International Organization for Standardization

Security management systems for the supply chain — Development of resilience in the supply chain — Requirements with guidance for use - First Edition
 N 28002

Annotation

This International Standard specifies requirements for a resilience management policy in the supply chain to enable an organization to develop and implement policies, objectives, and programs, taking into account

— legal, regulatory and other requirements to which the organization subscribes,

— information about significant risks, hazards and threats that may have consequences to the organization, its stakeholders, and on its supply chain,

— protection of its assets and processes, and

— management of disruptive incidents.

This International Standard applies to risks that the organization identifies as those it can control, influence, or reduce, as well as those it cannot anticipate. It does not itself state specific performance criteria.

This International Standard is applicable to any organization that wishes to

a) establish, implement, maintain, and improve a resilience management policy for the organization and its supply chain,

b) assure itself of its conformity with its stated resilience management policy,

c) demonstrate its management system contains a well developed Resilience Management Policy by:

1) making a self-determination and self-declaration, or