ISO 28000 Supply Chain Security Management System – Training Courses

Experiencing security issues is usually not a matter of if but when. Organizations are continuously facing security risks that seriously threaten their operations. High-value products are prone to theft, confidential information is prone to hacking, and personnel are prone to injury. Such security incidents will not only cause financial and business losses, but may also lead to legal consequences and reputational damage. This is why security management has become a crucial aspect for organizations. In this regard, ISO 28000 provides organizations with a comprehensive approach to security management.

What is ISO 28000?

ISO 28000 specifies the requirements for establishing, implementing, maintaining, and improving a security management system (SeMS), including the aspects relevant to the security of the supply chain. 

ISO 28000:2022 Security and resilience – Security management systems – Requirements replaces the ISO 28000:2007 Specification for security management systems for the supply chain. The title of the standard has been changed to emphasize the fact that ISO 28000 requirements are not only applicable to organizations in the supply chain, but to all organizations, regardless of the type, size, or industry. 

The new edition of ISO 28000 follows the harmonized structure of ISO, where the requirements for the SeMS are outlined in clauses 4 to 10. This enables organizations to integrate the SeMS with other management systems based on ISO standards.

The new edition of ISO 28000 includes additional recommendations as well. In clause 4, recommendations on eight principles for security management have been added to ensure better alignment with ISO 31000 (the standard for risk management). In addition, clause 8 sets out recommendations related to security strategies, procedures, processes and treatments, and security plans that ensure consistency with ISO 22301 (the standard for business continuity management).  

ISO 28000 Foundation
ISO 28000 Lead Implementer
ISO 28000 Lead Auditor
ISO 28000 Transition

Why is ISO 28000 important for organizations?

Considering that security incidents can occur at any moment, it is essential for organizations to adopt a proactive approach toward security management. A security management system based on ISO 28000 enables organizations to identify their valuable assets, including property, personnel, products, data, and infrastructure, and implement appropriate security processes and controls to safeguard them. In addition, an effective SeMS enables organizations to improve recognition, increase reputation, enhance business profitability and efficiency, and reduce long-term costs.

ISO 28000 requires from the organization’s leadership to demonstrate commitment with respect to the security management by, among others, establishing a security policy, setting security objectives, and integrating security management into the organizations processes and operations. This enables organizations to align security efforts with their overall goals and objectives, embed security in their daily operations, and promote a security culture that leads to proactive risk management.

In addition, ISO 28000 includes requirements that address risk assessment, security controls and strategies, and security plans. By establishing processes for risk assessment, organizations can effectively identify, analyze, and evaluate security-related risks. Then, they can implement controls and strategies to prevent security-related risks or mitigate and treat those that cannot be prevented. Security plans, on the other hand, enable organizations to respond to security-related incidents in order to minimize possible impact on operations and business.

ISO 28000 also outlines requirements regarding the monitoring and measurement of the SeMS. Monitoring enables organizations to identify vulnerabilities and take appropriate actions to address them, thus minimizing risk and loss. In addition, it enables them to ensure compliance with changing regulations and standards related to security, as violations of such regulations may lead to legal consequences and reputational damage.

What are the benefits of an effective SeMS based on ISO 28000?

A security management system based on ISO 28000 enables organizations to achieve their security management objectives. In particular, it enables organizations to: 

  • Enhance business capabilities 
  • Ensure the security of the environment in which they operate
  • Comply with statutory, regulatory, and voluntary security obligations
  • Identify and address risks and opportunities related to security management 
  • Effectively deal with security violations 
  • Recover from disruptions in the supply chain 
  • Manage relationships with all relevant interested parties in the supply chain 
  • Manage security-related risks
  • Create and protect value
  • Align security processes and controls with the organization’s objectives
  • Gain a competitive advantage 
  • Demonstrate conformity to ISO 28000 through assessments by accredited third parties

How do I get started with ISO 28000 training courses?

The PECB ISO 28000 training courses aim to help you acquire the necessary security management competencies. If you aspire to pursue a career in security management, as an implementer, auditor, consultant, we at PECB are excited to welcome you to our global network of professionals and we will assist you throughout the entire certification process. 

