ISO 28000:2007 Supply Chain Security Management Training Course

Course Title: ISO 28000:2007 Supply Chain Security Management Training Course

Executive Summary

This two-week intensive training course on ISO 28000:2007 equips participants with the knowledge and skills to establish, implement, maintain, and improve a supply chain security management system (SCSMS). The course covers key aspects of the ISO standard, including risk assessment, security planning, implementation, monitoring, and continuous improvement. Through interactive workshops, case studies, and practical exercises, attendees learn how to identify and mitigate security threats and vulnerabilities throughout the supply chain. The training culminates in the development of a comprehensive SCSMS action plan tailored to the participant’s organization. This course enables professionals to enhance supply chain resilience, minimize security incidents, and improve overall business performance by adhering to globally recognized security standards.

Introduction

In today’s interconnected global economy, supply chains are increasingly vulnerable to a wide range of security threats, including theft, terrorism, piracy, and counterfeiting. ISO 28000:2007 provides a robust framework for organizations to manage and mitigate these risks effectively. This two-week training course offers a comprehensive understanding of the ISO 28000 standard and its application to various supply chain contexts. Participants will learn how to conduct security risk assessments, develop and implement security plans, monitor the effectiveness of security measures, and continuously improve their supply chain security management system. The course emphasizes practical application through real-world case studies, interactive exercises, and group discussions. It also addresses the importance of collaboration and communication with stakeholders throughout the supply chain to ensure a coordinated and effective security approach. By completing this course, participants will gain the necessary skills and knowledge to protect their organizations’ supply chains from security threats and enhance their competitive advantage.

Course Outcomes

• Understand the requirements of ISO 28000:2007.
• Conduct supply chain security risk assessments.
• Develop and implement supply chain security plans.
• Monitor and measure the effectiveness of security controls.
• Improve supply chain security management systems continuously.
• Understand the importance of supply chain resilience.
• Prepare for ISO 28000 certification audits.

Training Methodologies

• Interactive lectures and presentations.
• Case study analysis and group discussions.
• Practical exercises and workshops.
• Role-playing and simulation scenarios.
• Individual and group assignments.
• Expert guest speakers.
• Q&A sessions and feedback.

Benefits to Participants

• Enhanced knowledge of ISO 28000:2007 requirements.
• Improved ability to assess and mitigate supply chain security risks.
• Increased confidence in developing and implementing security plans.
• Greater understanding of supply chain resilience principles.
• Enhanced career prospects in supply chain security management.
• Networking opportunities with other professionals in the field.
• Certification of completion demonstrating expertise in ISO 28000.

Benefits to Sending Organization

• Reduced risk of supply chain security incidents.
• Improved compliance with regulatory requirements.
• Enhanced reputation and customer trust.
• Increased operational efficiency and cost savings.
• Stronger supply chain resilience and business continuity.
• Improved employee morale and engagement.
• Competitive advantage through enhanced security performance.

Target Participants

• Supply chain managers.
• Security managers.
• Logistics managers.
• Operations managers.
• Risk managers.
• Compliance officers.
• Auditors.

Week 1: Foundations of Supply Chain Security and ISO 28000

Module 1: Introduction to Supply Chain Security

1. Overview of supply chain security challenges and threats.
2. Impact of security breaches on business operations.
3. Importance of a holistic security approach.
4. The role of ISO 28000 in supply chain security.
5. Key concepts and definitions related to supply chain security.
6. Relevant laws, regulations, and standards.
7. Case studies of supply chain security incidents.

Module 2: Understanding ISO 28000:2007

1. Overview of the ISO 28000 standard.
2. Scope and applicability of the standard.
3. Key requirements and clauses of ISO 28000.
4. Relationship between ISO 28000 and other management systems.
5. Benefits of implementing ISO 28000.
6. Certification process for ISO 28000.
7. Gap analysis exercise.

Module 3: Risk Assessment in Supply Chain Security

1. Principles of risk management.
2. Identifying supply chain security risks and threats.
3. Assessing the likelihood and impact of risks.
4. Risk assessment methodologies (e.g., HAZOP, FMEA).
5. Developing a risk register.
6. Prioritizing risks for mitigation.
7. Practical exercise: Conducting a supply chain security risk assessment.

Module 4: Security Planning and Implementation

1. Developing a supply chain security plan.
2. Defining security objectives and targets.
3. Identifying and implementing security controls.
4. Types of security controls (physical, technical, administrative).
5. Documentation requirements for security controls.
6. Resource allocation for security implementation.
7. Workshop: Developing a security plan for a specific supply chain scenario.

Module 5: Documentation and Record Keeping

1. Importance of documentation in ISO 28000.
2. Developing and maintaining documented information.
3. Control of documents and records.
4. Types of documents required by ISO 28000.
5. Document management system.
6. Audit trail requirements.
7. Exercise: Creating a document control procedure.

Week 2: Implementation, Monitoring, and Continuous Improvement

Module 6: Operational Control

1. Implementing security controls in daily operations.
2. Establishing operational procedures and work instructions.
3. Managing access control and authorization.
4. Handling sensitive information.
5. Security awareness training for employees.
6. Emergency response planning.
7. Practical exercise: Developing an emergency response plan.

Module 7: Monitoring and Measurement

1. Developing a monitoring and measurement plan.
2. Identifying key performance indicators (KPIs).
3. Collecting and analyzing data.
4. Auditing security controls.
5. Reporting security performance.
6. Using data for decision-making.
7. Exercise: Developing a monitoring and measurement plan.

Module 8: Internal Audit

1. Principles of internal auditing.
2. Planning and conducting internal audits.
3. Developing audit checklists.
4. Identifying and documenting audit findings.
5. Reporting audit results.
6. Following up on audit findings.
7. Role-playing: Conducting an internal audit.

Module 9: Management Review

1. Purpose and scope of management review.
2. Inputs to management review.
3. Outputs from management review.
4. Decision-making based on management review.
5. Documenting management review outcomes.
6. Improving the SCSMS through management review.
7. Case study: Analyzing a management review report.

Module 10: Continuous Improvement

1. The Plan-Do-Check-Act (PDCA) cycle.
2. Identifying opportunities for improvement.
3. Implementing corrective and preventive actions.
4. Evaluating the effectiveness of improvements.
5. Learning from incidents and near misses.
6. Fostering a culture of continuous improvement.
7. Workshop: Developing a continuous improvement plan.

Action Plan for Implementation

1. Conduct a gap analysis of the current supply chain security practices against ISO 28000:2007 requirements.
2. Develop a project plan for implementing or improving the SCSMS, including timelines, responsibilities, and resource allocation.
3. Establish a risk management framework and conduct a comprehensive supply chain security risk assessment.
4. Develop and implement a supply chain security plan based on the risk assessment results.
5. Implement monitoring and measurement processes to track the effectiveness of security controls.
6. Conduct internal audits to verify compliance with ISO 28000:2007 requirements.
7. Conduct management reviews to evaluate the performance of the SCSMS and identify opportunities for improvement.