ISO 28001:2007 - Supply Chain Security Management Systems

What is ISO 28001:2007?

ISO 28001 is an international standard which specifies the requirements for a Security Management System, including those aspects critical to security assurance of the supply chain.

The current version of ISO 28001:2007 was released in Oct 2007.

ISO 28001 is applicable to all sizes of organizations, from small to multinational, in manufacturing, service, storage or transportation at any stage of the production or supply chain.

ISO 28001 enables organizations to establish a Security Management System that ensures the sufficient management and control of security and threats, coming from operations related to supply chain and with an ISO 28001 certification, organizations gain visibility in the market and it will help to improve their profitability and quality as well as overall performance.

Benefits of ISO 28001:2007 Compliance

ISO 28001 helps organizations to secure their customer’s supply chain, which in turn brings many benefits where some benefits are mentioned below:
  • Improved Reliability
  • Increased Customer Satisfaction
  • Reduced Operating Costs
  • Efficient Management Approach
  • Increased Focus on Risks
  • Greater Compliance
  • Gain Competitive Advantage
  • Improved stakeholder relationships
  • International Recognition

Journey to ISO 28001:2007 Compliance

ISO 28001 Certification is a 3rd party audit performed by MQA, during the audit we will verify that your organization is following the requirements of ISO 28001, if received positive results then we will issue an ISO 28001 certificate. This certification is then maintained through annual surveillance audits by MQA, with re-certification of the ISO 28001 Certification after three years. See below cycle to know how you can get started on the road to certification:

MQA Certification Cycle

Year 1
Step 1.1 (Initial Application)
  • Client request a quotation.
  • MQA will assess Client’s requirements.
  • MQA will share proposal with client.
  • Client signed the 3-year Certification Contract with MQA.
Step 1.2 (Certification Audit)
  • MQA will conduct:
    1. Gap Assessment (Readiness Review)
    2. Stage-1 Audit (Documentation Review)
    3. Stage-2 Audit (Implementation Review)
  • MQA Auditor will share the audit reports to MQA’s Certification Decision Committee.
Step 1.3 (Certificate Management)
  • If certification decision is positive, then certificate is issued by MQA.
  • If certification decision is negative, then verification audit is planned by MQA.
  • Client will receive the MQA Portal access to:
    1. View the Audit Reports.
    2. Download the ISO Certificate.
    3. Review & Respond to Audit Findings, etc.
Year 2 & 3
Step 2.1 (Renewal Request)
  • MQA request for renewal.
  • Client agreed for Surveillance Audit.
Step 2.2 (Surveillance Audit)
  • MQA will conduct Surveillance Audit
  • MQA Auditor will share the audit reports to MQA’s Certificate Decision Committee.
Step 2.3 (Certificate Management)
  • If no critical non-conformity found, then certificate is renewed by MQA.
  • If any critical nonconformity found, then verification audit is planned by MQA.
  • Client have the MQA Portal access to:
    1. View the Audit Reports.
    2. Download the ISO Certificate.
    3. Review & Respond to Audit Findings, etc.
MQA help you to certify your organization to ISO 28001:2007.

Get a Free Quote

Our Services