Contact us to take the first step in obtaining a PECB Certified ISO 28000 credential!

Why choose PECB?

As a global provider of training, examination, and certification services, PECB aims to help you demonstrate your commitment and competence by providing you with valuable education, evaluation, and certification against internationally recognized standards. A PECB ISO 28000 certification will give you competitive advantage in the fast-paced and ever-evolving field of security. The PECB ISO 28000 certification program is globally recognized and will help you become a highly competent and knowledgeable professional in the field.

Which PECB Certified ISO 28000 training course is the most appropriate for me? 

Enhance your knowledge and improve your career security management competencies by attending one of the PECB ISO 28000 training courses below:

 

Why should you attend?

The PECB ISO 28000 Foundation presents the basic concepts and principles of security management and provides a general explanation of ISO 28000 requirements. This training course will enable you to learn about various aspects of a security management system (SeMS) based on ISO 28000, including the top management’s commitment, security policy, security strategies, procedures, processes, and treatments, performance evaluation, and continual improvement as well.

After completing the training course, you can sit for the exam. If you pass the exam, you can apply for the “PECB Certified ISO 28000 Foundation” credential. The internationally recognized PECB Certified ISO 28000 Foundation certification, demonstrates that you have a general knowledge of ISO 28000 requirements for an SeMS and you are able to contribute in SeMS implementation projects. 

Who should attend?

The ISO 28000 Foundation training course is intended for:

  • Managers and consultants seeking knowledge about the basic concepts and principles of security management
  • Professionals wishing to get acquainted with ISO 28000 requirements for an SeMS
  • Individuals engaged in or responsible for security management activities in their organizations  
  • Individuals wishing to pursue a career in security management  

Learning objectives

By the end of this training course, participants will be able to:

  • Understand the security management concepts, principles, and definitions
  • Explain ISO 28000 requirements for a security management system
  • Develop a general understanding of how ISO 28000 requirements could be applied in an organization 

Educational approach

The training course is participant centered and contains:

  • Lecture sessions illustrated with graphics and practical examples
  • Interactions between participants by means of questions and suggestions
  • Quizzes with stand-alone questions intended to prepare the participants for the exam

Prerequisites

There are no prerequisites to participate in this training course.

Course Agenda

  • Day 1: Introduction to security management, SeMS, and clauses 4-6 of ISO 28000

    Day 2: Clauses 7-10 of ISO 28000 and certification exam

Examination

  • The exam fully meets the requirements of the PECB Examination and Certification Program (ECP). It covers the following competency domains:

    Domain 1: Fundamental concepts and principles of security management and an SeMS based on ISO 28000

    Domain 2: ISO 28000 requirements for a security management system — Clauses 4 to 10

    For specific information about exam type, languages available, and other details, please visit the List of PECB Exams and the Examination Rules and Policies.

Certification Requirements

  • Upon the successful completion of the exam, you can apply for the “PECB Certificate Holder in ISO 28000 Foundation” certificate. For more information, please refer to the Certification Rules and Policies.

    The certificate requirements for the ISO 28000 Foundation are:

     

    DesignationExamProfessional experienceMS audit/assessment experienceSCSMS project experienceOther requirements
    PECB Certificate Holder in ISO 28000 FoundationPass the PECB ISO 28000 Foundation examNoneNoneNoneSigning the PECB Code of Ethics

General Information

  • Certification and examination fees are included in the price of the training course.
  • PECB will provide over 200 pages of instructional materials containing explanations, guidance, and practical examples.
  • An attestation of course completion worth 14 CPD (Continuing Professional Development) credits will be issued. 
  • In case of exam failure, you can retake the exam within 12 months for free. 

 

Why should you attend?

In today’s rapidly evolving environment, organizations face significant security challenges to protect their assets, operations, and reputation. The ever-changing security risks can pose serious threats to organizations; therefore, it is crucial for organizations to establish an effective security management system. 

