ISO 28000 - Security and Resilience

This document specifies requirements for a security management system, including those aspects critical to the security assurance of the supply chain. It requires the organization to: • assess the security environment in which it operates including its supply chain (including dependencies and interdependencies); • determine if adequate security measures are in place to effectively manage security-related risks; • manage compliance with statutory, regulatory and voluntary obligations to which the organization subscribes; • align security processes and controls, including the relevant upstream and downstream processes and controls of the supply chain to meet the organization’s objectives.