Course Overview

This five-day intensive course enables participants to develop the necessary expertise to support an organization in implementing and managing a Supply Chain Security Management System (SCSMS) based on ISO 28000:2007. Participants will also gain thorough understanding of best practices used to implement supply chain security controls from all areas of ISO 28001. This training is consistent with the project management practices established in ISO 10006 (Quality Management Systems - Guidelines for Quality Management in Projects). This training is fully compatible with ISO 28004 (Guidelines for the Implementation of a SCSMS).

Who should attend?

  • Project managers or consultants wanting to prepare and support an organization in the implementation of a Supply Chain Security Management System (SCSMS)
  • ISO 28000 auditors who wish to fully understand the Supply Chain Security Management System implementation process
  • Persons responsible for the supply chain security conformity in an organization
  • Members of an supply chain security team
  • Expert advisors in physical security
  • Technical experts wanting to prepare for an supply chain security function or for a SCSMS project management function

Learning objectives

  • To understand the implementation of a Supply Chain Security Management System in accordance with ISO 28000
  • To gain a comprehensive understanding of the concepts, approaches, standards, methods and techniques required for the effective management of a Supply Chain Security Management System
  • To understand the relationship between the components of a Supply Chain Security Management System, including risk management, controls and compliance with the requirements of different stakeholders of the organization
  • To acquire the necessary expertise to support an organization in implementing, managing and maintaining a SCSMS as specified in ISO 28000
  • To acquire the necessary expertise to manage a team implementing ISO 28000
  • To develop the knowledge and skills required to advise organizations on best practices in the management of supply chain security
  • To improve the capacity for analysis and decision making in the context of supply chain security management

Course Agenda

Day 1: Introduction to Supply Chain Security Management System (SCSMS) concepts as required by ISO 28000; initiating a SCSMS
  • Introduction to management systems and the process approach
  • Presentation of the ISO 28000 family of standards and the regulatory and legal framework related to supply chain security
  • Fundamental principles of Supply chain security and physical security
  • Preliminary analysis and establishment of the maturity level of an existing Supply Chain Security Management System based upon ISO 21827
  • Writing a business case and a project plan for the implementation of a SCSMS
Day 2: Planning a SCSMS based on ISO 28000
  • Definition of the scope of a SCSMS
  • Development of a SCSMS policy and objectives
  • Selection of the approach and methodology for security risk assessment
  • Security risk management (identification, analysis and treatment of risk)
  • Development of a security plan
Day 3: Implementing a SCSMS based on ISO 28000
  • Implementation of a document management framework
  • Design of controls and writing procedures
  • Implementation of processes and controls
  • Development of a training & awareness program and communication about the supply chain security
  • Incident management
  • Operations management of a SCSMS
Day 4: Controlling, monitoring, measuring and improving a SCSMS; certification audit of a SCSMS
  • Controlling and monitoring the SCSMS
  • Development of metrics, performance indicators and dashboards
  • ISO 28000 internal Audit
  • Management review of a SCSMS
  • Implementation of a continuous improvement program
  • Preparing for an ISO 28000 certification audit
Day 5: Certification Exam


ISO 28000 Foundation Certification or a basic knowledge of ISO 28000 and ISO 28001 is recommended

Educational approach

  • This training is based on both theory and practice:
    • Sessions of lectures illustrated with examples based on real cases
    • Practical exercises based on a full case study including role playing and narrative presentation
    • Review exercises to assist the exam preparation
    • Practice test similar to the certification exam
  • To benefit from the practical exercises, the number of training participants is limited

Search Course

Managing Operational Incidents

January 30,2023 / 0 Comments

Implementing Risk and Resilience

January 30,2023 / 0 Comments

Resilient Culture

January 27,2023 / 0 Comments