The Most Attractive Pune Call Girls Tingre Nagar 8250192130 Will You Miss Thi...
ISO 28000.pptx
1.
2. ISO 28000
ISO 28000 is a global supply chain security management
standard
ISO 28000 2007 defines a set of supply chain security
management requirements
4. 4.1 General Security Requirements
Establish an effective security management system
(SMS)
Define the scope of your security management system
5. 4.2 Security Policy Requirements
Authorize the establishment of a security management
policy
Document your organization's security management
policy
Implement your organization’s security management
policy
Maintain your organization’s security management
policy
6. 4.3 Security Planning Requirements
4.3.1 Analyze security threats and select controls
4.3.2. Respect legal and other security requirements
4.3.3 Set security management objectives
4.3.4 Specify security management targets
4.3.5 Develop security management programs
7. 4.3.1 Analyze Security Threats and
Select Controls
Identify security threats and assess your risks
Define a methodology to identify your organization's
supply chain security threats and assess its security
risks
Establish procedures to identify threats and assess risks
Use your security risk assessment methods and
procedure to identify threats and assess risks
8. Identify security management control measures
Establish procedures to identify and implement
supply chain security management control
measures
Use your procedures to identify supply chain
security management control measures
Use your procedures to implement your supply
chain security management control measures
9. 4.3.2 Respect Legal and Other Security
Requirements
Establish procedures to manage the legal, statutory, and
regulatory security requirements that you subscribe to
Communicate information about all relevant, legal,
statutory, and regulatory security management
requirements
12. 4.3.5 Develop Security Management
Programs
Establish security programs to achieve objectives and
targets
Implement your organization's security management
programs
Maintain your organization's security management
programs
13. 4.4 Security Implementation
Requirements
4.4.1 Create a security management structure
4.4.2 Ensure competence and provide security training
4.4.3 Develop security communication procedures
4.4.4 Establish SMS documents and records
4.4.5 Control your SMS documents and data
4.4.6 Implement operational SMS control measures
4.4.7 Prepare emergency SMS plans and procedures
14. 4.4.1 Create a Security Management
Structure
Establish a security management structure of roles,
responsibilities, and authorities for your organization
Communicate security management roles,
responsibilities, and authorities to those who must
implement and maintain your SMS
Demonstrate a commitment to the development,
implementation, and continual improvement of your
organization's SMS
15. 4.4.2 Ensure Competence and Provide
Security Training
Make sure that personnel responsible for security are
suitably qualified
Establish procedures to make people who work for
you, or on your behalf, aware of your SMS
Keep records of competence and training
16. 4.4.3 Develop Security Communication
procedures
Establish procedures to ensure that pertinent security
information is communicated
17. 4.4.4 Establish SMS Documents and
Records
Establish and maintain a security management
documentation system for your organization
Establish the security sensitivity of information before
you consider giving people access to it
18. 4.4.5 Control your SMS Documents and
Data
Establish procedures to control the documents, data
and information required by ISO 28000
Maintain your organization's SMS document, data,
and information control procedures
19. 4.4.6 Implement Operational SMS
Control Measures
Identify the security activities and operations that your
organization needs to carry out
Carry out your security activities and operations under
specified conditions
Consider your security threats and risks before you
decide to revise your current arrangement or implement
new ones
20. 4.4.7 Prepare Emergency SMS Plans and
Procedures
Prepare appropriate emergency preparedness plan and
procedures to deal with security threats, incidents,
breaches, and emergencies
Prepare appropriate plans and procedures to respond
to security incidents and emergencies
Prepare appropriate security recovery plans and
procedures
21. 4.5 Security Checking Requirements
4.5.1 Monitor and measure security performance
4.5.2 Evaluate your Security Management System
(SMS)
4.5.3 Investigate security incidents and take action
4.5.4 Control your security management records
4.5.5 Audit your Security Management System (SMS)
22. 4.5.1 Monitor and Measure Security
Performance
Establish procedures to monitor and measure security
Use your procedures to monitor and measure security
Maintain supply chain security management records
23. 4.5.2 Evaluate your Security Management
System (SMS)
Evaluate supply chain security management plans
Evaluate supply chain security management procedures
Evaluate supply chain security management capabilities
Evaluate compliance with regulations and best practices
Evaluate conformance with security policy and
objectives
24. 4.5.3 Investigate Security Incidents and
Take Action
Establish security response procedures
Implement your security response procedures
Maintain your security response procedures
25. 4.5.4 Control your Security Management
Records
Establish your organization's security management
records
Establish procedures to control security management
records
26. 4.5.5 Audit your Security Management
System (SMS)
Establish a security management audit program
Establish security management audit procedures
27. 4.6 Security Review Requirements
Review your SMS by examining inputs
Assess the results of your management reviews
Generate management review outputs