2023 Security Supply Chain ISO 28000 Audit Program

DUBLIN, Nov. 29, 2023 /PRNewswire/ — The “Security Supply Chain ISO 28000 Audit Program – 2023 Gold Edition” report has been added to ResearchAndMarkets.com’s offering.

The Security Supply Chain ISO 28000 Audit Program is provided in Excel and PDF formats. The program is 23 pages in length with 369 individual audit points. It is IS0 28000, ISO 27000, Sarbanes Oxley, PCI-DSS, and HIPAA compliant. It meets Massachusetts, New York, California, UK, and EU mandated security requirements.

The Security Supply Chain ISO 28000 Audit Program Gold Edition includes all the items in the premium version plus 25 full security management job descriptions which define specific roles and responsibilities and 28 electronic forms.

Supply Chain is more complex. Many companies rely heavily on just-in-time delivery, have an aging infrastructure and there is an increase in natural and human-made threats. Supply Chain Security is a very important item to C-Level management, especially when viewed in relation to Business Continuity Management, Risk Management, and Security Management.

Recent major cyberattacks have focused executives’ attention on asset security and compliance as more business is conducted on the Internet. In addition, failing to meet compliance mandates exposes enterprises to damaged reputations and fines. The supply chain security audit program is a great first step that can highlight areas where security can be improved. The audit program identifies those areas and generates management-level graphics which meet the ISO management reporting objective.

Security Supply Chain Audit Program is easy to use and automatically generates graphics that can be used in management and compliance review presentations.

Supply Chain Audit program comes as an Excel Spreadsheet that is 23 pages in length with 369 individual audit points covering:

ISO 28000:2007 is necessary for the support of an organization implementing and managing a Supply Chain Security Management System (SCSMS)

ISO 28000 – Supply Chain Security – With companies that have a high reliance on just-in-time delivery, aging infrastructure and increased natural and human-made threats. As a result, Supply Chain Security has become a very important item for them, especially when viewed in relation with Business Continuity Management, Risk Management and Security Management.

ISO 28000 Definition

“This International Standard (ISO 28000) specifies the requirements for a security management system, including those aspects critical to the security assurance of the supply chain. Security management is linked to many other aspects of business management. Aspects include all activities controlled or influenced by organizations that impact supply chain security. These other aspects should be considered directly, where and when they have an impact on security management, including transporting goods along the supply chain”.

Security Supply Chain Audit Program is easy to use and generates graphics that can be used in management and compliance review presentations.

ISO 28000 was developed by the ISO Technical Committee TC8 “Ships and Maritime Technology”. It is based on the ISO format adopted by ISO 14001:2004 because of its risk-based approach to management standards. The ISO 28000 series of standards consists of:

  • ISO 28000:2007 – The Security Management Standard (SMS) requirements standard, a specification for an SMS against which organizations can certify compliance.
  • ISO 28001:2007 – Provides requirements and guidance for organizations in international supply chains.
  • Assists in meeting the applicable authorized economic operator (AEO) criteria outlined in the World Customs Organization Framework of Standards and conforming to national supply chain security programs.
  • ISO 28002:2011 – Development of resilience in the supply chain – Requirements with guidance for use.
  • ISO 28003:2007 – Requirements for bodies providing audit and certification of supply chain security management systems
  • ISO 28004:2007 – provides generic advice on the application of ISO 28000:2007.
  • ISO/AWI 28005 – ( Under development) Electronic port clearance (EPC) — Part 1: Message structures.
  • ISO/AWI 28005 – Electronic port clearance (EPC) — Part 2: Core data elements

Key Topics Covered:


Security Audit Program Summary

Security Audit Program

Security Policy Management Objectives

  • Information Security Policy

Corporate Security Management Objectives

  • Internal Security Organization
  • External Use of the Enterprise Information

Organizational Asset Management Objectives

  • Responsibility for the Enterprise Assets
  • Information Classification System

Human Resource Security Management Objectives

  • Security Prior to Employment
  • Security During Employment
  • Security at Termination

Physical and Environmental Security Management Objectives

  • Secure Areas
  • Enterprise Equipment
  • BYOD

Communication and Operations Management Objectives

  • Procedures and Responsibilities
  • Third Party Service Delivery
  • System Planning Activities
  • Malicious and Mobile Code
  • Back-up Procedures
  • Computer Networks
  • Media
  • Exchange of Information
  • Electronic Commerce
  • Information Processing Facilities

Information Access Control Management Objectives

  • Access to Information
  • User Access Rights
  • Access Practices
  • Access to Network Services
  • Access to Operating Systems
  • Access to Applications
  • Mobile, Remote, and Work From Home

Systems Development and Maintenance Objectives

  • Information System Application Security
  • Application Processing Information
  • Cryptographic Controls
  • System Files
  • Development and Support Processes

Information Security Incident Management Objectives

  • Security Events and Weaknesses
  • Managing Security Incidents and Improvements

Disaster Recovery and Business Continuity Objectives

  • Disaster Recovery Plan/Business Continuity

Compliance Management Objectives

  • Mandated Security Requirements
  • Security Compliance Reviews

Security Audit Summary

Security Audit Program Completed Sample

Security Audit Program Summary Completed Sample

For more information about this report visit https://www.researchandmarkets.com/r/xd2sm

About ResearchAndMarkets.com
ResearchAndMarkets.com is the world’s leading source for international market research reports and market data. We provide you with the latest data on international and regional markets, key industries, the top companies, new products and the latest trends.

Media Contact:
Research and Markets
Laura Wood, Senior Manager
[email protected]

For E.S.T Office Hours Call +1-917-300-0470
For U.S./CAN Toll Free Call +1-800-526-8630
For GMT Office Hours Call +353-1-416-8900

U.S. Fax: 646-607-1907
Fax (outside U.S.): +353-1-481-1716

Logo: https://mma.prnewswire.com/media/539438/Research_and_Markets_Logo.jpg

SOURCE Research and Markets

Originally published at https://www.prnewswire.com/news-releases/2023-security-supply-chain-iso-28000-audit-program-302000682.html
Images courtesy of https://pixabay.com