DIN ISO 28000:2015-08

In this National Standard, the International Standard ISO 28000:2007 was adopted unchanged. The aim of this standard is to improve the security of supply chains. It is a comprehensive management standard that enables an organization to establish a general supply chain security management system. For this the organization shall assess the security environment in which it operates and determine whether appropriate security measures are in place and whether other regulatory requirements already exist that the organization meets. If this process identifies security requirements, the organization should implement mechanisms and processes to meet those requirements. Because supply chains are dynamic, some organizations that manage multiple supply chains may rely on their service providers to meet ISO supply chain security standards as a condition for being included in that supply chain. This standard is used to securely manage an organization's supply chains. A formal approach to security management can directly contribute to an organization's business capabilities and credibility. Compliance with this standard does not release an organization from its legal obligations, even if compliance with this standard has been verified through an external or internal audit process. This standard is based on the ISO format adopted by ISO 14001:2004 for its risk-based approach to management systems. However, organizations that have adopted a process-oriented approach to management systems (for example, ISO 9001:2000) may use their existing management systems as a basis for a security management system as defined in this International Standard. It is not the intention of this standard to copy government requirements and standards relating to the security management of supply chains for which the organization has already been certified or verified as compliant. Verification may be carried out by a valid organization of a first, second or third party.