欢迎来到麦多课文档分享! | 帮助中心 海量文档,免费浏览,给你所需,享你所想!
麦多课文档分享
全部分类
  • 标准规范>
  • 教学课件>
  • 考试资料>
  • 办公文档>
  • 学术论文>
  • 行业资料>
  • 易语言源码>
  • ImageVerifierCode 换一换
    首页 麦多课文档分享 > 资源分类 > PDF文档下载
    分享到微信 分享到微博 分享到QQ空间

    BS ISO 28000-2007 Specification for security management systems for the supply chain《供应链的安全管理系统规范》.pdf

    • 资源ID:586866       资源大小:466.11KB        全文页数:26页
    • 资源格式: PDF        下载积分:10000积分
    快捷下载 游客一键下载
    账号登录下载
    微信登录下载
    二维码
    微信扫一扫登录
    下载资源需要10000积分(如需开发票,请勿充值!)
    邮箱/手机:
    温馨提示:
    如需开发票,请勿充值!快捷下载时,用户名和密码都是您填写的邮箱或者手机号,方便查询和重复下载(系统自动生成)。
    如需开发票,请勿充值!如填写123,账号就是123,密码也是123。
    支付方式: 支付宝扫码支付    微信扫码支付   
    验证码:   换一换

    加入VIP,交流精品资源
     
    账号:
    密码:
    验证码:   换一换
      忘记密码?
        
    友情提示
    2、PDF文件下载后,可能会被浏览器默认打开,此种情况可以点击浏览器菜单,保存网页到桌面,就可以正常下载了。
    3、本站不支持迅雷下载,请使用电脑自带的IE浏览器,或者360浏览器、谷歌浏览器下载即可。
    4、本站资源下载后的文档和图纸-无水印,预览文档经过压缩,下载后原文更清晰。
    5、试题试卷类文档,如果标题没有明确说明有答案则都视为没有答案,请知晓。

    BS ISO 28000-2007 Specification for security management systems for the supply chain《供应链的安全管理系统规范》.pdf

    1、BRITISH STANDARDBS ISO 28000:2007Specification for security management systems for the supply chainICS 03.100.10; 47.020.99g49g50g3g38g50g51g60g44g49g42g3g58g44g55g43g50g56g55g3g37g54g44g3g51g40g53g48g44g54g54g44g50g49g3g40g59g38g40g51g55g3g36g54g3g51g40g53g48g44g55g55g40g39g3g37g60g3g38g50g51g60g53

    2、g44g42g43g55g3g47g36g58BS ISO 28000:2007This British Standard was published under the authority of the Standards Policy and Strategy Committee on 31 December 2007 BSI 2007ISBN 978 0 580 57619 5National forewordThis British Standard is the UK implementation of ISO 28000:2007. It supersedes DD ISO/PAS

    3、 28000:2005 which is withdrawn. The UK participation in its preparation was entrusted to Technical Committee SME/32, Ships and marine technology Steering committee.A list of organizations represented on this committee can be obtained on request to its secretary.This publication does not purport to i

    4、nclude all the necessary provisions of a contract. Users are responsible for its correct application.Compliance with a British Standard cannot confer immunity from legal obligations.Amendments issued since publicationAmd. No. Date CommentsReference numberISO 28000:2007(E)INTERNATIONAL STANDARD ISO28

    5、000First edition2007-09-15Specification for security management systems for the supply chain Spcifications pour les systmes de management de la sret pour la chane dapprovisionnement BS ISO 28000:2007ii iiiContents Page Foreword iv Introduction v 1 Scope . 1 2 Normative references . 1 3 Terms and def

    6、initions. 1 4 Security management system elements 3 4.1 General requirements. 3 4.2 Security management policy . 4 4.3 Security risk assessment and planning . 4 4.4 Implementation and operation 7 4.5 Checking and corrective action 10 4.6 Management review and continual improvement . 12 Annex A (info

    7、rmative) Correspondence between ISO 28000:2007, ISO 14001:2004 and ISO 9001:2000 13 Bibliography . 16 BS ISO 28000:2007iv Foreword ISO (the International Organization for Standardization) is a worldwide federation of national standards bodies (ISO member bodies). The work of preparing International

    8、Standards is normally carried out through ISO technical committees. Each member body interested in a subject for which a technical committee has been established has the right to be represented on that committee. International organizations, governmental and non-governmental, in liaison with ISO, al

    9、so take part in the work. ISO collaborates closely with the International Electrotechnical Commission (IEC) on all matters of electrotechnical standardization. International Standards are drafted in accordance with the rules given in the ISO/IEC Directives, Part 2. The main task of technical committ

