BS ISO 28003:2007
Current
The latest, up-to-date edition.
Security management systems for the supply chain. Requirements for bodies providing audit and certification of supply chain security management systems
31-12-2007
Foreword
Introduction
1 Scope
2 Normative references
3 Terms and definitions
4 Principles for certification bodies
4.1 General
4.2 Impartiality
4.3 Competence
4.4 Responsibility
4.5 Openness
4.6 Confidentiality
4.7 Resolution of complaints
5 General requirements
5.1 Legal and contractual matters
5.2 Management of impartiality
5.3 Liability and financing
6 Structural requirements
6.1 Organizational structure and top management
6.2 Committee for safeguarding impartiality
7 Resource requirements
7.1 Competence of management and personnel
7.2 Personnel involved in the certification activities
7.3 Use of external auditors and external technical
experts
7.4 Personnel records
7.5 Outsourcing
8 Information requirements
8.1 Publicly accessible information
8.2 Certification documents
8.3 Directory of certified clients
8.4 Reference to certification and use of marks
8.5 Confidentiality
8.6 Information exchange between a certification
body and its clients
9 Process requirements
9.1 General requirements applicable to any audit
9.2 Initial audit and certification
9.3 Surveillance activities
9.4 Recertification
9.5 Special audits
9.6 Suspending, withdrawing or reducing scope of
certification
9.7 Appeals
9.8 Complaints
9.9 Records on applicants and clients
10 Management system requirements for certification bodies
10.1 Option 1 - Management system requirements in
accordance with ISO 9001
10.2 Option 2 - General management system requirements
Annex A (informative) - Guide for process to determine
auditor time
Annex B (normative) - Criteria for auditing organizations
with multiple sites
Annex C (normative) - Auditor education, work and audit
experience and training durations
Annex D (normative) - Auditor competence requirements
Bibliography
Access your standards online with a subscription
Features
-
Simple online access to standards, technical information and regulations.
-
Critical updates of standards and customisable alerts and notifications.
-
Multi-user online standards collection: secure, flexible and cost effective.