One of the main challenges facing the international trading system is the security hazard to global supply chains. ISO is contributing to a solution in the form of two essential reference documents in the ISO 28000 family of standards for supply chain security designed to protect people, goods, infrastructure and equipment, including means of transport, against security incidents and to prevent their potentially devastating effects.

"Disruptions to international trade can have drastic consequences for everybody. International problems truly need international solutions to mitigate potential threats. Unilateral government actions won't work and are not enforceable globally. ISO is providing a focal point that provides industry with a clear, uniform global approach for implementation of supply chain security requirements," says Captain Charles Piersall, Chair of ISO/TC 8.

"The new documents are designed to enable better monitoring of supply flows, to combat smuggling and to respond to the threat of piracy and terrorist attacks, as well as to create a safe and secure international supply chain regime."

The first of the two new documents is a publicly available specification ISO/PAS 28001:2006, Security management systems for the supply chain – Best practices for implementing supply chain security – Assessments and plans, that will enable organizations to establish and document reasonable levels of security within international supply chains and their components. It will allow organizations to make better risk management decisions.

ISO/PAS 28001:2006 provides an option for independent auditing – including by private sector bodies – of the security established by the operator. This allows customs agencies to check and verify completed work rather than being directly involved in the assessment, thus leveraging their work force and saving resources.

It is intended to be used in conjunction with, and to complement, the World Customs Organization's framework of standards to secure and facilitate global trade, as well as the Authorized Economic Operator concept.

The second document, ISO/PAS 28004:2006, Security management systems for the supply chain – Guidelines for the implementation of ISO/PAS 28000, will assist users to understand and implement ISO/PAS 28000:2005 and therefore help to maximize the benefits. It includes the complete requirements of ISO/PAS 28000, clause-by clause, followed by relevant guidance.

While ISO/PAS 28000 can be implemented on its own, it is designed to be fully compatible with ISO 9001:2000 and ISO 14001:2004 and companies already using these management system standards may be able to use them as a foundation for developing a security management system according to ISO/PAS 28000. An informative annex provides a table of correspondence between ISO/PAS 28000:2005, ISO 14001:2004 and ISO 9001:2000. It is anticipated that conformity to the documents' requirements will be verified by third-party auditing.

The new ISO documents can be used by a broad range of organizations – small, medium and large – in the manufacturing, service, storage and transportation sectors at any stage of the production or supply chain. Their implementation will reassure business partners that security is taken seriously within the organizations with which they deal.

ISO/PAS 28001:2006 costs 114 Swiss francs and ISO/PAS 28004 costs 154 Swiss francs. They are available from ISO national member institutes (see the complete list with contact details) and from ISO Central Secretariat (see below).

Note to editors:
An ISO/PAS (Publicly Available Specification) is one of several alternatives to fully fledged International Standards offered by ISO for cases where market needs dictate priority for swift development and publication. All Publicly Available Specifications are reviewed every three years to determine if the document should be reconfirmed as a PAS for another three-year period or whether it should be further developed to become an ISO International Standard.