Management system certification / Voluntary assessment
Basis of certification:
International standard ISO 28000
ISO International Organization for Standardization
WHAT DOES THE ISO 28000 STANDARD DEFINE?
The ISO 28000, Specification for security management systems for the supply chain, specifies a series of measures to help organizations to prevent, detect and address the risks and threats to the security of their products and services. These include the adoption of a security policy, the definition of targets and objectives regarding the security of the supply chain consistent with the risk analysis carried out, the appointment of a person in charge of supervising compliance with the requirements of the standard, the definition of specific procedures for the management of risks and threats within its supply chain, the training of the resources involved, the implementation of monitoring and control methods for results. It is designed to help the organization implement a security management system in its supply chain that can be demonstrated to stakeholders.
WHAT DO “CERTIFICATION” OR THE ISSUE OF A CERTIFICATION MARK ACCORDING TO ISO 28000 BY TÜV ITALIA S.R.L MEAN?
- The customer has submitted to voluntary certification audit, according to defined criteria (ISO 28000 standard).
- A certificate and the authorization to use a certification mark are only issued if the certification audit is fully passed and the security management systems for the supply chain of the organization meets all the requirements of the standard.
- The validity of the certificates and/or certification marks is three years and maintained through the annual surveillance every 12 months and the complete review of the management system after three years.
- Special audits are possible in specific cases.
HOW IS THE ASSESSMENT/AUDIT PERFORMED?
Independent and qualified experts (auditors) apply the following auditing techniques:
The process is the same applied for the certification of the other management systems.
- Document review:
Before the audit
- On-site audit:
Certification Audit Stage 1 and stage 2
Surveillance audits every 12 months (2 SA audit in the certification cycle)
Recertification Audit after three years
WHAT IS BEYOND THE SCOPE OF CERTIFICATION ACCORDING TO THE ISO 28000 STANDARD?
- This certification of the management system does not constitute a product certification.
- The certification therefore does not provide direct declarations on the safety of the supply chain of a certified customer product or service. The certification according to ISO 28000 concerns the management system defined by the organization in order to guarantee the security of its supply chain.
- Certification according to ISO 28000 does not mean that the company manufactures products or provides services of higher quality.
- Certification according to ISO 28000 does not guarantee that an organisation effectively mitigates all risks involved in supply chain security in each individual case, even though this is one of the key objectives of the management system.
- A certification does not confirm that the technical and organizational measures taken by the company to secure their supply chain are functioning without errors.