• Embed Doc
  • Copy Link
  • Readcast
  • Collections
  • 5
    CommentGo Back
 
THIS DOCUMENT IS A DRAFT CIRCULATED FOR COMMENT AND APPROVAL. IT IS THEREFORE SUBJECT TO CHANGE AND MAY NOT BEREFERRED TO AS AN INTERNATIONAL STANDARD UNTIL PUBLISHED AS SUCH.IN ADDITION TO THEIR EVALUATION AS BEING ACCEPTABLE FOR INDUSTRIAL, TECHNOLOGICAL, COMMERCIAL AND USER PURPOSES, DRAFTINTERNATIONAL STANDARDS MAY ON OCCASION HAVE TO BE CONSIDERED IN THE LIGHT OF THEIR POTENTIAL TO BECOME STANDARDS TOWHICH REFERENCE MAY BE MADE IN NATIONAL REGULATIONS.
DRAFT INTERNATIONAL STANDARD
ISO/DIS28001
 © International Organization for Standardization,2007
INTERNATIONALORGANIZATIONFORSTANDARDIZATION
МЕЖДУНАРОДНАЯ ОРГАНИЗАЦИЯ ПО СТАНДАРТИЗАЦИИ
ORGANISATIONINTERNATIONALEDENORMALISATION
ISO/TC
8
 /SC
11
Voting begins on:
2007-01-18
Secretariat:
AENOR
Voting terminates on:
2007-06-18
Security management systems for the supply chain— Bestpractices for implementing supply chain security, assessmentsand plans— Requirements and guidance
Systèmes de management de la sûreté pour la chaîne d'approvisionnement— Meilleures pratiques pour la mise en application de la sûreté de la chaîne d'approvisionnement, évaluations et plans— Exigences et guidage 
ICS47.020.99 
In accordance with the provisions of Council Resolution 15/1993 this document is circulated inthe English language only.Conformément aux dispositions de la Résolution du Conseil 15/1993, ce document est distribuéen version anglaise seulement.To expedite distribution, this document is circulated as received from the committee secretariat.ISO Central Secretariat work of editing and text composition will be undertaken at publicationstage.Pour accélérer la distribution, le présent document est distribué tel qu'il est parvenu dusecrétariat du comité. Le travail de rédaction et de composition de texte sera effectué auSecrétariat central de l'ISO au stade de publication.
 
ISO/DIS 28001
© ISO 2007 – All rights reserved
 
iii 
Contents
Page
 
Foreword.............................................................................................................................................................v
 
Introduction........................................................................................................................................................vi
 
1 Scope......................................................................................................................................................1
 
2 Normative references............................................................................................................................1
 
3 Terms and definitions...........................................................................................................................1
 
4 Field of application................................................................................................................................5
 
4.1 Statement of application.......................................................................................................................5
 
4.2 Business partners.................................................................................................................................5
 
4.3 Internationally accepted certificates or approvals............................................................................5
 
4.4 Business partners exempt from security declaration requirement.................................................5
 
4.5 Security reviews of business partners................................................................................................6
 
5 Supply chain security process............................................................................................................6
 
5.1 General...................................................................................................................................................6
 
5.2 Identification of the scope of security assessment...........................................................................6
 
5.3 Conduction of the security assessment.............................................................................................6
 
5.3.1 Assessment personnel.........................................................................................................................6
 
5.3.2 Assessment process.............................................................................................................................7
 
5.4 Development of the supply chain security plan.................................................................................7
 
5.5 Execution of the supply chain security plan......................................................................................8
 
5.6 Documentation and monitoring of the supply chain security process...........................................8
 
5.6.1 General...................................................................................................................................................8
 
5.6.2 Continual improvement........................................................................................................................8
 
5.7 Actions required after a security incident..........................................................................................8
 
5.8 Protection of the security information................................................................................................8
 
Annex A
(informative)
Supply chain security process..................................................................................10
 
A.1 General.................................................................................................................................................10
 
A.2 Identification of the scope of the security assessment..................................................................11
 
A.3 Conduction of the security assessment...........................................................................................11
 
A.3.1 General.................................................................................................................................................11
 
A.3.2 Performance review list......................................................................................................................11
 
A.3.3 Performance review............................................................................................................................11
 
A.3.4 Security threat scenarios...................................................................................................................15
 
A.4 Development of the security plan......................................................................................................16
 
A.4.1 General.................................................................................................................................................16
 
A.4.2 Documentation....................................................................................................................................17
 
A.4.3 Communication...................................................................................................................................18
 
A.5 Execution of the security plan...........................................................................................................18
 
A.6 Documentation and monitoring of the security process................................................................18
 
A.7 Continual improvement......................................................................................................................18
 
Annex B
(informative)
Methodology for security risk assessment and developmentof countermeasures............................................................................................................................19
 
B.1 General.................................................................................................................................................19
 
B.2 Step one Consideration of the security threat scenarios............................................................20
 
B.3 Step two Classification of consequences.....................................................................................23
 
B.4 Step three Classification of likelihood of security incidents.......................................................24
 
B.5 Step four Security incident scoring................................................................................................25
 
B.6 Step five Development of countermeasures.................................................................................25
 
B.7 Step six Implementation of countermeasures..............................................................................26
 
 
ISO/DIS 28001
iv
© ISO 2007 – All rights reserved
 
B.8 Step seven Evaluation of countermeasures.................................................................................26
 
B.9 Step eight Repetition of the process.............................................................................................26
 
B.10 Continuation of the process..............................................................................................................26
 
Annex C
(informative)
Guidance for obtaining advice and certification....................................................27
 
C.1 General.................................................................................................................................................27
 
C.2 Demonstrating conformance with ISO 28001 by audit...................................................................27
 
C.3 Certification of ISO 28001 by third party certification bodies........................................................27
 
Bibliography.....................................................................................................................................................28
 
of 00

Leave a Comment

You must be to leave a comment.
Submit
Characters: ...
fbailoncda

quisiera poder descargar la norma iso 28000

reply05 / 11 / 2011
28Talb30cz

I would appreciate a soft copy of the ISO 28001. I am presenting a class on Security in the supply chain and need to read the doc. My email is tedpdgalant@yahoo.com. Thanx

reply03 / 22 / 2010
ilroy

Hi can you send me the soft copy. we cant download this. email id is indra.nokia@gmail.com cheers

reply01 / 06 / 2010
kspanesar

hi Need a copy for my project submission - please allow access ks.panesar@gmail.com Cheers

reply09 / 21 / 2009
mahoozi

can i have it? e.mahoozi@gmail.com please send it to me

reply06 / 20 / 2009
You must be to leave a comment.
Submit
Characters: ...