ISO-28000-2007.pdf
《ISO-28000-2007.pdf》由会员分享,可在线阅读,更多相关《ISO-28000-2007.pdf(24页珍藏版)》请在三一文库上搜索。
1、 Reference number ISO 28000:2007(E) ISO 2007 INTERNATIONAL STANDARD ISO 28000 First edition 2007-09-15 Specification for security management systems for the supply chain Spcifications pour les systmes de management de la sret pour la chane dapprovisionnement Copyright International Organization for
2、Standardization Provided by IHS under license with ISO Licensee=IHS Employees/1111111001, User=Spiller, Kevin Not for Resale, 10/07/2007 22:02:31 MDTNo reproduction or networking permitted without license from IHS -,-,- ISO 28000:2007(E) PDF disclaimer This PDF file may contain embedded typefaces. I
3、n accordance with Adobes licensing policy, this file may be printed or viewed but shall not be edited unless the typefaces which are embedded are licensed to and installed on the computer performing the editing. In downloading this file, parties accept therein the responsibility of not infringing Ad
4、obes licensing policy. The ISO Central Secretariat accepts no liability in this area. Adobe is a trademark of Adobe Systems Incorporated. Details of the software products used to create this PDF file can be found in the General Info relative to the file; the PDF-creation parameters were optimized fo
5、r printing. Every care has been taken to ensure that the file is suitable for use by ISO member bodies. In the unlikely event that a problem relating to it is found, please inform the Central Secretariat at the address given below. COPYRIGHT PROTECTED DOCUMENT ISO 2007 All rights reserved. Unless ot
6、herwise specified, no part of this publication may be reproduced or utilized in any form or by any means, electronic or mechanical, including photocopying and microfilm, without permission in writing from either ISO at the address below or ISOs member body in the country of the requester. ISO copyri
7、ght office Case postale 56 CH-1211 Geneva 20 Tel. + 41 22 749 01 11 Fax + 41 22 749 09 47 E-mail copyrightiso.org Web www.iso.org Published in Switzerland ii ISO 2007 All rights reserved Copyright International Organization for Standardization Provided by IHS under license with ISO Licensee=IHS Empl
8、oyees/1111111001, User=Spiller, Kevin Not for Resale, 10/07/2007 22:02:31 MDTNo reproduction or networking permitted without license from IHS -,-,- ISO 28000:2007(E) ISO 2007 All rights reserved iii Contents Page Foreword iv Introduction v 1 Scope . 1 2 Normative references. 1 3 Terms and definition
9、s. 1 4 Security management system elements 3 4.1 General requirements. 3 4.2 Security management policy. 4 4.3 Security risk assessment and planning. 4 4.4 Implementation and operation 7 4.5 Checking and corrective action 10 4.6 Management review and continual improvement . 12 Annex A (informative)
10、Correspondence between ISO 28000:2007, ISO 14001:2004 and ISO 9001:2000 13 Bibliography. 16 Copyright International Organization for Standardization Provided by IHS under license with ISO Licensee=IHS Employees/1111111001, User=Spiller, Kevin Not for Resale, 10/07/2007 22:02:31 MDTNo reproduction or
11、 networking permitted without license from IHS -,-,- ISO 28000:2007(E) iv ISO 2007 All rights reserved Foreword ISO (the International Organization for Standardization) is a worldwide federation of national standards bodies (ISO member bodies). The work of preparing International Standards is normal
12、ly carried out through ISO technical committees. Each member body interested in a subject for which a technical committee has been established has the right to be represented on that committee. International organizations, governmental and non-governmental, in liaison with ISO, also take part in the
13、 work. ISO collaborates closely with the International Electrotechnical Commission (IEC) on all matters of electrotechnical standardization. International Standards are drafted in accordance with the rules given in the ISO/IEC Directives, Part 2. The main task of technical committees is to prepare I
14、nternational Standards. Draft International Standards adopted by the technical committees are circulated to the member bodies for voting. Publication as an International Standard requires approval by at least 75 % of the member bodies casting a vote. Attention is drawn to the possibility that some o
15、f the elements of this document may be the subject of patent rights. ISO shall not be held responsible for identifying any or all such patent rights. ISO 28000 was prepared by Technical Committee ISO/TC 8, Ships and marine technology, in collaboration with other relevant technical committees respons
16、ible for specific nodes of the supply chain. This first edition of ISO 28000 cancels and replaces ISO/PAS 28000:2005, which has been technically revised Copyright International Organization for Standardization Provided by IHS under license with ISO Licensee=IHS Employees/1111111001, User=Spiller, Ke
17、vin Not for Resale, 10/07/2007 22:02:31 MDTNo reproduction or networking permitted without license from IHS -,-,- ISO 28000:2007(E) ISO 2007 All rights reserved v Introduction This International Standard has been developed in response to demand from industry for a security management standard. Its u
18、ltimate objective is to improve the security of supply chains. It is a high-level management standard that enables an organization to establish an overall supply chain security management system. It requires the organization to assess the security environment in which it operates and to determine if
19、 adequate security measures are in place and if other regulatory requirements already exist with which the organization complies. If security needs are identified by this process, the organization should implement mechanisms and processes to meet these needs. Since supply chains are dynamic in natur
20、e, some organizations managing multiple supply chains may look to their service providers to meet related governmental or ISO supply chain security standards as a condition of being included in that supply chain in order to simplify security management as illustrated in Figure 1. ISO 28000: Security
21、 management systems for the supply chain ISO 20858: Maritime Port Facility Security Assessments and Security Plan ISO 28001: Best Practices Custody in Supply Chain Security Other specific existing standards or those to be developed. Figure 1 Relationship between ISO 28000 and other relevant standard
22、s Copyright International Organization for Standardization Provided by IHS under license with ISO Licensee=IHS Employees/1111111001, User=Spiller, Kevin Not for Resale, 10/07/2007 22:02:31 MDTNo reproduction or networking permitted without license from IHS -,-,- ISO 28000:2007(E) vi ISO 2007 All rig
23、hts reserved This International Standard is intended to apply in cases where an organizations supply chains are required to be managed in a secure manner. A formal approach to security management can contribute directly to the business capability and credibility of the organization. Compliance with
24、an International Standard does not in itself confer immunity from legal obligations. For organizations that so wish, compliance of the security management system with this International Standard may be verified by an external or internal auditing process. This International Standard is based on the
- 配套讲稿:
如PPT文件的首页显示word图标,表示该PPT已包含配套word讲稿。双击word图标可打开word文档。
- 特殊限制:
部分文档作品中含有的国旗、国徽等图片,仅作为作品整体效果示例展示,禁止商用。设计者仅对作品中独创性部分享有著作权。
- 关 键 词:
- ISO 28000 2007
链接地址:https://www.31doc.com/p-3777421.html