New ISO Standard to ensure resilience throughout the supply chain

Issue 31 – September 2011

Emergencies, crises, and disasters like the tsunami in Japan or the recent riots in London, can happen at any time. Organisations are increasingly implementing risk management processes to ensure continuity, but if their suppliers are unable to deliver, or customers are unable to purchase, the ability of an organisation to achieve its objectives would be compromised. ISO's new Standard Security management systems for the supply chain – Development of resilience in the supply chain – Requirements with guidance for use ISO 28002:2011 promotes resilience at every step of the supply chain.

'Today, the leadership of any organisation has a duty to its stakeholders to plan for its survival,' says Captain Charlie Piersall, Chair of the committee that developed ISO 28002. 'ISO 28002 offers them an invaluable tool. Its integrated approach is both flexible and proactive, and utilises to the maximum the knowledge, capabilities, and expertise within an organisation. In this way the Standard helps meet individual needs for risk management within an economically sound context.

'Organisations are realising that to be resilient, it is not enough to focus on internal processes. As they seek assurance that their suppliers and the extended supply chain in general have planned for and taken steps to prevent and mitigate the threats and hazards to which they may be exposed, there is a strong demand for standards and best practice. For resiliency, ISO 28002 is that Standard.'

ISO 28002 can be applied to any organisation and:

  • offers a comprehensive process to enhance preparedness, mitigation, response, continuity of operations, and recovery from disruptive incidents
  • includes criteria that, when implemented in a management system, can be used to establish, maintain, and improve an organisation's resiliency policy to plan for, take action and make decisions before, during, and after an incident to its supply chain
  • enhances an organisation's capacity to manage and survive any disruptive event and take appropriate actions to help ensure its viability and continued operation.
  • was developed as part of the ISO 28000 series on security management systems for the supply chain. Specification for security management systems for the supply chain ISO 28000:2007 is the only published certifiable international management systems Standard that takes a holistic, risk-based approach to managing risks associated with any disruptive incident in the supply chain.

You can order PDFs of ISO Standards by calling 0800 782 632 during business hours or emailing

Related Standards

  • ISO 28000:2007 Specification for security management systems for the supply chain

Related articles

Published in business and ICT.