The risks of security incidents affecting an organization’s international supply chain pose a considerable threat to international trade and the economic growth of trading nations. The safety and security of people, goods, equipment and infrastructure should be of critical importance to the relevant companies and bodies. This is where ISO 28001 comes in. ISO 28001 was developed to codify operations of security within the broader supply chain management system, and this standard sets out best practices for implementing supply chain security, assessments and plans.
ISO 28001 sets forth requirements and guidance for organizations in international supply chains to:
- Develop and implement supply chain security processes.
- Establish and document a minimum level of security within a supply chain(s) or segment of a supply chain.
- Assist in meeting the applicable authorized economic operator (AEO) criteria, as outlined in the World Customs Organization Framework of Standards (WHO SAFE) and conforming national supply chain security programs.
To comply with ISO 28001, organizations will:
- Define the portion of an international supply chain within which they have established security and prepare a Statement of Coverage.
- Conduct Security Assessments on that portion of the supply chain to determine vulnerabilities and threats, in order to develop adequate countermeasures.
- Develop and implement a supply chain Security Plan.
- Train security personnel in their security-related duties.
The benefits of Implementing ISO 28001:
- Systematized management practices
- Integrated enterprise resilience
- Enhanced credibility and brand recognition
- Aligned terminology and conceptual usage
- Greater compliance processes
- Improved supply chain performance
Process for Getting Supply Chain Security Management System Certification:
10 Step Process…
1. Comprehensive Training
2. Simplified Documentation Development
3. Documentation Review
4. Internal Quality Auditing
5. Implementation Assistance
6. Assistance During Stage One Audit
7. Deficiency Correction
8. Readiness Evaluation
9. Coaching Prior to Audit
10. Assistance During Certification Audit
- Typical steps to certification for standards include:
- Preparation of the ISO 28001 Supply Chain Security Management System.
- QSE Consultants assist in the development and use of implementation techniques to meet all requirements.
- Applying with a 3rd Party Auditor (C3PAO).
- A Consulting Firm trains the organization’s internal auditors to become competent to perform internal audits
- QSE provides ISO 28001 Supply Chain Security Management System Internal Auditing Services to audit all requirements
- Once ISO 28001 Supply Chain Security Management System is ready, one full cycle of Internal Audits.
- Facilities need to initiate corrective actions and continual improvement is realized through the control of nonconforming products/services.
- Facilities need to implement the prepared ISO 28001 for a minimum of 3 months and gather adequate data and records to show as evidence before the Certification Audit.
- Managements of the facilities need to conduct one full-scale review of the entire Supply Chain Security Management System and ensure its adequacy for their organization.
- The management team needs to identify Action items to make corrections to any ISO 28001 certification requirement not being fulfilled.
- Once ISO 28001 is ready, one full cycle of internal audits is performed.
- Once the Facility passes the ISO 28001 compliance audit successfully, the C3PAO issues a compliance certificate.
Supply Chain Security Management System Consulting, Auditing and Training Services from QSE
- Quality Management Consultants can prepare you to meet ISO 28001 Supply Chain Security Management System requirements and show evidence of having an effectively implemented system.
- QSE Consulting is the practice of assisting small, medium, and large organizations in developing, training, implementing, and maintaining all documentation/records for achieving ISO 28001 Supply Chain Security Management System certification
- In addition to having a simplified system, the same is required to be audited periodically per a determined schedule to ensure that designed systems are being followed and controls are being exercised.
- Audits performed by a team within the facility are called 1st Party Audit.
- Audits performed by consultant firms like Quality Systems Enhancement are known as a second party audit.
- Audits conducted by Certification Body are known as 3rd party audits.
- 3rd Party audit is conducted by a qualified Registrar with the accredited authority to perform certification audits and issue an ISO 28001 Supply Chain Security Management System Certification.
- QSE consultants will ensure that certification is achieved with no or minimum nonconformities the first time around.
- It is necessary to build a robust system that trains and compels employees to understand and adhere to defined roles, responsibilities, procedures, and controls to ensure continuity. QSE will assist in implementing the required training and awareness.
- QSE Consultants provide training to top-level management as well as operations and office personnel in Risk-Based Thinking, Process Approach, and Continual Improvement of the employees’ role in achieving improvement.