    10、ees is to prepare International Standards. Draft International Standards adopted by the technical committees are circulated to the member bodies for voting. Publication as an International Standard requires approval by at least 75 % of the member bodies casting a vote. Attention is drawn to the poss

    11、ibility that some of the elements of this document may be the subject of patent rights. ISO shall not be held responsible for identifying any or all such patent rights. ISO 28000 was prepared by Technical Committee ISO/TC 8, Ships and marine technology, in collaboration with other relevant technical

    12、 committees responsible for specific nodes of the supply chain. This first edition of ISO 28000 cancels and replaces ISO/PAS 28000:2005, which has been technically revised BS ISO 28000:2007vIntroduction This International Standard has been developed in response to demand from industry for a security

    13、 management standard. Its ultimate objective is to improve the security of supply chains. It is a high-level management standard that enables an organization to establish an overall supply chain security management system. It requires the organization to assess the security environment in which it o

    14、perates and to determine if adequate security measures are in place and if other regulatory requirements already exist with which the organization complies. If security needs are identified by this process, the organization should implement mechanisms and processes to meet these needs. Since supply

    15、chains are dynamic in nature, some organizations managing multiple supply chains may look to their service providers to meet related governmental or ISO supply chain security standards as a condition of being included in that supply chain in order to simplify security management as illustrated in Fi

    16、gure 1. ISO 28000:Securitymanagement systemsfor the supply chainISO20858:MaritimePortFacilitySecurityAssessmentsandSecurityPlanISO28001:BestPracticesCustodyinSupplyChainSecurityOtherspecificexistingstandardsorthosetobedeveloped.Figure 1 Relationship between ISO 28000 and other relevant standards BS

    17、ISO 28000:2007vi This International Standard is intended to apply in cases where an organizations supply chains are required to be managed in a secure manner. A formal approach to security management can contribute directly to the business capability and credibility of the organization. Compliance w

    18、ith an International Standard does not in itself confer immunity from legal obligations. For organizations that so wish, compliance of the security management system with this International Standard may be verified by an external or internal auditing process. This International Standard is based on

    19、the ISO format adopted by ISO 14001:2004 because of its risk based approach to management systems. However, organizations that have adopted a process approach to management systems (e.g. ISO 9001:2000) may be able to use their existing management system as a foundation for a security management syst

    20、em as prescribed in this International Standard. It is not the intention of this International Standard to duplicate governmental requirements and standards regarding supply chain security management to which the organization has already been certified or verified compliant. Verification may be by a

    21、n acceptable first, second, or third party organization. NOTE This International Standard is based on the methodology known as Plan-Do-Check-Act (PDCA). PDCA can be described as follows. Plan: establish the objectives and processes necessary to deliver results in accordance with the organizations se

    22、curity policy. Do: implement the processes. Check: monitor and measure processes against security policy, objectives, targets, legal and other requirements, and report results. Act: take actions to continually improve performance of the security management system. BS ISO 28000:20071Specification for

    23、 security management systems for the supply chain 1 Scope This International Standard specifies the requirements for a security management system, including those aspects critical to security assurance of the supply chain. Security management is linked to many other aspects of business management. A

    24、spects include all activities controlled or influenced by organizations that impact on supply chain security. These other aspects should be considered directly, where and when they have an impact on security management, including transporting these goods along the supply chain. This International St

    25、andard is applicable to all sizes of organizations, from small to multinational, in manufacturing, service, storage or transportation at any stage of the production or supply chain that wishes to: a) establish, implement, maintain and improve a security management system; b) assure conformance with

    26、stated security management policy; c) demonstrate such conformance to others; d) seek certification/registration of its security management system by an Accredited third party Certification Body; or e) make a self-determination and self-declaration of conformance with this International Standard. Th

    27、ere are legislative and regulatory codes that address some of the requirements in this International Standard. It is not the intention of this International Standard to require duplicative demonstration of conformance. Organizations that choose third party certification can further demonstrate that

    28、they are contributing significantly to supply chain security. 2 Normative references No normative references are cited. This clause is included in order to retain clause numbering similar to other management system standards. 3 Terms and definitions For the purposes of this document, the following t

    29、erms and definitions apply. 3.1 facility plant, machinery, property, buildings, vehicles, ships, port facilities and other items of infrastructure or plant and related systems that have a distinct and quantifiable business function or service NOTE This definition includes any software code that is c

    30、ritical to the delivery of security and the application of security management. BS ISO 28000:20072 3.2 security resistance to intentional, unauthorized act(s) designed to cause harm or damage to, or by, the supply chain 3.3 security management systematic and coordinated activities and practices thro

    31、ugh which an organization optimally manages its risks, and the associated potential threats and impacts therefrom 3.4 security management objective specific outcome or achievement required of security in order to meet the security management policy NOTE It is essential that such outcomes are linked

