ISO Offers Standard Approach to Global Supply Chain Security

With billions of dollars worth of goods moving at any given time along global supply chains, the newly published ISO/PAS 28000:2005 for security management systems will help combat threats to the safe and smooth flow of international trade.

"The publication of ISO/PAS 28000:2005 is a major security initiative," says Captain Charles Piersall, Chair of ISO technical committee ISO/TC 8, Ships and marine technology. "It is designed to enable better monitoring of freight flows, to combat smuggling and to respond to the threat of piracy and terrorist attacks as well as to create a safe and secure international supply chain regime."

Supply chain describes an overall process that results in goods being transported from the point of origin to final destination and includes the movement of the goods, the shipping data, and the associated processes as well as the series of dynamic relationships. It involves many entities such as producers of the goods, logistics management firms, consolidators, truckers, railroads, air carriers, marine terminal operators, ocean carriers, cargo/mode/customs agents, financial and information services, and buyers of the goods being shipped. For example, a company may employ more than one logistics firm, trucking companies may subcontract to operators or other companies, and vessel operating companies may divert the cargo to other carriers for various reasons.

As security hazards can enter the supply chain at any stage, adequate control throughout is essential. Security is a joint responsibility of all the actors in the supply chain and requires their combined efforts.

ISO/PAS 28000:2005, Specification for security management systems for the supply chain, outlines the requirements to enable an organization to establish, implement, maintain and improve a security management system, including those aspects critical to security assurance of the supply chain. These aspects include, but are not limited to, financing, manufacturing, information management and the facilities for packing, storing and transferring goods between modes of transport and locations.

ISO/PAS 28000:2005 can be used by a broad range of organizations – small, medium and large – in the manufacturing, service, storage and transportation sectors at any stage of the production or supply chain. Its implementation will reassure business partners that security is taken seriously within the organizations they deal with.

ISO/PAS 28000:2005 integrates the process-based approach of ISO's management system standards – ISO 9001:2000 and ISO 14001:2004 – including the Plan-Do-Check-Act (PDCA) cycle and requirement for continual improvement, as well as the risk management elements of ISO 14001:2004

While ISO/PAS 28000 can be implemented on its own, it is designed to be fully compatible with ISO 9001:2000 and ISO 14001:2004 and companies already using these management system standards may be able to use them as a foundation for developing the security management system of ISO/PAS 28000. To help users to do so, ISO/PAS 28000 includes a table showing the correspondence of its requirements with those of ISO 9001:2000 and ISO 14001:2004.

"ISO/PAS 28000, completed in less than one year, was truly remarkable and its success marks the deep spirit of cooperation and energies of all stakeholders," further noted Captain Piersall. "It was an extraordinary effort of cooperation and proves that standards can and will be accomplished to meet market needs 'on time'."

ISO/PAS 28000:2005 is one of several developments underway for intermodal supply chain security being undertaken by ISO/TC 8 that include the following documents:

- ISO/PAS 20858:2004, Ships and marine technology – Maritime port facility security assessments and security plan development , which was published in June 2004, is designed to assist in the implementation of the International Maritime Organization's International Ship &Port Security (ISPS) Code.

- ISO/PAS 28001, Best practices for custody in supply chain security, will assist industry to meet best practices as outlined in the World Customs Organization Framework. It is expected to be published in the second quarter of 2006.

- ISO/PAS 28004, Security management systems for the supply chain – General guidelines on principles, systems and supporting techniques, will assist users of ISO 28000. It will reference ISO 19011:2002, Guidelines for quality and/or environmental management systems auditing, and the future ISO/IEC 17021, Conformity assessment – Requirements for bodies providing audit and certification of management systems.

ISO/PAS 28000 is the output of ISO technical committee ISO/TC 8, Ships and marine technology, in collaboration with other technical committee chairs. Fourteen countries participated in its development, together with several international organizations and regional bodies. These included the International Maritime Organization, the International Association of Ports and Harbours, the International Chamber of Shipping, the World Customs Organization, the Baltic and International Maritime Council, the International Association of Classification Societies, the International Innovative Trade Network, the World Shipping Council, the Strategic Council on Security Technology, which has a Memorandum of Understanding with ISO/TC 8, and the US-Israel Science and Technology Foundation.

ISO/PAS 28000:2005 costs 81 Swiss francs and is available from ISO national member institutes (see the complete list with contact details) and from ISO Central Secretariat. The new document is the work of ISO technical committee ISO/TC 8, Ships and marine technology, in collaboration with other TCs responsible for specific nodes of the supply chain.