Issue 31 – September 2011
Emergencies, crises, and disasters like the tsunami in Japan or the recent riots in London, can happen at any time. Organisations are increasingly implementing risk management processes to ensure continuity, but if their suppliers are unable to deliver, or customers are unable to purchase, the ability of an organisation to achieve its objectives would be compromised. ISO's new Standard Security management systems for the supply chain – Development of resilience in the supply chain – Requirements with guidance for use ISO 28002:2011 promotes resilience at every step of the supply chain.
'Today, the leadership of any organisation has a duty to its stakeholders to plan for its survival,' says Captain Charlie Piersall, Chair of the committee that developed ISO 28002. 'ISO 28002 offers them an invaluable tool. Its integrated approach is both flexible and proactive, and utilises to the maximum the knowledge, capabilities, and expertise within an organisation. In this way the Standard helps meet individual needs for risk management within an economically sound context.
'Organisations are realising that to be resilient, it is not enough to focus on internal processes. As they seek assurance that their suppliers and the extended supply chain in general have planned for and taken steps to prevent and mitigate the threats and hazards to which they may be exposed, there is a strong demand for standards and best practice. For resiliency, ISO 28002 is that Standard.'
ISO 28002 can be applied to any organisation and:
- offers a comprehensive process to enhance preparedness, mitigation, response, continuity of operations, and recovery from disruptive incidents
- includes criteria that, when implemented in a management system, can be used to establish, maintain, and improve an organisation's resiliency policy to plan for, take action and make decisions before, during, and after an incident to its supply chain
- enhances an organisation's capacity to manage and survive any disruptive event and take appropriate actions to help ensure its viability and continued operation.
- was developed as part of the ISO 28000 series on security management systems for the supply chain. Specification for security management systems for the supply chain ISO 28000:2007 is the only published certifiable international management systems Standard that takes a holistic, risk-based approach to managing risks associated with any disruptive incident in the supply chain.
- ISO 28000:2007 Specification for security management systems for the supply chain
- How international Standards contribute to SME success – managers in 10 countries talk to ISO, Touchstone, August 2011
- Recent disasters and ISO Standards, Touchstone, June 2011
- Understanding risk – risk management Standard sets a benchmark, Touchstone, June 2011
- Standards Council offers support to the Canterbury community as it recovers and rebuilds, media release, 16 March 2011
- New Zealand Standards and earthquakes FAQs, Standards New Zealand website, February 2011
- New Standard published for managing disruption-related risk, media release, 7 July 2010
- New risk assessment Standard joins risk management toolbox, Touchstone, March 2010
- New risk management Standard available now, Touchstone, December 2009
- Risk management – new vocabulary Standard, Touchstone, December 2009