Certified ISO 28000 Lead Auditor


This course is a PECB certified course, it is a five-day intensive course which enables participants to develop the necessary expertise to support an organization in implementing and managing a supply chain security management system (SCSMS) based on ISO 28000:2007. Participants will also gain a thorough understanding in best practices used to implement supply chain security controls from all areas of ISO 28001.

Course Agenda

Introduction to Supply Chain Security Management System

(SCSMS) concepts as required by ISO 28000; initiating a SCSMS.

  • Introduction to management systems and the process approach
  • Presentation of the standards ISO 28000, ISO 28001, ISO 28004 and regulatory and legal framework related to supply chain security
  • Preliminary analysis and establishment of the maturity level of an existing SCSMS based upon ISO 21827
  • Writing a business case and a project plan for the implementation of a SCSMS

Planning a SCSMS based on ISO 28000

  • Definition of the scope of a SCSMS
  • Development of a SCSMS and supply chain security policies
  • Selection of the approach and methodology for security risk assessment
  • Security risk management (identification, analysis and treatment of risk)
  • Development of a security plan

Implementing a SCSMS based on ISO 28000

  • Implementation of a document management framework
  • Implementation of processes and controls
  • Development of a training & awareness program and communication about the supply chain security
  • Operations management of a SCSMS

Controlling, monitoring and measuring a SCSMS and the certification audit of a SCSMS

  • Controlling and monitoring the SCSMS controls
  • Development of metrics, performance indicators and dashboards
  • ISO 28000 internal audit and management review of a SCSMS
  • Implementation of a continual improvement program
  • Preparing for an ISO 28000 certification audit

Certification Exam