ISO 28000 – 2022 Security management systems

Address potential security issues across all business activities including aspects relevant to the supply chain.

The ISO 28000 - 2022 standard provides a best practice framework to reduce security risks across all activities, functions and operations that have an impact on the security management of the organization including (but not limited to) its supply chain. It can be used throughout all aspects of security of the organization.

With particular regard to the supply chain, some organizations managing multiple supply chains may require service providers to meet related security standards as a condition of being included in that supply chain in order to meet requirements for security management.

What is ISO 28000 - 2022

ISO 28000 – 2022 employs the Plan-Do-Check-Act (PDCA) model to planning, establishing, implementing, operating, monitoring, reviewing, maintaining and continually improving the effectiveness of an organization’s security management system. 

The standard is applicable to organizations of all sizes and types intending to establish maintain and improve a security management system. 

An ISO 28000 - 2022 compliant management system helps you achieve: 

  • integrated enterprise resilience; 
  • systematized management practices; 
  • enhanced credibility and brand recognition; 
  • aligned terminology and conceptual usage; 
  • improved supply chain performance; 
  • benchmarking against internationally recognizable criteria; 
  • greater compliance processes. 

ISO 28000 - 2022 can easily be integrated with other major management system standards, like ISO 9001. This is an advantage for organizations looking to incorporate security aspects into other existing management systems. 

Benefits of becoming certified

By becoming certified by an independent third- party verifies that your security management system complies with the ISO 28000 – 2022 requirements. You get confirmation that you have systems in place to manage and mitigate aspects critical to security assurance of the supply chain.  Among the certification benefits are: 
  • facilitate trade and expedite the transport of goods across borders; 
  • monitor and manage security risks; 
  • gain a competitive advantage and new business opportunities; 
  • encourage companies to secure their own processes; 
  • allow management to focus on areas of greatest concern; 
  • benchmark security management practices; 
  • achieves cost savings by reducing security incidents; 
  • potentially reduce corporate insurance premiums; 
  • improve efficiency across working practices; 
  • demonstrate commitment to ensure safety of individuals and security of goods and services.  

Getting started

The first step towards third party certification is to implement an effective management system complying with the standard’s requirements. DNV can help you throughout the journey from initial training to gap-analysis and the certification process.

See how you can get started on the road to certification.

More information

  ISO 28000

ISO 28000

Download our flyer.



Relevant insight in an active learning environment.

  Your added value

Your added value

Find out more on the digital customer experience.