ISO/PAS 28000:2007 (Specification for security management systems for the supply chain) is an International Organization for Standardization publicly available specification on requirements of a security management system particularly dealing with security assurance in the supply chain.
ISO 28000:2007 was developed to codify operations of security within the broader supply chain management system. The PDCA management systems structure was adopted in developing ISO 28000:2007 to bring the elements of this standard in congruence with related standards such as ISO 9001:2000 and ISO 14001:2004.
ISO 28000:2007 was developed such that organizations of varying scale could apply the standard to supply chains of various degrees of complexity.
The general rational for organizations to adopt ISO 28000:2007 pertains to:
- developing a security management system,
- internal compliance with objectives of a security management policy,
- external compliance with best practice benchmarks,
- ISO accreditation.