Never heard of ISO 28002? A lot of people haven’t. But it seems like every security and continuity conference lately has a session or two on what it is and why it’s important. Is this just hype or the foundation of new requirements for companies that exist within the global and/or domestic supply chain.
Although it isn’t yet published, it has the potential to cause you to sit up and take notice if your company is part of a supply chain. ‘ISO 28002 – Resilience in the Supply Chain’ is currently being developed. Significant input to the standard is being provided by the Supply Chain Risk Leadership Council. This council is made up of many corporate household names like: CISCO, Boeing, GE and others. It is currently being reviewed by ISO Technical Committee 8 and being represented there by ASIS International, which is not only a leader in the world of security, but is a standard’s writing body which recently released through ANSI, ASIS SPC.1 Organizational Resiliency Management Systems Standard.
Why is this standard being developed? Nobody argues that that threat of a disruption occurring in the supply chain is a rising threat. Just-in-time manufacturing, outsourcing and global sourcing, as well as, specialized factories and materials requirements increase the volatility of supply and demand in the marketplace. Companies, especially those at the top of the supply chain are looking for ways to standardize an approach with their suppliers. They want to take the ambiguity out of not only what it takes for a company to be resilient but also to provide the companies in their supply chain with a standard framework from which to comply with best practices.
Below are a couple of links which offer valuable insight on ISO 28002 and what it might mean to your organization.