By CAS

ISO 28001:2007 — Supply Chain Security

Best practices for implementing supply chain security, assessments, and plans — ISO 28001:2007 provides the foundation framework for supply chain security management. Note: ISO 28001:2007 has been superseded by ISO 28000:2022.

By CAS — Not Under EGAC Accreditation

This certificate is issued by CAS without third-party accreditation for this scheme. It is not within the scope of EGAC Schedule 012418B and is not recognised under the IAF MLA. Per IAF MD 23:2023, CAS clearly differentiates accredited and non-accredited services on every page.

By CAS ISO 28001:2007
Apply for Certification Talk to Our Team
ISO 28001:2007
SCSM
What is Security Management for Supply Chain?

ISO 28001:2007 specifies requirements for organisations in the supply chain to establish and implement supply chain security processes and practices — covering the assessment, implementation, and documentation of security practices throughout the international supply chain. It enables organisations to demonstrate that their supply chain security practices meet international requirements. Note: ISO 28000:2022 (Security management systems — Requirements) is the current second edition, published March 2022, which cancels and replaces ISO 28001:2007 with a fully revised management system framework. CAS offers certification against both standards during the transition period.

Who Is This For?

Logistics companies, freight forwarders, customs brokers, exporters, importers, port operators, and supply chain participants requiring documented supply chain security practices for international trade compliance, AEO applications, or customer requirements.

Key Benefits
  • Demonstrates supply chain security practices to customs and trade authorities
  • Supports AEO (Authorised Economic Operator) status applications
  • Reduces risk of cargo theft, tampering, and smuggling
  • Required by some shipping lines, logistics clients, and trade facilitation programmes
  • Structured approach to supply chain threat and risk assessment
  • Improves supply chain transparency and traceability
  • Foundation for transition to ISO 28000:2022
Certification Process
1
Application & Review
Submit your application. CAS reviews your organisation's scope, personnel, sites, and activities to prepare a detailed audit time calculation and formal commercial proposal.
2
Stage 1 — Document Review
On-site or remote review of your management system documentation, readiness assessment, and confirmation of Stage 2 audit scope and plan.
3
Stage 2 — On-site Audit
Full on-site audit of the implemented management system against the standard's requirements. Findings are reported; nonconformities must be closed before certification.
4
Certification Decision
CAS's independent certification committee reviews the audit findings and issues the certificate. The certificate is valid for 3 years.
5
Surveillance & Recertification
Annual surveillance audits (~1/3 of initial audit time) maintain certification. Recertification audit (~2/3 of initial time) is conducted before certificate expiry to renew for a further 3 years.
Frequently Asked Questions
ISO 28001:2007 is aligned with the principles of C-TPAT (US Customs-Trade Partnership Against Terrorism) and similar trade security programmes. It provides a certifiable standard for supply chain security practices.
Yes. ISO 28000:2022 (Second edition, March 2022) is the current standard, cancelling and replacing ISO 28001:2007. It adopts the ISO PDCA management system model and adds alignment with ISO 31000 (risk management) and ISO 22301 (business continuity). CAS offers certification against both standards — contact us to discuss which applies to your situation.
Related Services
By CAS
Security Management Systems
ISO 28000:2022 + Amd.1:2024
Learn more
 CAS, EGAC & IAF
Quality Management Systems
ISO 9001:2015 + Amd.1:2024
Learn more
 CAS, EGAC & IAF
Occupational Health & Safety Management
ISO 45001:2018 + Amd.1:2024
Learn more
 By CAS
Good Storage Practices
WHO GSP Guidelines
Learn more