming national supply chain security programmes.
- ISO 28002:2010 PAS - Development of resilience in the supply chain - Requirements with guidance for use.
- ISO 28003:2007 - Requirements for bodies providing audit and certification of supply chain security management systems
- ISO 28004:2007 - provides generic advice on the application of ISO 28000:2007.
- ISO/AWI 28005 - ( Under development) Electronic port clearance (EPC) -- Part 1: Message structures.
- ISO/AWI 28005 - Electronic port clearance (EPC) -- Part 2: Core data elements
Order Security Manual Template Download Sample
The Security Manual Template can be acquired as a stand alone item (Standard) or in the Premium or Gold sets:
Security Manual Template - Standard Edition
- Business and IT Impact Questionnaire
- Threat and Vulnerability Assessment Toolkit
- Security Management Checklist
- Full Detail Policies for
- Blog and Personal Website Policy
- Mobile Device Policy
- Physical and Virtural File Server Policy
- Sensitive Information Policy
- Travel and Off-Site Meeting Policy
- HIPAA Audit Program
- GDPR Compliance Checklist to meet EU Requirements
- California Consumer Privacy Act requirements definition
- Consumer Bill of Rights
- Sarbanes Oxley Section 404 Checklist
- Security Audit Program- fully editable -- Comes in MS EXCEL and PDF formats -- Meets GDPR, ISO 28000, 27001, 27002, Sarbanes-Oxley, PCI-DSS, HIPAA FIPS 199, and NIS SP 800-53 requirements -- Over 400 unique tasks divided into 11 areas of audit focus which are the divided into 38 separate task groupings
- Electronic forms that can be Emailed, completed via a computer or tablet, and stored electronically including: Blog Policy Compliance, BYOD Access and Use, Company Asset Employee Control Log, Email - Employee Acknowledgment, Employee Termination Checklist, FIPS 199 Assessment Electronic Form, Internet Access Request, Internet Use Approval, Internet & Electronic Communication - Employee Acknowledgment, Mobile Device Access and Use Agreement, Employee Security Acknowledgement Release, Preliminary Security Audit Checklist, Risk Assessment, Security Access Application, Security Audit Report, Security Violation Reporting, Sensitive Information Policy Compliance Agreement, Server Registration, and Threat and Vulnerability Assessment
- eReader version of the Security Manual Template
Security Manual Template - Premium Edition
Security Manual Template Standard Edition - Electronically Delivered
- Security Team Job Descriptions MS Word Format
- Chief Compliance Officer (CCO); Chief Security Officer (CSO); VP Strategy and Architecture; Data Protection Officer (DPO); Director e-Commerce; Database Administrator; Data Security Administrator; Manager Data Security; Manager Facilities and Equipment; Manager Network and Computing Services; Manager Network Services; Manager Training and Documentation; Manager Voice and Data Communication; Manager Wireless Systems; Identity Management Protection Analyst, Information Security Analyst, Network Security Analyst; System Administrator - Linux, System Administrator - Unix; and System Administrator - Windows
Security Manual Template - Gold Edition
Security Manual Template Premium Edition Electronically Delivered
- IT Job Descriptions MS Word Format - Updated to meet all mandated security requirements
- 300 Job Descriptions from the Internet and IT Job Descriptions HandiGuide in MS Word Format including all of the job descriptions in the Premium Edition. Each job description is at least 2 pages long and some of the more senior positions are up to 8 pages in length.
Disaster Recovery Business Continuity & Security Manual Templates Standard Edition Includes
- Disaster Recovery Business Continuity Template
- Security Manual Template
- Disaster Recovery Business Continuity Template - Standard Edition
- Security Manual Template - Standard Edition
- 25 Job Descriptions
- CIO; CCO; CSO; VP Strategy and Architecture; Director e-Commerce; Database Administrator; Data Security Administrator; Manager Data Security; Manager Database; Manager Disaster Recovery; Manager Disaster Recovery and Business Continuity; Pandemic Coordinator; Manager Facilities and Equipment; Manager Media Library Support; Manager Network and Computing Services; Manager Network Services; Manager Site Management; Manager Training and Documentation; Manager Voice and Data Communication; Manager Wireless Systems;Capacity Planning Supervisor; Disaster Recovery Coordinator; Disaster Recovery - Special Projects Supervisor; Network Security Analyst; System Administrator - Unix; System Administrator - Windows
- Disaster Recovery Business Continuity Template - Standard Edition
- Security Manual Template - Standard Edition
- 300 Job Descriptions which includes all of the job descriptions in the premium edition
"Best of Breed - Best Practices Disaster Recovery Planning / Business Continuity Planning, Security Policies, IT Job Descriptions" according to the IT Productivity Center
