System Certification

ISO28000 Supply Chain Security Management System Certification Service

With the expansion of global trade, various crimes have continuously infiltrated the logistics supply chain. Over the past decade, various environmental regulations have been increasing, and organizations have increasingly focused on their security issues in the global supply chain.

To address supply chain security issues, many organizations have accordingly introduced relevant logistics standards, such as the "Facility Security Requirements" (FSR) and "Truck Transport Security Requirements" (TSR) formulated by the Freight Asset Protection Association (TAPA) for high-tech and high-priced products; the ISO28000 supply chain security management standard formulated by the International Organization for Standardization; the Customs-Trade Anti-Terrorism Partnership (C-TPAT) launched by the United States Customs and Border Protection; and the "Outstanding Economic Organization" (AEO) program launched by the World Customs Organization (WCO).

As the number of regulatory requirements increases, the threat of security incidents rises, and the demand for rapid information exchange during the transportation process of products from manufacturing to the final sales point also grows. It has become particularly important to immediately strengthen the existing security system or establish new standards based on effective risk and security management principles. 

Benefits of ISO28000 Supply Chain Security Management System Certification 

Obtaining ISO28000 certification can offer you the following benefits:

1. Treat safety as a process management aspect, enabling the measurement and improvement of the effectiveness of safety management;

2. Implement special management for key resources and high-risk areas (achieved through safety risk assessment);

3. Determine the safety management benchmark based on international standards and implement it;

4. Present to stakeholders the evidence of the organization's effective enhancement of systematic safety management;

5. ISO28000, through practical methods, helps organizations determine the risk levels in supply chain operations. With the support of management tools (such as document control, key performance indicators, internal audits, and training), assess the risk levels of the organization and implement control measures for existing risks.

The structure of ISO28000 is similar to the standards of ISO14001 Environmental Management System (EMS), and its risk assessment process is very similar to the establishment and evaluation process of environmental projects in EMS. We conduct audits of the organization's safety management system in accordance with the requirements of ISO28000 to help the organization better understand the gaps between the existing system and the requirements of the standard (gap analysis).

ISO28000 Supply Chain Security Management System Certification Solution 

We offer a variety of supply chain security solutions, including training, gap analysis, customized audits and certification solutions, to enhance your security management system and ensure brand image and product safety during the product flow process.

We provide audit services in accordance with various global or regional security requirements:

1. ISO28000 certification 2. TAPA FSR

3. TAPA-TSR

4. C-TPAT

ISO28000 Supply Chain Security Management System Certification Content 

1. General Requirements: The industry practitioners should establish, produce, implement, maintain, and read the security management system for government affairs in a standardized manner to identify risks and control and mitigate the consequences of those risks. This security management system must clearly define its scope. If the practitioners outsource their operations, they must also ensure that the outsourcing activities are under security control. The necessary controls and responsibilities must be specified within the security management system. 

2. Safety Management Policy: The top management is required to formulate the overall safety management policy in accordance with the company's policies. 

3. Risk Assessment and Security Planning: Establish guidelines on how to assess risks, the requirements of laws and regulations, the purpose of security management, and to consider goal setting and security plans; 

4. System Import and Implementation: Establish a standardized safety management organizational structure and its responsibilities, conduct employee education and training and enhance safety awareness, establish a safety information communication channel, build a document record system, manage document information, control system operation, implement emergency measures and ensure safety recovery. 

5. Inspection and Improvement Measures: Standardize safety performance assessment and monitoring, conduct regular system checks and improvements, implement corrective and preventive measures for safety threats, manage records, and conduct safety audits; 

6. Management Review and Continuous Improvement: The top management must conduct a review of the safety management system within the planned period and make improvements to ensure the system's applicability and effectiveness. 

Although all major countries do not have mandatory requirements for their AEOs to pass the ISO28000 certification, some countries such as Japan and Singapore believe that most small and medium-sized enterprises have difficulty in establishing an internationally compatible and comprehensive management system to comply with the AEO system or regulations. Therefore, the domestic authorities are actively promoting the certification of the ISO28000 series standards. 

ISO 28000 Supply Chain Security Management System Certification Scope 

ISO28001: Certification applicable to ports and shipping facilities, cargo handling, shipping agents, trucks, and warehouse operators; 

ISO 28000: Suitable for large company shippers or manufacturers. 

ISO 28000 Supply Chain Security Management System Certification Process 

I. Specific Contents

Step 1 - A proposal can be provided based on the size of the organization and its business type. After you sign the proposal, the review process can begin.

Step 2 - A pre-review service can be offered to determine whether the organization meets the conditions for a formal review and to manage the risk of certification failure. Although this step is optional, it has often been proven to help the organization identify the flaws in the system operation for improvement, and also helps the organization build confidence before the formal review.

Step 3 - The first part of the initial certification review is the "First Phase Review - Assessment of Audit Preparation Status". This step will conduct a compliance assessment of the documented system established by the organization in accordance with the standard requirements, thereby assessing the key elements of the system of the organization based on a thorough understanding of the organization's business characteristics, and preparing for the next phase of the audit. After this review phase, you will receive a written audit report, which will clearly indicate the opportunities for improvement in the system operation, so that you can take measures quickly.

Step 4 - The second part of the initial certification review is the "Second Phase Review - On-site Audit". The audit method includes interviews with you and your colleagues, inspection of document records, and on-site inspections. Based on this, the system compliance will be determined. After the on-site audit, we will propose audit findings based on objective evidence and classify them as serious non-compliance or minor non-compliance, observation items or improvement opportunities. After you close the non-compliance items, the certification manager will conduct a technical review of the audit and issue the certificate.

Step 5 - According to the contract, we will conduct supervision audits every half year or once a year. During this process, we will review the corrective measures taken for previous non-compliance items. At the same time, we will also review the mandatory items and some sampling items in the system based on the pre-provided audit plan.

Step 6 - Before the initial certificate expires after 3 years, we will conduct a re-certification audit. After that, according to the contract provisions, supervision audits will be conducted every half year or once a year, and every three years will be one cycle.