The PECB ISO 28000 Lead Implementer training course helps you develop the necessary competencies to establish, implement, maintain, and continually improve a security management system (SeMS). This training course aims to equip you with an in-depth knowledge of ISO 28000 requirements, as well as the best practices and approaches to security management. 

After successfully completing the training course, you will be able to help organizations establish appropriate security processes and controls that proactively ensure the security of the environment and contribute to the creation and protection of value.  

After completing the training course, you can sit for the exam. If you pass the exam, you can apply for the “PECB Certified ISO 28000 Lead Implementer” credential. The internationally recognized “PECB Certified ISO 28000 Lead Implementer” certificate demonstrates that you possess the professional capabilities to implement security management systems based on the requirements of ISO 28000.

Who should attend?

The ISO 28000 Lead Implementer training course is intended for: 

  • Individuals responsible for maintaining and improving the security environment in which organizations operate 
  • Professionals wishing to obtain in-depth knowledge of the requirements of ISO 28000 
  • Individuals responsible for maintaining conformity to the ISO 28000 requirements
  • Expert advisors seeking to master the implementation of an SeMS
  • Members of an SeMS implementation team
  • Individuals seeking to pursue a career in security management
  • Security management consultants
  • Management representatives seeking to master the SeMS implementation process

Learning objectives

By the end of this training course, the participants will be able to:

  • Explain the fundamental concepts and principles of security management
  • Interpret the requirements of ISO 28000 requirements for an SeMS from the perspective of an implementer 
  • Initiate and plan the implementation of an SeMS based on ISO 28000 by utilizing PECB’s IMS2 Methodology and other best practices
  • Support organizations in operating, maintaining, and continually improving their SeMS based on ISO 28000
  • Prepare organizations to undergo a third-party certification audit 

Educational approach

This training course is participant centered and it:

  • Elaborates theories, approaches, and best practices used in the implementation, maintenance, and continual improvement of a security management system
  • Facilitates and encourages interaction between the trainers and participants through questions and discussions 
  • Provides theoretical basis supported by practical examples 
  • Provides quizzes with stand-alone questions (after each section) and scenario-based quizzes (at the end of each day), intended to prepare the participants for the certification exam

Prerequisites

In order to fully benefit from this training course, participants should have a basic knowledge of ISO 28000 requirements. In addition, a general understanding of security management principles and concepts can also facilitate the learning process.

Course Agenda

  • Day 1: Introduction to ISO 28000 and initiation of an SeMS implementation 

    Day 2: Implementation plan of an SeMS

    Day 3: Implementation of an SeMS

    Day 4: SeMS monitoring, continual improvement, and preparation for the certification audit

    Day 5: Certification exam

Examination

  • The “PECB Certified ISO 28000 Lead Implementer” exam fully meets the requirements of the PECB Examination and Certification Program (ECP). It covers the following competency domains:

    Domain 1: Fundamental principles and concepts of an SeMS  

    Domain 2: Initiation of an SeMS implementation 

    Domain 3: Planning of an SeMS implementation based on ISO 28000 

    Domain 4: Implementation of an SeMS based on ISO 28000

    Domain 5: Evaluation of the performance of an SeMS based on ISO 28000 

    Domain 6: Continual improvement of an SeMS based on ISO 28000

    Domain 7: Preparation for an SeMS certification audit 

    For specific information about exam type, languages available, and other details, please visit the List of PECB Exams and the Examination Rules and Policies.

Certification 

After passing the exam, you can apply for one of the credentials shown in the table below. You will receive a certificate as soon as you fulfill all the requirements related to the selected credential.

For more information about the ISO 28000 certifications and the PECB certification process, please refer to the Certification Rules and Policies.

