ImageVerifierCode 换一换
格式:PDF , 页数:21 ,大小:1.29MB ,
资源ID:684425      下载积分:10000 积分
快捷下载
登录下载
邮箱/手机:
温馨提示:
如需开发票,请勿充值!快捷下载时,用户名和密码都是您填写的邮箱或者手机号,方便查询和重复下载(系统自动生成)。
如填写123,账号就是123,密码也是123。
特别说明:
请自助下载,系统不会自动发送文件的哦; 如果您已付费,想二次下载,请登录后访问:我的下载记录
支付方式: 支付宝扫码支付 微信扫码支付   
注意:如需开发票,请勿充值!
验证码:   换一换

加入VIP,免费下载
 

温馨提示:由于个人手机设置不同,如果发现不能下载,请复制以下地址【http://www.mydoc123.com/d-684425.html】到电脑端继续下载(重复下载不扣费)。

已注册用户请登录:
账号:
密码:
验证码:   换一换
  忘记密码?
三方登录: 微信登录  

下载须知

1: 本站所有资源如无特殊说明,都需要本地电脑安装OFFICE2007和PDF阅读器。
2: 试题试卷类文档,如果标题没有明确说明有答案则都视为没有答案,请知晓。
3: 文件的所有权益归上传用户所有。
4. 未经权益所有人同意不得将文件中的内容挪作商业或盈利用途。
5. 本站仅提供交流平台,并不能对任何下载内容负责。
6. 下载文件中如有侵权或不适当内容,请与我们联系,我们立即纠正。
7. 本站不保证下载资源的准确性、安全性和完整性, 同时也不承担用户因使用这些下载资源对自己和他人造成任何形式的伤害或损失。

版权提示 | 免责声明

本文(DIN ISO 28000-2015 Specification for security management systems for the supply chain (ISO 28000 2007)《供应链用安全管理系统的规范(ISO 28000-2007)》.pdf)为本站会员(arrownail386)主动上传,麦多课文库仅提供信息存储空间,仅对用户上传内容的表现方式做保护处理,对上载内容本身不做任何修改或编辑。 若此文所含内容侵犯了您的版权或隐私,请立即通知麦多课文库(发送邮件至master@mydoc123.com或直接QQ联系客服),我们立即给予删除!

DIN ISO 28000-2015 Specification for security management systems for the supply chain (ISO 28000 2007)《供应链用安全管理系统的规范(ISO 28000-2007)》.pdf

1、August 2015 Translation by DIN-Sprachendienst.English price group 12No part of this translation may be reproduced without prior permission ofDIN Deutsches Institut fr Normung e. V., Berlin. Beuth Verlag GmbH, 10772 Berlin, Germany,has the exclusive right of sale for German Standards (DIN-Normen).ICS

2、 03.100.10; 47.020.05!%ED“2342933www.din.deDDIN ISO 28000Specification for security management systems for the supply chain(ISO 28000:2007),English translation of DIN ISO 28000:2015-08Spezifikation fr Sicherheitsmanagementsysteme fr die Lieferkette (ISO 28000:2007),Englische bersetzung von DIN ISO 2

3、8000:2015-08Spcifications pour les systmes de management de la sret pour la chanedapprovisionnement (ISO 28000:2007),Traduction anglaise de DIN ISO 28000:2015-08www.beuth.deDocument comprises 21 pagesIn case of doubt, the German-language original shall be considered authoritative.08.15 A comma is us

4、ed as the decimal marker. Contents Page National foreword. 3 Introduction 4 1 Scope . 6 2 Normative references . 6 3 Terms and definitions. 6 4 Security management system elements 8 4.1 General requirements. 8 4.2 Security management policy . 9 4.3 Security risk assessment and planning . 9 4.4 Imple

5、mentation and operation 12 4.5 Checking and corrective action 15 4.6 Management review and continual improvement . 17 Annex A (informative) Correspondence between ISO 28000:2007, ISO 14001:2004 and ISO 9001:2000 18 Bibliography . 21 DIN ISO 28000:2015-08 2 National foreword This document (ISO 28000:

6、2007) has been prepared by Technical Committee ISO/TC 8 Ships and marine technology“ (Secretariat: SAC, China and DIN, Germany) and has been adopted, unchanged, as DIN ISO 28000:2015-08. The responsible German body involved in its preparation was the DIN-Normenstelle Schiffs- und Meerestechnik (DIN

