Emergencies, crises and disasters like the tsunami in Japan or the recent riots in London, can happen at any time. Organizations around the world are increasingly implementing risk management processes to deal with uncertainty and ensure continuity. But if their suppliers are unable to deliver, or customers unable to purchase, the ability of an organization to achieve its objectives would be compromised.
“Organizations are realizing more and more that to be resilient, it is not enough to focus on internal processes,” says Captain Charlie Piersall, Chair of the committee that developed the standard. “As they seek assurance that their suppliers and the extended supply chain in general, have planned for and taken steps to prevent and mitigate the threats and hazards to which they may be exposed, there is a strong demand for standards and best practice. For resiliency, ISO 28002 is that standard.”
ISO 28002 offers a comprehensive and systematic process to enhance prevention, protection, preparedness, mitigation, response, continuity of operations and recovery from disruptive incidents. Its generic auditable criteria, when implemented in a management system, can be used to establish, implement, monitor, review, maintain and improve an organization’s resiliency policy to plan for, take action and make decisions before, during and after an incident to its supply chain.
Captain Piersall adds “Today, the leadership of any organization has a duty to its stakeholders to plan for its survival. ISO 28002 offers them an invaluable tool. Its integrated approach is both flexible and proactive, and utilizes to the maximum the knowledge, capabilities and expertise within an organization. In this way the standard helps meet individual needs for risk management within an economically sound context.”
ISO 28002 can be applied to any organization including private, not-for-profit, non-governmental, and public sector. Implemented within a management system, the standard enhances an organization’s capacity to manage and survive any disruptive event and take appropriate actions to help ensure its viability and continued operation. This International Standard was developed as part of the ISO 28000 series on security management systems for the supply chain. ISO 28000:2007, Specification for security management systems for the supply chain, is the only published certifiable international management systems standard that takes a holistic, risk-based approach to managing risks associated with any disruptive incident in the supply chain.
ISO 28002:2011, Security management systems for the supply chain – Development of resilience in the supply chain – Requirements with guidance for use, was developed by the ISO technical committee ISO/TC 8, Ships and marine technology. It costs 158 Swiss francs and is available from ISO national member institutes (see the complete list with contact details) and from ISO Central Secretariat through the ISO Store or by contacting the Marketing, Information & Communication department (see right-hand column).
- Ships and marine technology
- Security management systems for the supply chainGuidelines for the implementation of ISO 28000Part 1: General principles
- Security management systems for the supply chainDevelopment of resilience in the supply chainRequirements with guidance for use
- Specification for security management systems for the supply chain