ISO 28003:2007 Security management systems for the supply chain - Requirements for bodies providing audit and certification of supply chain security management systems

This International Standard contains principles and requirements for bodies providing the audit and certification of supply chain security management systems according to management system specifications and standards such as ISO 28000. It defines the minimum requirements of a certification body and its associated auditors, recognizing the unique need for confidentiality when auditing and certifying/registering a client organization.

Requirements for supply chain security management systems can originate from a number of sources, and ISO 28003 has been developed to assist in the certification of supply chain security management systems that fulfil the requirements of ISO 28000, Specification for security management systems for the supply chain, and other supply chain security management system International Standards. The contents of ISO 28003:2007 may also be used to support certification of supply chain security management systems that are based on other specified supply chain security management system requirements.

This International Standard provides:

harmonized guidance for the accreditation of certification bodies applying for ISO 28000 (or other specified supply chain security management system requirements) certification/registration;
the rules applicable for the audit and certification of a supply chain security management system complying with the supply chain security management system standard's requirements (or other sets of specified supply chain security management system requirements);
the customers with the necessary information and confidence about the way certification of their suppliers has been granted.

NN (USA), the project leader responsible for writing ISO 28003, explains:

"Requirements for supply chain security management systems can originate from a number of sources, and ISO 28003 has been developed to assist in the certification of supply chain security management systems that fulfil the requirements of ISO 28000, Specification for security management systems for the supply chain, and other supply chain security management system International Standards. The contents of ISO 28003:2007 may also be used to support certification of supply chain security management systems that are based on other specified supply chain security management system requirements."

ISO 28003:2007 Security management systems for the supply chain - Requirements for bodies providing audit and certification of supply chain security management systems, is available from ISO national member institutes. It may also be obtained directly from the ISO Central Secretariat, respectively through the ISO Store or by contacting the Marketing, Communication & Information department.

Upcoming events

28 Feb, Zoom
Working Group 1

5 March, Zoom
Communication Group meeting

[tbd], 2024
11th ISO/TC 292 plenary meeting

Topics

Authenticity, integrity and trust for products and documents
Business continuity management
Community resilience
Crisis management
Emergency management
Event management
Organizational resilience
Protective security
Supply chain security
Terminology

This website has been developed by Swedish Civil Contingencies Agency in collaboration with ISO and Swedish Institute for Standards responsible for the ISO/TC 292 secretariat

An overview of ISO/TC 292 can also be found at the ISO webpage.

ISO

SIS