ISO 28001:2007 — Supply Chain Security
Best practices for implementing supply chain security, assessments, and plans — ISO 28001:2007 provides the foundation framework for supply chain security management. Note: ISO 28001:2007 has been superseded by ISO 28000:2022.
Standard
ISO 28001:2007
Service type
By CAS
Issued under
CAS — own authority
Standards & technical basis
Certified standard
ISO 28001:2007
Certification-body competence
ISO/IEC 17021-1:2015
CAS certifies to the general requirements of ISO/IEC 17021-1:2015; no scheme-specific ISO/IEC 17021 competence part is published for this standard.
Mark & recognition
Issued by CAS under its own authority — carries the CAS mark and does not bear the EGAC or IAF marks.
What it is
ISO 28001:2007 specifies requirements for organisations in the supply chain to establish and implement supply chain security processes and practices — covering the assessment, implementation, and documentation of security practices throughout the international supply chain. It enables organisations to demonstrate that their supply chain security practices meet international requirements. Note: ISO 28000:2022 (Security management systems — Requirements) is the current second edition, published March 2022, which cancels and replaces ISO 28001:2007 with a fully revised management system framework. CAS offers certification against both standards during the transition period.
Who needs it
Logistics companies, freight forwarders, customs brokers, exporters, importers, port operators, and supply chain participants requiring documented supply chain security practices for international trade compliance, AEO applications, or customer requirements.
Benefits of certification
- Demonstrates supply chain security practices to customs and trade authorities
- Supports AEO (Authorised Economic Operator) status applications
- Reduces risk of cargo theft, tampering, and smuggling
- Required by some shipping lines, logistics clients, and trade facilitation programmes
- Structured approach to supply chain threat and risk assessment
- Improves supply chain transparency and traceability
- Foundation for transition to ISO 28000:2022
Frequently asked questions
Common questions
How does ISO 28001:2007 relate to C-TPAT?
ISO 28001:2007 is aligned with the principles of C-TPAT (US Customs-Trade Partnership Against Terrorism) and similar trade security programmes. It provides a certifiable standard for supply chain security practices.
Has ISO 28001:2007 been replaced?
Yes. ISO 28000:2022 (Second edition, March 2022) is the current standard, cancelling and replacing ISO 28001:2007. It adopts the ISO PDCA management system model and adds alignment with ISO 31000 (risk management) and ISO 22301 (business continuity). CAS offers certification against both standards — contact us to discuss which applies to your situation.
Ready to certify against ISO 28001:2007?
Send us a brief description of your organisation — we’ll come back with a quotation within one working day.
Request a quotation →