The table below presents the requirements for PECB ISO 28000 Implementer certifications:

 

CredentialExamProfessional experienceSCSMS project experienceOther requirements
PECB Certified ISO 28000 Provisional ImplementerPECB Certified ISO 28000 Lead Implementer Exam or equivalentNoneNoneSigning the PECB Code of Ethics
PECB Certified ISO 28000 ImplementerPECB Certified ISO 28000 Lead Implementer Exam or equivalentTwo years: One year of work experience in Supply Chain Security ManagementProject activities: a total of 200 hoursSigning the PECB Code of Ethics
PECB Certified ISO 28000 Lead ImplementerPECB Certified ISO 28000 Lead Implementer Exam or equivalentFive years: Two years of work experience in Supply Chain Security ManagementProject activities: a total of 300 hoursSigning the PECB Code of Ethics
PECB Certified ISO 28000 Senior Lead ImplementerPECB Certified ISO 28000 Lead Implementer Exam or equivalentTen years: Seven years of work experience in Supply Chain Security ManagementProject activities: a total of 1,000 hoursSigning the PECB Code of Ethics

Note: PECB Certified Individuals who do possess the Lead Implementer and Lead Auditor Credentials are qualified for the respective PECB Master Credential, given they have taken 4 additional Foundation Exams which are related to this scheme. For more detailed information about the Foundation Exams and the overall Master Requirements, please go to PECB Master Credentials.

To be considered valid, the implementation activities should follow best implementation practices and include the following activities:

  • Drafting an SeMS implementation plan
  • Initiating an SeMS implementation project
  • Managing or leading an SeMS implementation project
  • Implementing an SeMS
  • Managing documented information
  • Evaluating the SeMS performance
  • Performing continual improvement activities 

General Information

  • Certification and examination fees are included in the price of the training course.
  • PECB will provide over 500 pages of instructional materials containing explanations, guidance, and practical examples.  
  • An attestation of course completion worth 31 CPD (Continuing Professional Development) credits will be issued to participants who have attended the training course.
  • In case of exam failure, the candidate can retake the exam once for free within 12 months following the initial exam date. 

 

Why should you attend?

The PECB ISO 28000 Lead Auditor training course enables you to develop the necessary competencies to perform security management system (SeMS) audits by applying widely recognized audit principles, procedures, and techniques. This training course integrates the ISO/IEC 17021-1 requirements, the ISO 19011 guidelines, and other best practices of auditing, in order to equip you with the necessary competencies for planning, conducting, and closing ISO 28000 conformity assessment audits successfully. 

Besides the theoretical basis, the training course also provides a hands-on approach by providing examples, exercises, and quizzes to reinforce your understanding of the key aspects of ISO 28000 conformity assessment audits, including the interpretation of ISO 28000 requirements in the context of an audit, the principles of auditing, the application of audit methods and approaches to evidence collection and verification, leading an audit team, drafting nonconformity reports, preparing the audit report, and following up on nonconformities.

After completing the training course, you can sit for the exam. If you successfully pass the exam, you can apply for the “PECB Certified ISO 28000 Lead Auditor” credential. The internationally recognized “PECB ISO 28000 Lead Auditor” certificate validates your professional expertise and demonstrates that you have the knowledge and skills to audit an SeMS based on ISO 28000.

Who should attend?

The ISO 28000 Lead Auditor training course is intended for:

  • Auditors seeking to perform and lead SeMS audits 
  • Individuals responsible for maintaining conformity to the ISO 28000 requirements
  • Technical experts seeking to prepare for an SeMS audit
  • Professionals wanting to pursue a career in management systems conformity assessments
  • Security management consultants 
  • Regulators responsible for ensuring compliance with security standards and regulations 
  • Management representatives seeking to master the SeMS audit process 

Learning objectives

By the end of this training course, the participants will be able to:

  • Explain the fundamental concepts and principles of a security management system based on ISO 28000
  • Interpret the ISO requirements of 28000 for a SeMS from the perspective of an auditor
  • Evaluate the SeMS conformity to ISO 28000 requirements by applying and utilizing widely recognized audit concepts and principles
  • Plan, conduct, and close an ISO 28000 conformity assessment audit, in accordance with the requirements of ISO/IEC 17021-1, the guidelines of ISO 19011, and other best practices of auditing
  • Manage an ISO 28000 audit program

Educational approach

This training course is participant centered and it:

  • Elaborates theories, approaches, and best practices used in SeMS audits 
  • Provides practical exercises which are based on scenarios inspired by real-life events 
  • Encourages interaction between the trainer and participants by means of questions and suggestions
  • Provides quizzes consisting of stand-alone and scenario-based questions, tailored to prepare the participants for the certification exam

Prerequisites

In order to fully benefit from this training course, participants should have a basic understanding of ISO 28000 and audit principles.

