A Statement of Coverage that defines the boundaries of the supply chain that is covered by the security plan.
A Security Assessment that documents the vulnerabilities of the supply chain to defined security threat scenarios. It also describes the impacts that can reasonably be expected from each of the potential security threat scenarios.
A Security Plan that describes security measures in place to manage the security threat scenarios identified by the Security assessment.
A training programme setting out how security personnel will be trained to meet their assigned security related duties.
identify the threats posed (security threat scenarios);
determine how likely persons could progress each of the security threat scenarios identified by the Security Assessment into a security incident.
Who is ISO 28001 for?
This standard is generic and applicable to any organization regardless of it size and kind products/services which is somehow involved in a supply chain and striving to implement security management systems to ensure an appropriate level of supply chain security.
Such organizations can include:
- product manufacturers,
- importers &/or exporters,
- customs &/or shipping brokers,
- transport operators (auto, railway, aero, marine, river),
- container terminal operators,
- airports, maritime and river port, railway station,
- warehouse complexes,
- shipping agents, and
The benefits of ISO 28001 based management systems
Benefits through compliance with the requirements of ISO 28000 include
- reduction in the number of security incidents,
- reduction in the extent of damage, caused by security incidents, embezzlement and smuggling on transport,
- efficient monitoring and risk management in respect of security hazards, applicable to the kind of activity of the Organization,
- better image in the market of provided products/rendered services, and
- optimization of costs through the systematic use of the internal resources.
ISO 28001:2007 -The process for the development and implementation of management systems
- Business Excellence' team will conduct an initial assessment/gap analysis according to the scope of services with reference to ISO 28001 including permanent as well as temporary sites, and
- A comprehensive written report will be presented to the Top Management on the status of the compliance against standard’ requirements in order to know as to what are the gaps.
Awareness training on ISO 28001:2007
- Business Excellence's team will provide awareness training to the key process owners and relevant staff, on the requirements of the standard
- Further to this, they'll explain how these requirements apply to their business
Business Excellence' team will provide full assistance for the development of documentation according to the requirements
These documents will be of different types at different levels (in the order of importance) including policies, manual, system element procedures, and associated 'forms' including RACI matrix, process maps, risks & opportunities register, KPI’s, etc
Business Excellence' team will extend its full support in regards to the implementation of the aforementioned documented management systems in letter and spirit
This may include SWOT analysis, process mapping, setting objectives & targets, development of RACI matrices, training need analysis, internal audit, corrective action including root cause analysis, management review meeting etc
- Finally, a mock assessment by the 'Business Excellence' team will be performed before third-party arrives
- The detailed report of which shall be submitted to the management and will help rectify the non-conformities & concerns
- However, management to ensure rectification of the identified concerns within the time frame, as agreed
Third party audit by an independent certification body
- The selected third party to review documentation including records
- Lastly, conduct an onsite audit
Closing out of non-conformities
- Consequent upon the independent review and assessment by the relevant authority, the corrective action plan to be developed for each of the non-conformities
- Business Excellence to provide guidance to implement the corrective action plan
ISO 28001 - Key deliverables for the development, training and implementation of management systems
Gap analysis report
To evaluate the existing systems to ascertain as to what is in compliance and what're the gaps and submitting a comprehensive report to the client
The templates for documents of all types (at all levels) including policies, manuals, system element procedures, work instructions, RACI matrices, forms, process maps, checklist, registers, etc.
Training on ISO 28001 and pertinent sector best practices
On the requirements of the international standard and how these apply in the context of the business
Review of documentation and associated records
- Business Excellence' team will review each & every provided document prior to finalization
- However, after review by us; the client shall also review these documents prior to approval
Support for Implementation
Business Excellence's team will extend its full support in regards to the implementation of the documented management systems in letter & spirit. This may include SWOT analysis, process mapping, risk assessment, objectives and targets, RACI matrices, training need analysis & training plan, internal audit, corrective action, management review etc
Mock third-party assessment
Finally, a mock assessment by Business Excellence' team will be performed before the third-party assessment and a detailed report of this shall be submitted to the management in order to help rectify the non-conformities & concerns
Support for corrective actions
Business Excellence' team shall help develop and implement corrective actions to closeout findings consequent upon 3'rd party review &/or assessment till approval of the management systems and issue of the certificate