Things To Deal With ISO 28000:2007 Certifications

For any organization dealing with B2C business, maintaining and implementing an effective supply chain is an important factor, which can help organizations, to reduce their cost, maintain a faster production cycle and remain competitive in business landscape.

Hence Supply Chain management remains a crucial process in B2C landscape.

Supply chain in its core, is a network between a company and its suppliers to produce and distribute, a specific product to the final buyer, this network includes different activities, entities, people information and resources.

Since, the major functions involved in a supply chain includes, product development, operations, marketing, distribution, finance, customer service, along with entities ranging from, producers, transportation companies, vendors, warehouses etc.,

Providing security assurance, by implementing an effective security management system, proves to be a key aspect for any supply chain.

ISO 28000:2007 is one such certification, which provides specifications for implementing an effective security management system for the supply chains. Global quality services make sure that the best ISO consultancy services are reaching the people.

Since, a supply chain, includes n-number of functions and entities, such a specification proves to be helpful and effective in implementing a durable and secure supply chain.

And development of such an international standard addressing security management provides a broader interface with existing enterprise risk management, giving a common integrated platform.

It is applicable to all sizes of organizations, from small to multinational, in manufacturing, storage, service or transportation, at any stage of production or supply chain, and Global quality service wishes to –
* Establish, implement, maintain and improve security management policy
* Assure conformance with security policy
* Demonstrate conformance to others
* Seek certification for its security policy

Key Clauses –

1) Security Management Policy –
Top management should authorize an overall security management policy for the organization, which should be
Consistent with other organizational policies
Consistent with organization’s overall security threat and risk management framework
Clearly state overall security objectives
Communicated to all relevant employees and third parties.

2) Security Risk Assessment and Planning –
This includes –

Security Risk Assessment which shall consider the likelihood of an event and its consequences including, physical failure threats, operational threats, natural environmental events, third party equipment failure etc.

Legal and other security regulatory requirements

Security management objectives – Document objectives at relevant levels within the organization, which are consistent to the policy.

Security Management programmes.

3) Implementation and Operation –

a) Structure, authority and responsibilities for security management –
Different roles should be assigned for proper implementation of standards.
b) Training and awareness –
Proper trainings should be arranged for relevant employees.
c) Communication
d) Documentation
e) Document and Data Control
f) Operational Control
g) Emergency Preparedness

4) Checking and Corrective Actions –
After implementation, following actions should be taken to evaluate the system –

a) Security Performance measurement and monitoring
b) System Evaluation
c) Corrective and Preventive actions
d) Control of records
e) Audit

5) Management review and continual improvement –
Top management should review the policies at planned intervals and should decide on possible improvements required.

Common Process for Certification of Organizations –

1) Implementation of the management system –
At least for 3 months, the system should be functional, before audit by certification bodies.
2) Internal audit by top management –
Must have one internal audit report.
3) Selection of certification body
4) Pre-assessment audit(optional)
5) Stage 1 audit –
System meets the standards and organization’s objectives.
Some portion should be performed on-site.
6) Stage 2 audit –
Is performed completely on-site.
7) Follow-up audit(optional) –
If some changes are needed, then follow-up audit is done, to only assess those changes.
8) Confirmation of registration –
If everything is on place, registrar confirms the registration and publishes the certificate.
9) Continual improvement and surveillance audits –
Surveillance activities are conducted by certification body (at least 1/year), to ensure, standards are still being followed.

Contact [email protected]  9845313910  for further information

Services Offered :-

India – Bangalore, Chennai, Hyderabad, Mumbai, Kolkata, Mysore, Belgaum