OS GSO ISO 28002:2017
ISO 28002:2011
Omani Standard
Current Edition
·
Approved on
03 October 2017
Security management systems for the supply chain -- Development of resilience in the supply chain -- Requirements with guidance for use
OS GSO ISO 28002:2017 Files
English
55 Pages
Current Edition
Reference Language
83.34 OMR
OS GSO ISO 28002:2017 Scope
This International Standard specifies requirements for a resilience management policy in the supply chain to
enable an organization to develop and implement policies, objectives, and programs, taking into account
⎯legal, regulatory and other requirements to which the organization subscribes,
⎯information about significant risks, hazards and threats that may have consequences to the organization,
its stakeholders, and on its supply chain,
⎯protection of its assets and processes, and
⎯management of disruptive incidents.
This International Standard applies to risks that the organization identifies as those it can control, influence, or
reduce, as well as those it cannot anticipate. It does not itself state specific performance criteria.
This International Standard is applicable to any organization that wishes to
a) establish, implement, maintain, and improve a resilience management policy for the organization and its
supply chain,
b) assure itself of its conformity with its stated resilience management policy,
c) demonstrate its management system contains a well developed Resilience Management Policy by:
1) making a self-determination and self-declaration, or
2) seeking confirmation of its conformance by parties having an interest in the organization (such as
customers), or
3) seeking confirmation of its self-declaration by a party external to the organization, or
4) seeking certification/registration of that management system by an external organization.
All the requirements in this International Standard are intended to be incorporated into any type of the
organization's management system that is based on the PCDA model. This International Standard provides
the elements (including those addressing technology, facilities, processes, and people) required for this
incorporation. The extent of the application of this International Standard will depend on factors such as the
risk tolerance and policy of the organization; the nature and scale of its activities, products, and services; and
the location where, and the conditions in which, the organization functions.
This International Standard provides generic requirements as a framework, applicable to all types of
organizations (or parts thereof) regardless of size and function in the supply chain. This International Standard
provides guidance for organizations to develop their own specific performance criteria, enabling the
organization to tailor and implement a resilience management policy appropriate to its needs and those of its
stakeholders.
This International Standard emphasizes resilience, the adaptive capacity of an organization in a complex and
changing environment, as well as protection of critical supply chain assets and processes. Applying this
International Standard positions an organization to more readily prevent, if possible, prepare for, and respond
to all manner of intentional, unintentional, and/or naturally-caused disruptive events, which, if unmanaged,
could escalate into an emergency, crisis, or disaster. This International Standard covers all phases of incident
management before, during, and after a disruptive event.
This International Standard provides a framework for an organization to
a) develop a prevention, protection, preparedness, mitigation and response/continuity/recovery policy,
b) establish objectives, procedures, and processes to achieve the policy commitments,
c) assure competency, awareness, and training,
d) set metrics to measure performance and demonstrate success,
e) take action as needed to improve performance,
f) demonstrate conformity of the system to the requirements of this International Standard, and
g) establish and apply a process for continual improvement.
Annex A provides informative guidance on system planning, implementation, testing, maintenance, and
improvement.
Best Sellers From Management Systems Sector
GSO ISO/IEC 17065:2015
ISO/IEC 17065:2012
Gulf Standard
Conformity assessment -- Requirements for bodies certifying products, processes and services
OS GSO ISO/IEC 17065:2015
ISO/IEC 17065:2012
Omani Standard
Conformity assessment -- Requirements for bodies certifying products, processes and services
GSO ISO 37000:2023
ISO 37000:2021
Gulf Standard
Governance of organizations — Guidance
GSO ISO 56002:2022
ISO 56002:2019
Gulf Standard
Innovation management — Innovation management system — Guidance
Recently Published from Management Systems Sector
GSO ISO/IEC 17021-2:2024
ISO/IEC 17021-2:2016
Gulf Standard
Conformity assessment
— Requirements for bodies providing audit and certification of management systems
— Part 2: Competence requirements for auditing and certification of environmental management systems
GSO ISO 31700-1:2024
ISO 31700-1:2023
Gulf Standard
Consumer protection
— Privacy by design for consumer goods and services
— Part 1: High-level requirements
GSO ISO/IEC 17060:2024
ISO/IEC 17060:2022
Gulf Standard
Conformity assessment
— Code of good practice
GSO ISO/TS 37008:2024
ISO/TS 37008:2023
Gulf Standard
Internal investigations of organizations — Guidance