ISO 28002:2011 Security management systems for the supply chain - Development of resilience in the supply chain - Requirements with guidance for use
This International Standard specifies requirements for a resilience management system in the supply chain to enable an organization to develop and implement policies, objectives, and programs, taking into account legal, regulatory and other requirements to which the organization subscribes; information about significant risks, hazards and threats that may have consequences to the organization, its stakeholders, and on its supply chain; protection of its assets and processes; and management of disruptive incidents.
ISO 28002 provides a basis for an organization to evaluate both its organizational and supply chain risks and to develop a comprehensive strategy to manage the risks that may disrupt its operations.
Marc Siegel (USA), the project leader responsible for writing ISO 28002, explains:
"Nearly all organizations today are in some sort of supply chain. The ISO 28000 series of standards seamlessly integrate with the ISO 31000 risk management standard, thereby allowing organizations to develop a cost effective holistic approach to managing risk. ISO 28002 eliminates the old paradigm of siloing disciplines into separate security, crisis, and continuity programs. By converging disciplines in one approach, organizations can better manage risks before, during, and after a disruptive event."
ISO 28002:2011, Security management systems for the supply chain - Development of resilience in the supply chain - Requirements with guidance for use, is available from ISO national member institutes. It may also be obtained directly from the ISO Central Secretariat, respectively through the ISO Store or by contacting the Marketing, Communication & Information department.