Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
2008-04-03
2008-04-03
No. 2
1. Scope
includes all activities controlled or influenced by the
organization that impact on supply chain security
2008-04-03
No. 3
2008-04-03
No. 4
2008-04-03
No. 5
2008-04-03
No. 6
2008-04-03
No. 7
installation
identification of adequate resources, including staffing levels
identification of training needs
development of operational controls
the organizations overall threat and risk management
framework
Note: Some similarities with TAPA and C-TPAT as well as ISO 9001 and 14001
2008-04-03
No. 8
assessment shall:
relate to scope, nature and timing to ensure it is proactive rather
than reactive
include the collection of information related to security threats
and risks
provide for the classification of threats/ risks and identification of
those that are to be avoided, eliminated or controlled
include monitoring of actions to ensure effectiveness and
timeliness of implementation
Note: Related to C-TPAT requirements for Risk Assessment
2008-04-03
No. 9
2008-04-03
No. 10
Note: Some similarities with ISO 9001 (Quality) and ISO 14001 (Environment) standards
2008-04-03
No. 11
(where practicable)
communicated to relevant employees, third parties and
contractors
reviewed periodically to ensure they remain relevant; amended
when necessary
2008-04-03
No. 12
2008-04-03
No. 13
2008-04-03
No. 14
2008-04-03
No. 15
2008-04-03
No. 16
including:
security policy, objectives and targets
description of scope of the sms
description of main elements of the sms with their interaction and reference to
related documents
documents and records required by the standard and determined by the
organization to be necessary for effective planning, operation and control of
processes
Note: Some similarities with ISO 9001 (Quality) and ISO 14001 (Environment)
standards, as well as TAPA/ C-TPAT
ISO 28000 - GLC Germanischer Lloyd Certification GmbH
2008-04-03
No. 17
authorized personnel
obsolete documents are promptly removed or otherwise assured against
unintended use
archival documents retained for legal or knowledge preservation purposes or
both
documents are secure if in electronic form are adequately backed up and
retrievable
Note: Some similarities with ISO 9001 (Quality) and ISO 14001 (Environment)
standards, as well as TAPA/ C-TPAT
2008-04-03
No. 18
for achieving
security management policy, objectives and delivery of security
management programs
control of activities and mitigation of identified security threats/
risks
compliance with legal, statutory and other regulatory security
requirements
required level of supply chain security
Note: Some similarities with TAPA/ C-TPAT
2008-04-03
No. 19
2008-04-03
No. 20
2008-04-03
No. 21
2008-04-03
No. 22
2008-04-03
No. 23
Note: Some similarities with ISO 9001 (Quality) and ISO 14001 (Environment) standards, as
well as TAPA/ C-TPAT
2008-04-03
No. 24
Note: Some similarities with ISO 9001 (Quality) and ISO 14001 (Environment)
standards
2008-04-03
No. 25
2008-04-03
No. 26
2008-04-03
No. 27
Summary (1)
Who might implement ISO 28000?
Anyone already ISO 9001 and/ or ISO 14001 certified and/ or compliant to
TAPA or C-TPAT could quite easily integrate this into ISO 28000 as well as
including TAPA requirements in the applicable sections of ISO 28000.
Companies that feel they could demonstrate an SMS that fits their needs
without implementing all of the requirements of TAPA or C-TPAT may be
interested to the standard
If ISO 28000 ever becomes customer driven, either of the above may occur
2008-04-03
No. 28
Summary (2)
Would US customs recognize ISO 28000 in lieu of a validated CTPAT program?
There is the possibility that a demonstrable compliance to ISO 28000 could
satisfy the requirements of C-TPAT if all CBP security requirements were met
within the implementation of ISO 28000
C-TPAT allows each company to determine their own security program, within
certain parameters. Companies would still have to have successful validation
audits by customs based on the C-TPAT security requirements but this would
not Certify to ISO 28000.
the accrediting body may not see this as high on their list for their next
accredited product
Independent audits to ISO 28000 could yield Letters of conformance to the
standard
2008-04-03
No. 29