The Specification for Security Management System for Supply Chain (ISO 28000: 2007) provides requirements, that need to be fulfilled to demonstrate optimal security controls are in place in the supply chain management.
We have a well-defined 6-phase Methodology, to help an organisation implement Security Management System for Supply Chain leading to successful ISO 28000 certification.
What are the ISO 280000 requirements?
Source: ISO 28000: 2007
Each of these requirements has more detail risks/controls that need to be fulfilled.
We have a structured approach to determine the applicable requirements and advice an organisation towards compliance.
Phase I – Determination of Security Objectives as per ISO 28000 Objectives
This phase involves determining key security objectives.
Phase II – ISO 28000 Risk Assessment and Gap Analysis
This phase involves performing detail risk assessment of the given supply chain, on one hand and risks against above listed objectives.
Phase III – ISO 28000 - Control Design and documentation
This phase involves our methodology that involves distribution of risk, and control responsibility to internal stakeholders. This also includes nomination of key roles such as security officer – who is imparted the skills, competence and documentation to drive the security and compliance program with other stakeholders.
Phase IV – ISO 28000 Tracking
This phase involves tracking the client risks, documentation and self-compliance on a weekly basis till all internal controls are adequately implemented.
Phase V – ISO 28000 Performance Tracking
This phase involves showcasing client with changes in a given period by providing change specific score of compliance between 0 -100%. This gives the organisation an evidence of a measurable framework of demonstrating internal controls.
Phase VI – ISO 28000 Internal Audit
Internal audit involves verification of Coral developed 5 point check, that ensures the management, policy and risk requirements are adequately addressed in the implementation journey.
At this stage the client has implemented the governance system in completeness, and is ready for external ISO 28000 certification.