ISO 28000
ISO 28000 is an international standard developed by the International Organization for Standardization (ISO) with the primary purpose of improving supply chain security. The standard is aimed at the management, production, and logistics structures of an enterprise and makes it possible to minimize risks that may arise at every stage of delivering products to the end consumer.
Which activities is ISO 28000 suitable for?
ISO 28000 is applicable to both small and large enterprises whose activities are related to the production, storage, transportation of goods, or the provision of services within the supply chain.
Such organizations include:
Implementation and certification under ISO 28000 confirms that the enterprise operates under secure conditions and that all supply chain processes are lawful and controlled by stakeholders and clients.
- product manufacturers that independently supply goods to consumers;
- exporters and importers;
- freight forwarding and logistics companies;
- airports, railway stations, and other transport hubs.
Benefits of ISO 28000 certification
- reduced number of security failures, losses, theft, and smuggling;
- effective control and management of security risks in line with enterprise activities;
- enhanced reliability and business reputation among partners;
- optimized security costs through a systematic approach;
- simplified implementation of integrated management systems through compatibility with ISO 9001 and ISO 14001;
- increased demand for the company's services thanks to well-established and transparent processes;
- greater awareness of supply chain security through to the end consumer.
Security risks across the supply chain
ISO 28000 uses a risk-based approach tailored to logistics security. Organisations assess threats such as cargo theft, tampering, unlawful access to facilities, document fraud, and delays at borders or customs. Security measures are proportional to the value, nature, and routing of goods.
The standard addresses security at interfaces between manufacturers, warehouses, carriers, and customers—where handover points are often most vulnerable. Certification confirms that security planning is integrated with business continuity rather than treated as an afterthought.
Security plans and audit preparedness
Key documented outputs include a security policy, risk assessments, security plans for sites and transport legs, and defined roles for security management. Training ensures that drivers, warehouse staff, and managers apply consistent procedures when incidents or security alerts arise.
Surveillance audits verify that controls remain effective as routes, suppliers, or geopolitical conditions change. Companies exporting to security-sensitive markets or working with customs-authorised operators benefit from a recognised framework that supports Authorised Economic Operator (AEO) programmes and partner due diligence.