ISO 28004:2007 Security management systems for the supply chain -- Guidelines for the implementation of ISO 28000
ISO 28004:2007 provides generic advice on the application of ISO 28000:2007, Specification for security management systems for the supply chain. It explains the underlying principles of ISO 28000 and describes the intent, typical inputs, processes and typical outputs for each requirement of ISO 28000. This is to aid the understanding and implementation of ISO 28000.
ISO 28004:2007 does not create additional requirements to those specified in ISO 28000, nor does it prescribe mandatory approaches to the implementation of ISO 28000.
ISO 28004 consists of four parts:
- Part 1: General principles
- Part 2: Guidelines for adopting ISO 28000 for use in medium and small seaport operations
- Part 3: Additional specific guidance for adopting ISO 28000 for use by medium and small businesses (other than marine ports)
- Part 4: Additional specific guidance on implementing ISO 28000 if compliance with ISO 28001 is a management objective
ISO 28004:2007, Security management systems for the supply chain -- Guidelines for the implementation of ISO 28000, is available from ISO national member institutes. It may also be obtained directly from the ISO Central Secretariat, respectively through the ISO Store or by contacting the Marketing, Communication & Information department.