    32、either directly or indirectly to providing the products, supply or services delivered by the total business to its customers or end users. 3.5 security management policy overall intentions and direction of an organization, related to the security and the framework for the control of security-related

    33、 processes and activities that are derived from and consistent with the organizations policy and regulatory requirements 3.6 security management programmes means by which a security management objective is achieved 3.7 security management target specific level of performance required to achieve a se

    34、curity management objective 3.8 stakeholder person or entity having a vested interest in the organizations performance, success or the impact of its activities NOTE Examples include customers, shareholders, financiers, insurers, regulators, statutory bodies, employees, contractors, suppliers, labour

    35、 organizations, or society. 3.9 supply chain linked set of resources and processes that begins with the sourcing of raw material and extends through the delivery of products or services to the end user across the modes of transport NOTE The supply chain may include vendors, manufacturing facilities,

    36、 logistics providers, internal distribution centers, distributors, wholesalers and other entities that lead to the end user. 3.9.1 downstream refers to the actions, processes and movements of the cargo in the supply chain that occur after the cargo leaves the direct operational control of the organi

    37、zation, including but not limited to insurance, finance, data management, and the packing, storing and transferring of cargo 3.9.2 upstream refers to the actions, processes and movements of the cargo in the supply chain that occur before the cargo comes under the direct operational control of the or

    38、ganization, including but not limited to insurance, finance, data management, and the packing, storing and transferring of cargo BS ISO 28000:200733.10 top management person or group of people who directs and controls an organization at the highest level NOTE Top management, especially in a large mu

    39、ltinational organization, may not be personally involved as described in this International Standard; however top management accountability through the chain of command shall be manifest. 3.11 continual improvement recurring process of enhancing the security management system in order to achieve imp

    40、rovements in overall security performance consistent with the organizations security policy 4 Security management system elements Figure 2 Security management system elements 4.1 General requirements The organization shall establish, document, implement, maintain and continually improve an effective

    41、 security management system for identifying security threats, assessing risks and controlling and mitigating their consequences. The organization shall continually improve its effectiveness in accordance with the requirements set out in the whole of Clause 4. The organization shall define the scope

    42、of its security management system. Where an organization chooses to outsource any process that affects conformity with these requirements, the organization shall ensure that such processes are controlled. The necessary controls and responsibilities of such outsourced processes shall be identified wi

    43、thin the security management system. Security management policy Security planningRisk assessment Regulatory requirements Security objectives and targets Security management programme CONTINUALIMPROVEMENT Implementation and operation Responsibilities and competence, Communication Documentation Operat

    44、ional control Emergency preparedness Checking and corrective actionMeasurement and monitoring System evaluation Non-conformance and corrective and preventive action Records Audit Management review and continual improvement BS ISO 28000:20074 4.2 Security management policy The organizations top manag

    45、ement shall authorize an overall security management policy. The policy shall: a) be consistent with other organizational policies; b) provide the framework which, enables the specific security management objectives, targets and programmes to be produced; c) be consistent with the organizations over

    46、all security threat and risk management framework; d) be appropriate to the threats to the organization and the nature and scale of its operations; e) clearly state the overall/broad security management objectives; f) include a commitment to continual improvement of the security management process;

    47、g) include a commitment to comply with current applicable legislation, regulatory and statutory requirements and with other requirements to which the organization subscribes; h) be visibly endorsed by top management; i) be documented, implemented and maintained; j) be communicated to all relevant em

    48、ployees and third parties including contractors and visitors with the intent that these persons are made aware of their individual security management-related obligations; k) be available to stakeholders where appropriate; l) provide for its review in case of the acquisition of, or merger with other

    49、 organizations, or other change to the business scope of the organization which may affect the continuity or relevance of the security management system. NOTE Organizations may choose to have a detailed security management policy for internal use which would provide sufficient information and direction to drive the security management system (parts of which may be confidential) and have a summarized (non-confidential) version containing the broad objectives for dissemination to its stakeholders and other interested parties. 4.3 Security risk assessment and planning


    注意事项

    本文(BS ISO 28000-2007 Specification for security management systems for the supply chain《供应链的安全管理系统规范》.pdf)为本站会员(diecharacter305)主动上传,麦多课文档分享仅提供信息存储空间,仅对用户上传内容的表现方式做保护处理,对上载内容本身不做任何修改或编辑。 若此文所含内容侵犯了您的版权或隐私,请立即通知麦多课文档分享(点击联系客服),我们立即给予删除!




    关于我们 - 网站声明 - 网站地图 - 资源地图 - 友情链接 - 网站客服 - 联系我们

    copyright@ 2008-2019 麦多课文库(www.mydoc123.com)网站版权所有
    备案/许可证编号:苏ICP备17064731号-1 

    收起
    展开