Security Supply Chain ISO 28000 Audit Program - Gold Edition: Guidelines for Auditors on Information Security Controls


Dublin, Feb. 16, 2023 (GLOBE NEWSWIRE) -- The "Security Supply Chain ISO 28000 Audit Program - Gold Edition" report has been added to ResearchAndMarkets.com's offering.

The Security Supply Chain ISO 28000 Audit Program is provided in Excel and PDF formats. The program is 23 pages in length with 369 individual audit points. It is IS0 28000, ISO 27000, Sarbanes Oxley, PCI-DSS, and HIPAA compliant. It meets Massachusetts, New York, California, UK, and EU mandated security requirements.

The Security Supply Chain ISO 28000 Audit Program Gold Edition includes all the items in the premium version plus 25 full security management job descriptions which define specific roles and responsibilities and 28 electronic forms.

With this edition, you get everything in the Standard edition plus the job description for:

  • Chief Security Officer (CSO)
  • Chief Compliance Officer (CCO)
  • Chief Digital Officer
  • Chief Mobility Officer
  • VP Strategy - Architecture
  • Data Protection Officer (DPO)
  • Director e-Commerce
  • Database Administrator
  • Data Security Administrator
  • Manager Compliance
  • Manager Data Security
  • Manager Facilities and Equipment
  • Manager Network - Computing Services
  • Manager Network Services
  • Manager Security and Workstations
  • Manager Training - Documentation
  • Manager Voice and Data Communication
  • Manager Wireless Systems
  • Identity Management Protection Analyst
  • Information Security Analyst
  • Network Security Analyst
  • System Administrator - Linux
  • System Administrator - Unix
  • System Administrator - Windows
  • Wi-Fi Administrator

In addition you get 28 electronic forms

Forms that can be Emailed, completed via a computer or tablet, and stored electronically including:

  • Application & File Server Inventory
  • Blog Policy Compliance Agreement
  • BYOD Access and Use Agreement
  • Company Asset Employee Control Log
  • Email - Employee Acknowledgement
  • Employee Termination Checklist
  • Internet Access Request
  • Internet & Electronic Communication Employee Acknowledgement
  • Internet Access Request
  • Internet Use Approval
  • Mobile Device Access and Agreement
  • Mobile Device Security and Compliance Checklist
  • New Employee Security Acknowledgement and Release
  • Outsourcing and Cloud Security Compliance Agreement
  • Outsourcing Security Compliance Agreement
  • Preliminary Security Audit Checklist
  • Privacy Compliance Policy Acceptance Agreement
  • Security Access Application
  • Security Audit Report
  • Security Violation
  • Sensitive Information Policy Compliance Agreement
  • Social Network Compliance Agreement
  • Telecommuting Work Agreement
  • Text Messaging Sensitive Information Agreement
  • Threat and Vulnerability Assessment
  • Work From Home Work Agreement

ISO 28000:2007 is necessary for the support of an organization implementing and managing a Supply Chain Security Management System (SCSMS)

ISO 28000 - Supply Chain Security - With companies that have a high reliance on just-in-time delivery, aging infrastructure and increased natural and human-made threats. As a result Supply Chain Security has become a very important item for them, especially when viewed in relation with Business Continuity Management, Risk Management and Security Management.

ISO 28000 Definition

"This International Standard (ISO 28000) specifies the requirements for a security management system, including those aspects critical to the security assurance of the supply chain. Security management is linked to many other aspects of business management. Aspects include all activities controlled or influenced by organizations that impact on supply chain security. These other aspects should be considered directly, where and when they have an impact on security management, including transporting goods along the supply chain".

Security Supply Chain Audit Program is easy to use and generates graphics that can be used in management and compliance review presentations.

ISO 28000 was developed by the ISO Technical Committee TC8 "Ships and Maritime Technology". It is based on the ISO format adopted by ISO 14001:2004 because of its risk-based approach to management standards. The ISO 28000 series of standards consists of:

  • ISO 28000:2007 - The Security Management Standard (SMS) requirements standard, a specification for an SMS against which organizations can certify compliance.
  • ISO 28001:2007 - Provides requirements and guidance for organizations in international supply chains.
  • Assists in meeting the applicable authorized economic operator (AEO) criteria outlined in the World Customs Organization Framework of Standards and conforming to national supply chain security programs.
  • ISO 28002:2011 - Development of resilience in the supply chain - Requirements with guidance for use.
  • ISO 28003:2007 - Requirements for bodies providing audit and certification of supply chain security management systems
  • ISO 28004:2007 - provides generic advice on the application of ISO 28000:2007.
  • ISO/AWI 28005 - ( Under development) Electronic port clearance (EPC) -- Part 1: Message structures.
  • ISO/AWI 28005 - Electronic port clearance (EPC) -- Part 2: Core data elements

Key Topics Covered:

28000 Security Supply Chain Audit Program

Security Risk Assessment and Planning

  • Risk Assessment

Supply Chain Security Management Objectives

  • Internal Security Organization
  • Implementation and Operation of Supply Chain Security

Organizational Supply Chain Security Management Objectives

  • Responsibility for the Supply Chain
  • Information Classification System

Human Resource Security Management Objectives

  • Security Prior to Employment
  • Security During Employment
  • Security at Termination

Physical and Environmental Supply Chain Security Management Objectives

  • Secure Areas
  • Enterprise Equipment
  • Remote Devices

Communication and Operations Management Objectives

  • Procedures and Responsibilities
  • Third Party Service Delivery
  • System Planning Activities
  • Malicious and Mobile Code
  • Back-up Procedures
  • Computer Networks
  • Media
  • Exchange of Information
  • Blockchain Interfaces
  • Information Processing Facilities

Information Access Control Management Objectives

  • Access to Information
  • User Access Rights
  • Access Practices
  • Access to Network Services
  • Access to Operating Systems
  • Access to Applications
  • Mobile and Remote Users

Systems Development and Maintenance Objectives

  • Information System Application Security
  • Application Processing Information
  • Cryptographic Controls
  • System Files
  • Development and Support Processes

Information Security Incident Management Objectives

  • Security Events and Weaknesses
  • Managing Security Incidents and Improvements

Disaster Recovery and Business Continuity Objectives

  • Disaster Recovery Plan/Business Continuity

Compliance Management Objectives

  • Mandated Security Requirements
  • Security Compliance Reviews

28000 Summary Audit Analysis Graphics

  • 28000 Security Audit Summary Graphic
  • 28000 Supply Chain Security Audit % Analysis Graphic
  • 28000 Supply Chain Security Audit Raw Score



For more information about this report visit https://www.researchandmarkets.com/r/8py5ad-supply?w=12

About ResearchAndMarkets.com
ResearchAndMarkets.com is the world's leading source for international market research reports and market data. We provide you with the latest data on international and regional markets, key industries, the top companies, new products and the latest trends.

 

Contact Data