ISO 28000:

ISO 28000 was

launched in 2007. It
was the first
international
standard aimed
exclusively at the
security of risks in
the supply chain. The aim of the standard is to provide a good practice framework
to reduce risks to people and loads in the supply chain. It addresses potential
security issues in all phases of the supply process, with a special focus on logistics
areas, identifying threats such as terrorism, fraud, and piracy. It also focuses on
mitigating the effects of security incidents.

The structure of ISO 28000 is similar to that of ISO 14001, and has common elements
with other important management system standards, such as ISO 9001. This is an
advantage for the company that intends to integrate security aspects into existing
management systems.

The requirements of ISO 28000 for a security management system to guarantee the
security of the supply chain, linked to business management, takes into account the
following aspects with an impact on security management, including the transport
of these goods throughout the supply chain:

-Establish, implement, maintain and improve a security management system;

-Ensure compliance with the established security management policy;

-Demonstrate compliance to customers and other interested parties;

-Look for the certification / registration of your security management system by an

accredited certifier, or
-Do an internal audit in accordance with the requirements of the standard. It can
be integrated with other standards such as ISO 9001 or OEA.

-The legislative and regulatory requirements that deal with the requirements of the
ISO 28001 standard must be met.

ISO 28000 is applicable to all types of organizations, from SMEs to multinationals,

in the manufacturing industry, services, warehousing or transportation at any stage
of the production or supply chain.

Organizations certified by ISO 28000 demonstrate that they are contributing

significantly to the security of supply in the chain of custody.

BENEFITS

The standard focuses on actively managing and reducing risks. Critical aspects of
security in the supply chain can include financial aspects, manufacturing, information
management and logistics, storage in transit and warehousing of goods.

The standard applies to organizations of all sizes, in the manufacturing, services,

warehousing or transportation sectors, and in any of their production or supply
chain phases.

Company´s course of action to keep processes

within ISO 28000 standards

Participants in the Course will receive at the end of the Course Certificate of Security
Management Systems for the Supply Chain. ISO 28000. Qualification issued by
Bureau Veritas Business School.

The General Objective of the Course is that the participants acquire the
competencies, that is, knowledge, skills and attitudes, necessary to know in depth
the requirements that companies that wish to implement the ISO 28000 Standard
must meet, which will allow them to know the points of control of the supply chain
in which they operate and act against possible risks and threats to security.
 ISO 31010:

According to the ISO

31010 “Risk
management”
standard, risk
assessment techniques,
in order to identify risks
by identifying what can
happen or what can
stop in different situations, which may affect the achievement of the proposed
objectives. With information security in mind, we can see all these practical
examples: A power surge can cause a storage unit to fail, leading to data loss
Lack of attention can cause a worker to send a report to the person wrong, leading
to unauthorized disclosure of certain information A change in environmental
conditions can cause a device to give erroneous readings.

NECESSARY REQUIREMENTS TO BE CERTIFIED AS A COMPANY OR ENTERPRISE

ISO 31010 provides guidelines, not requirements, and is there not for certification
purposes.

To start ISO in business, you require:

-Know the key objectives of the organization: this will help clarify the objectives
and requirements of your risk management system.

-Evaluate your current management structure: This ensures that you assign the
correct roles, responsibilities and reporting procedures when it comes to risks.

-Define your level of commitment: what resources you can assign to implement
or maintain a risk management system.

BENEFITS:
ISO 31010 helps organizations develop a risk management strategy to effectively
identify and mitigate risks, increasing the likelihood of achieving their objectives
and increasing the protection of their assets. Its overall objective is to develop
a risk management culture where employees and stakeholders are aware of
the importance of monitoring and managing risks.

The implementation of ISO 31010 also helps organizations to see both the
positive opportunities and the negative consequences associated with risk, and
enables a more informed and therefore more effective decision-making, that
is, in the allocation of resources. In addition, it can be an active component in
improving the management of an organization and, ultimately, its performance.

COMPANY´S COURSE OF ACTION TO KEEP PROCESSES WITHIN ISO STANDARDS

RISK MEXICO: ISO 31010 Course Risk Assessment Techniques

ISO 31010 provides recommendations on the selection of risk assessment

techniques. As a complementary standard to ISO 31000, it helps organizations
in the phase of the risk management process established in the base standard.

Its objectives are to understand the relationship of risk assessment techniques

with the principles, the framework and the risk management process
established in the ISO 31000 standard.

Understand the scope, use, inputs, results, strengths, and limitations of the
most important risk assessment techniques. Acquire the necessary skills to
assess risk, and to generate the necessary information for making de cisions
about future treatments.