HomeCertifications › ISO 28000

ISO 28000 — Supply Chain Security Management Systems

Reduce cargo theft, tampering, and smuggling. Win buyer trust and speed border clearance.

Get a Quote See Benefits View Training

Why ISO 28000 Supply Chain Security

Comprehensive security management that protects your supply chain while accelerating trade and building customer confidence.

🔒

Theft & Shrinkage Reduction

Systematic controls across nodes and lanes to minimize cargo theft, pilferage, and inventory shrinkage throughout your supply chain.

🛡

Anti-Tampering Protection

Prevent tampering, counterfeit substitution, and contamination with robust cargo integrity and chain-of-custody procedures.

Better Contractor Control

Enhanced screening and control of contractors, carriers, and 3PLs with systematic vetting and monitoring processes.

🚢

AEO/C-TPAT Readiness

Build evidence for Authorized Economic Operator and C-TPAT participation, accelerating trade facilitation program approval.

Faster Incident Response

Improved incident response and investigation cycle times with structured playbooks and evidence management.

💼

Insurance & Due Diligence

Leverage certification for insurance negotiations and demonstrate security due diligence to customers and partners.

What the Standard Covers

ISO 28000 follows the Annex SL structure, providing a comprehensive framework for supply chain security management across all operations.

Context & Leadership

Define security scope, identify stakeholders, establish security policy, and assign roles and responsibilities.

Risk Assessment & Planning

Conduct threat scenario analysis, lane/node risk assessment, and set measurable security objectives.

Support Systems

Build competence through vetting, training, awareness programs, communications, and documented information.

Operational Controls

Implement cargo integrity, sealing, access control, perimeter security, personnel controls, screening, secure packing, and carrier selection.

Performance Monitoring

Establish KPIs, conduct inspections, internal audits, supplier audits, and management reviews for continuous oversight.

Continuous Improvement

Manage incidents, perform root-cause analysis, implement corrective actions, and drive continual improvement.

Security Risks Addressed

Comprehensive protection against the full spectrum of supply chain security threats and vulnerabilities.

Cargo Theft & Hijacking
Tampering & Contamination
Counterfeit Insertion
Smuggling & Contraband
Insider Threat
Contractor Risk
Terrorism & Sabotage
Civil Unrest Impact
Natural Hazard Overlays
Cyber-Physical Handover Risks

Who Uses ISO 28000

Organizations across the supply chain ecosystem trust ISO 28000 for comprehensive security management.

🚢

Shipping & Ports

Terminals, depots, free zones, shipping lines, NVOCCs managing cargo security across maritime operations.

🚚

Transport & Logistics

3PL/4PL, road fleets, air cargo handlers, warehouses, CEP companies securing goods in transit.

🏭

Manufacturing

High-value goods, pharma, electronics, FMCG manufacturers protecting products through production and distribution.

🛒

Retail & E-commerce

Distribution center networks and last-mile staging operations securing consumer goods delivery.

Key Roles

CSO/Head of Security, Head of Logistics, Risk/Compliance Manager, Port Facility Security Officer, Plant Manager

Organization Sizes

SME single-site operations to multinational multi-node networks with complex supply chains

High-Risk Geographies

LATAM corridors, East/Southern Africa, MENASA, Southeast Asia, export hubs, border crossings

Implementation Timeline & Integration

Realistic timelines and seamless integration with your existing management systems.

1Implementation Timeline

  • 12–20 weeks single site implementation
  • 16–28 weeks multi-site deployment
  • • Phased rollout for complex networks

2Team Requirements

  • • 1 executive sponsor + 1 project lead
  • • 3–6 process owners from key functions
  • • Contractor/carrier representatives

3System Integration

  • • Clean fit with ISO 9001 (supplier control)
  • • Aligns with ISO 22301 (business continuity)
  • • Uses ISO 31000 risk methodology

4Cost Drivers

  • • Site and lane count complexity
  • • 3PL footprint and supplier volume
  • • Technology, localization, audit requirements

AEC Implementation Deliverables

Comprehensive implementation support from gap analysis to certification readiness with proven methodology.

Assessment & Planning

  • Security gap assessment and lane/node risk model
  • Policy framework and SoA-style control register
  • Security procedures (access, sealing, screening, chain-of-custody)
  • Contractor/3PL vetting criteria and onboarding pack
  • Multi-site sampling strategy for complex operations

Operations & Monitoring

  • KPI dashboard: theft rate, seal breach MTTR, vendor vetting %
  • Incident management and investigation toolkit with evidence chain
  • Training programs and drills for all security-critical roles
  • Internal audit and management review kit with templates
  • Mock certification audit preparation and CB liaison support

Proven Results

Organizations implementing ISO 28000 with AEC achieve measurable security improvements.

30–60%
Theft/tamper incident reduction in 12 months
100%
Critical routes with documented risk controls
95%
Vendor vetting completion within 30 days
90%+
Unannounced spot-check pass rate
40%
Incident MTTR improvement

ISO 28000 Training Programs

Build internal competency with our structured training pathway from foundation to expert level.

Foundation

1 Day

Essential understanding of supply chain security principles and ISO 28000 requirements.

Internal Auditor

2 Days

Security audit techniques, sampling methods, and compliance verification skills.

Implementer

3 Days

End-to-end system development, risk assessment, and implementation management.

Lead Auditor

5 Days

Advanced audit leadership skills delivered through accredited training partner.

Request Training Quote View All Training

How ISO 28000 Complements Other Standards

Maximize value through integrated management systems that share processes and reduce audit burden.

22301
ISO 22301

Business continuity when security events occur
31000
ISO 31000

Shared risk methodology and unified risk register
18788
ISO 18788

Private security operations governance for guards
9001
ISO 9001

Integrate with quality system audits and CAPA

Frequently Asked Questions

Common questions about ISO 28000 implementation and certification requirements.

Is ISO 28000 certifiable?

Yes. ISO 28000 is a certifiable management system standard with a 3-year certificate cycle and annual surveillance audits by accredited certification bodies.

Do we need GPS tracking or electronic seals?

Technology is not mandated by the standard. Controls must be risk-based and appropriate to your threat level. GPS and e-seals are common on high-risk lanes but not required for all operations.

Does ISO 28000 qualify us for AEO or C-TPAT automatically?

No automatic qualification. ISO 28000 provides strong process evidence for the security pillars and speeds readiness, but you must still apply separately to customs programs.

How do we include contractors in our scope?

Define clear interface controls, vetting procedures, and monitoring requirements. Include contractor performance in audits and demonstrate due diligence in oversight.

How does multi-site certification work?

One integrated system covers all sites with risk-based sampling for audits. The certification body determines sample size based on complexity, risk levels, and site similarities.

What are common implementation pitfalls?

Paper-only controls with weak lane risk assessments, unmanaged subcontracting relationships, poor seal reconciliation processes, and untested incident response playbooks.

Start Your ISO 28000 Program

Scope your lanes, secure your handovers, and prove due diligence to customers and customs authorities.

Get Implementation Quote Talk to a Security Expert