7、Standards Committee Shipbuilding and Marine Technology), Working Committee NA 132 BR-01 SO Internationale Normung (Sp ISO/TC 8). Attention is drawn to the possibility that some of the elements of this document may be the subject of patent rights. DIN and/or DKE shall not be held responsible for iden

8、tifying any or all such patent rights. Users of the German version of this standard should note the following: Compliance with this standard does not confer to an organization immunity from its legal obligations, even if such compliance has been verified by internal or external audit. In the German

9、translation of this standard, “security” has been translated as Sicherheit (which can also mean “safety”). DIN ISO 28000:2015-08 3 Introduction This International Standard has been developed in response to demand from industry for a security management standard. Its ultimate objective is to improve

10、the security of supply chains. It is a high-level management standard that enables an organization to establish an overall supply chain security management system. It requires the organization to assess the security environment in which it operates and to determine if adequate security measures are

11、in place and if other regulatory requirements already exist with which the organization complies. If security needs are identified by this process, the organization should implement mechanisms and processes to meet these needs. Since supply chains are dynamic in nature, some organizations managing m

12、ultiple supply chains may look to their service providers to meet related governmental or ISO supply chain security standards as a condition of being included in that supply chain in order to simplify security management as illustrated in Figure 1. ISO 28000:Securitymanagement systemsfor the supply

13、chainISO20858:MaritimePortFacilitySecurityAssessmentsandSecurityPlanISO28001:BestPracticesCustodyinSupplyChainSecurityOtherspecificexistingstandardsorthosetobedeveloped.Figure 1 Relationship between ISO 28000 and other relevant standards Specification for security management systems for the supply c

14、hain DIN ISO 28000:2015-08 4 This International Standard is intended to apply in cases where an organizations supply chains are required to be managed in a secure manner. A formal approach to security management can contribute directly to the business capability and credibility of the organization.

15、Compliance with an International Standard does not in itself confer immunity from legal obligations. For organizations that so wish, compliance of the security management system with this International Standard may be verified by an external or internal auditing process. This International Standard

16、is based on the ISO format adopted by ISO 14001:2004 because of its risk based approach to management systems. However, organizations that have adopted a process approach to management systems (e.g. ISO 9001:2000) may be able to use their existing management system as a foundation for a security man

17、agement system as prescribed in this International Standard. It is not the intention of this International Standard to duplicate governmental requirements and standards regarding supply chain security management to which the organization has already been certified or verified compliant. Verification

18、 may be by an acceptable first, second, or third party organization. NOTE This International Standard is based on the methodology known as Plan-Do-Check-Act (PDCA). PDCA can be described as follows. Plan: establish the objectives and processes necessary to deliver results in accordance with the orga

19、nizations security policy. Do: implement the processes. Check: monitor and measure processes against security policy, objectives, targets, legal and other requirements, and report results. Act: take actions to continually improve performance of the security management system. DIN ISO 28000:2015-08 5

20、 1 Scope This International Standard specifies the requirements for a security management system, including those aspects critical to security assurance of the supply chain. Security management is linked to many other aspects of business management. Aspects include all activities controlled or influ

21、enced by organizations that impact on supply chain security. These other aspects should be considered directly, where and when they have an impact on security management, including transporting these goods along the supply chain. This International Standard is applicable to all sizes of organization

22、s, from small to multinational, in manufacturing, service, storage or transportation at any stage of the production or supply chain that wishes to: a) establish, implement, maintain and improve a security management system; b) assure conformance with stated security management policy; c) demonstrate

23、 such conformance to others; d) seek certification/registration of its security management system by an Accredited third party Certification Body; or e) make a self-determination and self-declaration of conformance with this International Standard. There are legislative and regulatory codes that add

24、ress some of the requirements in this International Standard. It is not the intention of this International Standard to require duplicative demonstration of conformance. Organizations that choose third party certification can further demonstrate that they are contributing significantly to supply cha

25、in security. 2 Normative references No normative references are cited. This clause is included in order to retain clause numbering similar to other management system standards. 3 Terms and definitions For the purposes of this document, the following terms and definitions apply. 3.1 facility plant, m

26、achinery, property, buildings, vehicles, ships, port facilities and other items of infrastructure or plant and related systems that have a distinct and quantifiable business function or service NOTE This definition includes any software code that is critical to the delivery of security and the appli

27、cation of security management. DIN ISO 28000:2015-08 6 3.2 security resistance to intentional, unauthorized act(s) designed to cause harm or damage to, or by, the supply chain 3.3 security management systematic and coordinated activities and practices through which an organization optimally manages

