پانزده سال پس از انتشار اولیه، استاندارد بین‌المللی برای سیستم‌های مدیریت امنیت زنجیره تامین بازنگری شده است. نسخه جدید استاندارد را با سایر استانداردهای سیستم مدیریت ISO هماهنگ می کند و وضوح و سازگاری را افزایش می دهد. ما تمام اطلاعات و برنامه زمانبندی تغییر را در زیر برای شما خلاصه کرده ایم.

بیایید با چند خبر خوشایند برای بیش از 2500 سایتی که قبلاً از استاندارد استفاده می کنند شروع کنیم: نسخه جدید ISO 28000 عملاً هیچ الزام جدیدی ندارد. شرکت هایی که قبلاً گواهینامه ISO 28000:2007 را دریافت کرده اند، برای انتقال به ISO 28000:2022 مشکلی ندارند.

بنابراین، اگر هیچ الزامات جدیدی وجود ندارد، چرا ISO حتی به خود زحمت ایجاد یک نسخه جدید را داده است؟ پاسخ در هماهنگی نهفته است: از آنجایی که ISO 28000 بیش از یک دهه قدمت دارد، با سایر استانداردهای ISO مرتبط، مانند استانداردهای سیستم های مدیریت، استانداردهای انعطاف پذیری و امنیتی (ISO 22316) و استاندارد مدیریت ریسک ISO 31000 همخوانی نداشت. 

Alignment with the ISO Harmonized Structure (HS)

At first glance, one might think that the changes in ISO 28000:2022 are quite drastic: The entire structure has been rearranged. However, upon closer inspection, it becomes clear that the requirements themselves have barely changed - they are simply presented in a new format.

Like all ISO management system standards, ISO 28000 now uses the so-called Harmonized Structure (HS). This is a structure, core text and definitions common to all management system standards. With this approach, ISO ensures that management systems are harmonized and can be easily integrated. For an overview of the High-Level Structure and what it means for certified sites, see this article.

If your company is also certified to ISO 9001, ISO 14001 and/or ISO 45001, we recommend that you discuss with the relevant departments how the management systems can be harmonized and integrated internally. Since all of these standards share the same structure and core requirements, the teams responsible for implementing and maintaining these standards can take advantage of the synergies and promote a common understanding of the management systems.

Other changes

Recommendations were added in two places in the standard. Important: Recommendations are not requirements. In ISO management system standards, requirements are usually indicated with the verb "shall," while recommendations are described with "should."

- In clause 4.2.3, a number of principles have been added to harmonize the standard with the ISO 31000 risk management guidelines. However, many of these principles are not new - rather, they serve to provide additional clarification of some requirements.
- In Section 8, recommendations have been added to ensure consistency with ISO 22301, the international standard for business continuity management systems. This relates to security policies, procedures, processes and treatments (8.5), as well as security plans (8.6).

Timetable & Transition Period

In March 2022, the revision of ISO 28000 was published. You can access the standard here. The publication marks the beginning of a three-year transition period. All companies must complete the transition before the end of the three-year period.

DQS: Your partner for ISO 28000:2022 certification

DQS is an accredited certification body for the ISO 28000 standard, and we're here to help - with smooth audit planning, experienced auditors, and in-depth audit reports.

نویسنده
Dr. Thijs Willaert

Dr. Thijs Willaert je globalni direktor službi za održivost. U ovoj ulozi, on je odgovoran za ceo portfolio ESG usluga DQS-a.

Oblasti njegovog interesovanja uključuju održivost procesa nabavke, proveru ljudskih prava i ESG audite.

Loading...