The ISO/PAS 28000:2005 "Supply Chain Safety Management System Specification", developed by ISO's TC8 Technical Committee (Ship and Shipping Technology) and released at the end of 2005, is the first published standard in this series. It brings together the views of organizations such as the International Maritime Organization, the International Association of Ports and Terminals, the International Shipping Association, the World Customs Organization, the International Innovation Trade Network, the World Shipping Council and the Security Technology Strategy Committee.

  ISO/DIS 28000 is an updated draft of this standard, which will be published as a full International Standard later in 2007.

ISO/DIS 28000 defines a supply chain as “a set of interconnected resources and processes, starting from the procurement of raw materials, through various modes of transport to deliver products or services to end users. A supply chain will include vendors, facilities manufacturing, Logistics providers, internal distribution centers, distributors, wholesalers, and other entities that contact end users.”

ISO/PAS 28000 is compatible with other management system standards such as ISO 9001 (Quality Management) and ISO 14001 (Environmental Management) by applying a process approach and a "Plan-Do-Check-Dispose" approach to potential risks in the supply chain ).

  ISO/DIS 28000 requires the top management of an organization to develop a general policy for security management, consistent with the organization's overall framework for security threat and risk management, and commensurate with the nature and scale of the threats the organization faces and its operations. In addition, this policy must be deployed and implemented, including security risk assessment and planning, effective implementation and operation, inspections and corrective actions, and management reviews. The following figure shows the operating process diagram of the ISO/DIS 28000 standard:

   When assessing the security risks associated with operations, ISO/DIS 28000 requires organizations to consider the likelihood of an event occurring and all its consequences, including:

  * Threats and risks of physical accidents, such as functional failures, accidental damage, vandalism, terrorist or criminal acts

  * Operational threats and risks, including security controls, human factors, and other activities that affect the performance, health, or security of an organization

  * Failure of safety measures and equipment due to natural environment (rainstorm, flood, etc.)

  * Factors beyond the control of the organization, such as problems with externally provided equipment and services

Once security risks are identified and assessed, corresponding goals, guidelines and plans must be formulated to eliminate or substantially reduce their potential impact (this is largely in line with ISO 14001, which requires organizations to formulate corresponding goals, guidelines and plans). plan to substantially reduce the environmental impact of its operations).

Clause 4.4 of the    Standard addresses the requirements to ensure the effective implementation and operation of the SMS, including the following:

  * Organizational Structure, Powers and Responsibilities

  * Competence, training and awareness

  * communication

  * document

  * Document and Data Control

  * Operation Control

  * Emergency Preparedness, Response and Safe Recovery

  Article 4.5 mainly describes system inspection, taking corrective and preventive measures as needed, including the following requirements:

  * Measurement and monitoring of safety performance

  * System Assessment

  * Safety-related failures, emergencies and nonconformities

  * File Control

  * Review

   Finally, clause 4.6 requires the organization to conduct periodic management reviews to ensure the continued adequacy, adequacy and effectiveness of the safety system.