28、its risks, and the associated potential threats and impacts therefrom 3.4 security management objective specific outcome or achievement required of security in order to meet the security management policy NOTE It is essential that such outcomes are linked either directly or indirectly to providing t

29、he products, supply or services delivered by the total business to its customers or end users. 3.5 security management policy overall intentions and direction of an organization, related to the security and the framework for the control of security-related processes and activities that are derived f

30、rom and consistent with the organizations policy and regulatory requirements 3.6 security management programmes means by which a security management objective is achieved 3.7 security management target specific level of performance required to achieve a security management objective 3.8 stakeholder

31、person or entity having a vested interest in the organizations performance, success or the impact of its activities NOTE Examples include customers, shareholders, financiers, insurers, regulators, statutory bodies, employees, contractors, suppliers, labour organizations, or society. 3.9 supply chain

32、 linked set of resources and processes that begins with the sourcing of raw material and extends through the delivery of products or services to the end user across the modes of transport NOTE The supply chain may include vendors, manufacturing facilities, logistics providers, internal distribution

33、centers, distributors, wholesalers and other entities that lead to the end user. 3.9.1 downstream refers to the actions, processes and movements of the cargo in the supply chain that occur after the cargo leaves the direct operational control of the organization, including but not limited to insuran

34、ce, finance, data management, and the packing, storing and transferring of cargo 3.9.2 upstream refers to the actions, processes and movements of the cargo in the supply chain that occur before the cargo comes under the direct operational control of the organization, including but not limited to ins

35、urance, finance, data management, and the packing, storing and transferring of cargo DIN ISO 28000:2015-08 7 3.10 top management person or group of people who directs and controls an organization at the highest level NOTE Top management, especially in a large multinational organization, may not be p

36、ersonally involved as described in this International Standard; however top management accountability through the chain of command shall be manifest. 3.11 continual improvement recurring process of enhancing the security management system in order to achieve improvements in overall security performa

37、nce consistent with the organizations security policy 4 Security management system elements Figure 2 Security management system elements 4.1 General requirements The organization shall establish, document, implement, maintain and continually improve an effective security management system for identi

38、fying security threats, assessing risks and controlling and mitigating their consequences. The organization shall continually improve its effectiveness in accordance with the requirements set out in the whole of Clause 4. The organization shall define the scope of its security management system. Whe

39、re an organization chooses to outsource any process that affects conformity with these requirements, the organization shall ensure that such processes are controlled. The necessary controls and responsibilities of such outsourced processes shall be identified within the security management system. S

40、ecurity management policy Security planningRisk assessment Regulatory requirements Security objectives and targets Security management programme CONTINUALIMPROVEMENT Implementation and operation Responsibilities and competence, Communication Documentation Operational control Emergency preparedness C

41、hecking and corrective actionMeasurement and monitoring System evaluation Non-conformance and corrective and preventive action Records Audit Management review and continual improvement DIN ISO 28000:2015-08 8 4.2 Security management policy The organizations top management shall authorize an overall

42、security management policy. The policy shall: a) be consistent with other organizational policies; b) provide the framework which, enables the specific security management objectives, targets and programmes to be produced; c) be consistent with the organizations overall security threat and risk mana

43、gement framework; d) be appropriate to the threats to the organization and the nature and scale of its operations; e) clearly state the overall/broad security management objectives; f) include a commitment to continual improvement of the security management process; g) include a commitment to comply

44、 with current applicable legislation, regulatory and statutory requirements and with other requirements to which the organization subscribes; h) be visibly endorsed by top management; i) be documented, implemented and maintained; j) be communicated to all relevant employees and third parties includi

45、ng contractors and visitors with the intent that these persons are made aware of their individual security management-related obligations; k) be available to stakeholders where appropriate; l) provide for its review in case of the acquisition of, or merger with other organizations, or other change t

46、o the business scope of the organization which may affect the continuity or relevance of the security management system. NOTE Organizations may choose to have a detailed security management policy for internal use which would provide sufficient information and direction to drive the security management system (parts of which may be confidential) and have a summarized (non-confidential) version containing the broad objectives for dissemination to its stakeholders and other interested parties. 4.3 Security risk assessment and planning 4.3.1 Security risk assessment The organization shall

copyright@ 2008-2019 麦多课文库(www.mydoc123.com)网站版权所有
备案/许可证编号:苏ICP备17064731号-1