Broaden your security management: Transitioning from ISO 28000:2007 to ISO 28000:2022
ISO 28000 has been updated from a supply chain security management system to a more holistic security management system that includes your supply chain. These changes enable organizations to take a more robust approach that is more relevant to the risks of today, and tomorrow.
Key changes in this update include:
- the adoption of the ISO harmonized structure, to improve clarity, and bring consistency through alignment with other management systems you may have implemented;
- terms and definitions no longer include specific supply chain terminology, e.g. supply chain, downstream, upstream but they are included in the wording of the standard;
- clause 4 (context of the organization) includes a new section (4.2.3) which provides the recommended principles for security management that an organization should apply; and
- clauses have been added that are specific to security management or aspects of supply chain management.
Starting September 2023 audits to the ISO 28000:2022 standard will be available from BSI. The transition period ends 31 March 2025.