ISO 28000 Supply Chain Security Management

Evaluate ISO 28000:2022 supply chain security management system compliance, covering security risk assessment, threat mitigation, and resilience across the supply chain

AllPharmaBiotechManufacturingLogistics20 minutes18 questions

1. Security Management System

Is a supply chain security management system (SCSMS) established?*

Clause 4: SCSMS scope, policy, objectives for security across supply chain

Are security responsibilities and authorities defined?*

Clause 5.3: Roles for security management, incident response, compliance

Is a supply chain security policy communicated to stakeholders?*

Policy commits to security risk management, legal compliance, continual improvement

2. Threat & Risk Assessment

Have security threats to the supply chain been identified?*

Clause 6.1: Theft, counterfeiting, tampering, terrorism, cyber threats, natural disasters

Are security risks assessed for likelihood and impact?*

Risk assessment per ISO 31000, considering vulnerabilities in transportation, warehousing, partners

Are third-party suppliers and logistics providers security-assessed?*

Security due diligence on carriers, warehouses, customs brokers, subcontractors

3. Security Planning & Controls

Are security objectives and plans established to mitigate risks?*

Clause 6.2: Security targets with action plans, resources, responsibilities, timelines

Are security controls implemented at all supply chain stages?*

Clause 8.1: Procurement, production, storage, transportation, distribution controls

Are security requirements communicated to supply chain partners?*

Contracts include security clauses, audit rights, incident reporting requirements

4. Personnel & Training

Are personnel security checks conducted (background screening)?*

Clause 7.2: Pre-employment screening, periodic rechecks for sensitive roles

Is security awareness training provided to all personnel?*

Training on threat recognition, security procedures, incident reporting

Are visitor and contractor access controls enforced?*

Visitor logs, escorts, restricted area access, contractor security agreements

5. Physical & Information Security

Are physical security measures in place (fencing, locks, surveillance)?*

Perimeter security, access control, CCTV, alarms, lighting for facilities and cargo areas

Are cargo and containers secured against tampering?*

Container seals, locks, GPS tracking, tamper-evident packaging

Are IT systems and data secured against cyber threats?*

Cybersecurity controls for WMS, TMS, ERP systems; data encryption, access control

6. Incident Response & Recovery

Are security incident response procedures established?*

Clause 8.2: Procedures for theft, breach, tampering detection, reporting, investigation

Is business continuity planning in place for supply chain disruptions?*

Alternate suppliers, transportation routes, warehouse locations for resilience

Are security incidents documented, investigated, and corrective actions taken?*

Clause 10.2: Root cause analysis, preventive measures, lessons learned

Please answer all required questions to see your results