ISO/PAS 28001:2006
Withdrawn
A Withdrawn Standard is one, which is removed from sale, and its unique number can no longer be used. The Standard can be withdrawn and not replaced, or it can be withdrawn and replaced by a Standard with a different number.
View Superseded by
Security management systems for the supply chain Best practices for implementing supply chain security Assessments and plans
Hardcopy , PDF , PDF 3 Users , PDF 5 Users , PDF 9 Users
03-18-2019
English
08-25-2006
Important note : All end users must be registered with an Account prior to user licenses being assigned.
Foreword
Introduction
1 Scope
2 Normative references
3 Terms and definitions
4 Field of application
4.1 Statement of application
4.2 Business partners
4.3 Internationally accepted certificates or approvals
4.4 Business partners exempt from security declaration
requirement
4.5 Security reviews of business partners
5 Supply chain security process
5.1 General
5.2 Identification of the scope of security assessment
5.3 Conduction of the security assessment
5.4 Development of the supply chain security plan
5.5 Execution of the supply chain security plan
5.6 Documentation and monitoring of the supply chain
security process
5.7 Actions required after a security incident
5.8 Protection of the security information
Annex A (informative) Supply chain security process
Annex B (informative) Methodology for security risk
assessment and development of
countermeasures
Annex C (informative) Guidance for obtaining advice and
certification
Bibliography
ISO/PAS 28001:2006 provides requirements and guidance for organizations in international supply chains to
- develop and implement supply chain security processes;
- establish and document a minimum level of security within a supply chain(s) or segment of a supply chain;
- assist in meeting the applicable Authorized Economic Operators criteria set forth in the World Customs Organization Framework of Standards and conforming national supply chain security programmes.
NOTE Only a participating National Customs Agency can designate organizations as Authorized Economic Operators in accordance with its supply chain security programme and its attendant certification and validation requirements.
In addition, ISO/PAS 28001:2006 establishes certain documentation requirements that would permit verification.
Users of ISO/PAS 28001:2006 will
- define the portion of an international supply chain within which they have established security (see 4.1);
- conduct security vulnerability assessments on that portion of the supply chain and develop adequate countermeasures;
- develop and implement a supply chain security plan;
- train security personnel in their security related duties.
| DevelopmentNote |
DRAFT ISO/DIS 28001 is also available for this standard. (01/2007)
|
| DocumentType |
Standard
|
| Pages |
27
|
| PublisherName |
International Organization for Standardization
|
| Status |
Withdrawn
|
| SupersededBy |
| Standards | Relationship |
| DD ISO/PAS 28001:2006 | Identical |
| NEN NPR ISO/PAS 28001 : 2006 | Identical |
| BS ISO 28000:2007 | Specification for security management systems for the supply chain |
| ISO 28000:2007 | Specification for security management systems for the supply chain |
| DIN ISO 28000:2015-08 | Specification for security management systems for the supply chain (ISO 28000:2007) |
| ISO/PAS 28000:2005 | Specification for security management systems for the supply chain |
| ISO 19011:2011 | Guidelines for auditing management systems |
| ISO/IEC 17021:2011 | Conformity assessment Requirements for bodies providing audit and certification of management systems |
| ISO/PAS 20858:2004 | Ships and marine technology Maritime port facility security assessments and security plan development |
| ISO 14001:2015 | Environmental management systems — Requirements with guidance for use |
| ISO 9001:2015 | Quality management systems — Requirements |
Access your standards online with a subscription
Features
-
Simple online access to standards, technical information and regulations.
-
Critical updates of standards and customisable alerts and notifications.
-
Multi-user online standards collection: secure, flexible and cost effective.