ISO/PAS 28001:2006 provides requirements and guidance for organizations in international supply chains to
- develop and implement supply chain security processes;
- establish and document a minimum level of security within a supply chain(s) or segment of a supply chain;
- assist in meeting the applicable Authorized Economic Operators criteria set forth in the World Customs Organization Framework of Standards and conforming national supply chain security programmes.
NOTE Only a participating National Customs Agency can designate organizations as Authorized Economic Operators in accordance with its supply chain security programme and its attendant certification and validation requirements.
In addition, ISO/PAS 28001:2006 establishes certain documentation requirements that would permit verification.
Users of ISO/PAS 28001:2006 will
- define the portion of an international supply chain within which they have established security (see 4.1);
- conduct security vulnerability assessments on that portion of the supply chain and develop adequate countermeasures;
- develop and implement a supply chain security plan;
- train security personnel in their security related duties.