Security in the ISO 28000 supply chain

What is supply chain security and what does it bring to your company?

The UNE Standard – ISO 28000: 2008 (ISO 28000:2007) security management for the supply chain offers us the following definition: the chain is the related set of resources and processes that begins with the provision of raw materials, and extends to the delivery of products or services to the end-user through the means of transport. However, the scope of this standard also includes security aspects in finance, production, information management and packaging, storage and transfer facilities between different locations.

ISO 28000 is specially dedicated and designed for companies with high dependence on their supply chain within their value chain. The logistics sector is one of the clearings benefited by this standard. From GlobalSUITE Solutions we will help you to identify the critical aspects to secure the chain and implement the necessary measures, thanks to a risk analysis. This will minimize the possibility of disruption to the processes they carry out and be able to rely on your security.

''Methodology based on ISO 28000 good practices''


Discover our ISO 28000 software

The implementation of ISO 28000 with the support of the GlobalSUITE Supply Chain Security Management System Software® ensures security in relations with its suppliers and throughout its value chain until the delivery of its products and Services.

It is the software that facilitates the implementation and governance of a Supply Chain Security Management System based on ISO 28000. The platform allows to adapt the chosen risk methodology immediately. In addition, it includes the management of the risks obtained by defining and monitoring the corresponding treatment plan.

Differential analysis

It allows to carry out a risk analysis by parameterizing probability and impact, risk assessment and valuing costs.

Risk Assessment

Parameterization of probability and impact, risk assessment, cost analysis, asset threats and configurable.


This module allows the management of incidents and problems, service requests, complaints, customers and employees, among others.

Treatment plan

It allows comparisons with the risk cost analysis and the treatment plan that would need to be developed to manage the risks.

Cost analysis

Performing type tests and variable scope, analysis of conclusions following the tests carried out and review of the continuity plans implemented.

Safety plan

Record of actions of the security committee, automatic sending of minutes of all attendees via mail and automatic saving in the document manager.

Projection and Simulation

It allows to verify the effectiveness of the security controls planned both at the security risk level and at the economic level.

Configurable methodologies

Definition of acceptable risk, acceptable risk levels, risk listing, risk map, simultaneous or dependent risks.

Balanced Scorecard and Dashboards

Dashboards enabling a comprehensive organizational management and strategic control through metrics, indicators and KPIs

Threat and vulnerability catalogs

The catalogs and security controls included in the platform fully comprise the lifecycle of a supply chain.

Complete safety risk assessment

The platform allows to adapt the chosen risk methodology immediately. In addition, it includes the management of the risks obtained by defining and monitoring the corresponding treatment plan.


Supply Chain Consulting and Auditing

What does ISO 28000 implementation and certification entail?

ISO 28000 specifies the requirements for a security management system that includes those critical aspects to secure the supply chain. Security management is related to many other aspects related to business management. Aspects that include all activities controlled and influenced by organizations impacting supply chain security. GlobalSUITE helps make the implementation of ISO 28000 suitable for your organization.

Our team has more than 15 years of experience and is made up of:


  • Lawyers and engineers
  • Lead Auditor, ISO 27001, ISO 20000,ISO 22301, Lead Implementer.
  • DPD Certification
  • PMP, ITIL, CDPP, COBIT 5 Foundations

We check the effectiveness of planned security checks at both the security risk and economic levels

After an analysis of your business processes and having clearly determined what role the supply chain plays in your business, a analysis and risk management that contemplates all possible incidents that affect the supply chain and can impact your organization’s objectives.

Our ISO 28000 projects address the following aspects:

  • Establish, implement, maintain, and improve the security management system in the supply chain.
  • Ensure and demonstrate compliance with the established security management policy.
  • Help your company in certifying your supply chain security management system by a third party

The implementation of the international ISO 28000 standard with the Audisec team will bring you the following benefits:

  • Risk management in your supplier relations and supply chain.
  • Identification and evaluation of critical suppliers.
  • Safety in supply chain processes.
  • Possibility of integration with other international regulations

Ready to get started?

Talk to one of the experts now