Course Agenda

  • Day 1: Introduction to the security management system (SeMS) and ISO 28000

    Day 2: Audit principles and the preparation for and initiation of an audit

    Day 3: On-site audit activities

    Day 4: Closing of the audit

    Day 5: Certification exam

Examination

  • The “PECB Certified ISO 28000 Lead Auditor” exam fully meets the requirements of the PECB Examination and Certification Program (ECP). It covers the following competency domains:

    Domain 1: Fundamental principles and concepts of a security management system

    Domain 2: Security management system requirements

    Domain 3: Fundamental audit concepts and principles

    Domain 4: Preparing an ISO 28000 audit

    Domain 5: Conducting an ISO 28000 audit 

    Domain 6: Closing an ISO 28000 audit

    Domain 7: Managing an ISO 28000 audit program

    For specific information about exam type, languages available, and other details, please visit the List of PECB Exams and the Examination Rules and Policies.

Certification

After successfully completing the exam, you can apply for one of the credentials shown on the table below. You will receive a certificate as soon as you fulfill all the requirements related to the selected credential. 

For more information about the ISO 28000 certifications and the PECB certification process, please refer to the Certification Rules and Policies.

The table below presents the requirements for PECB ISO 28000 Auditor certifications:

CredentialExamProfessional experienceMS audit/assessment experienceOther requirements
PECB Certified ISO 28000 Provisional AuditorPECB Certified ISO 28000 Lead Auditor Exam or equivalentNoneNoneSigning the PECB Code of Ethics
PECB Certified ISO 28000 AuditorPECB Certified ISO 28000 Lead Auditor Exam or equivalentTwo years: One year of work experience in Supply Chain Security ManagementAudit activities: a total of 200 hoursSigning the PECB Code of Ethics
PECB Certified ISO 28000 Lead AuditorPECB Certified ISO 28000 Lead Auditor Exam or equivalentFive years: Two years of work experience in Supply Chain Security ManagementAudit activities: a total of 300 hoursSigning the PECB Code of Ethics
PECB Certified ISO 28000 Senior Lead AuditorPECB Certified ISO 28000 Lead Auditor Exam or equivalentTen years: Seven years of work experience in Supply Chain Security ManagementAudit activities: a total of 1,000 hoursSigning the PECB Code of Ethics

 

Note: PECB Certified Individuals who do possess the Lead Implementer and Lead Auditor Credentials

are qualified for the respective PECB Master Credential, given they have taken 4 additional Foundation Exams which are related to this scheme. For more detailed information about the Foundation Exams and the overall Master Requirements, please go to the following link: https://pecb.com/en/master-credentials.  

To be considered valid, the audit activities should follow best audit practices and include the following:

  1. Planning an audit
  2. Managing an audit program
  3. Drafting audit reports
  4. Drafting nonconformity reports
  5. Drafting audit working documents
  6. Reviewing documented information
  7. Conducting an on-site audit
  8. Following up on nonconformities
  9. Leading an audit team 

General Information

  • Certification and examination fees are included in the price of the training course.
  • PECB will provide training material of over 450 pages of information and practical examples.
  • An attestation of course completion worth 31 CPD (Continuing Professional Development) credits will be issued to participants who have attended the training course.
  • In case of exam failure, the candidate can retake the exam once for free within 12 months following the initial exam date.

 

 

Why should you attend?

The ISO 28000 Transition training course enables participants to thoroughly understand the differences between ISO 28000:2007 and ISO 28000:2022. In addition, it allows participants to acquire knowledge on the new concepts, requirements, and recommendations presented by ISO 28000:2022. 

Published in March 2022, the latest edition of ISO 28000 follows the harmonized structure of ISO, where the requirements for the security management system (SeMS) are outlined in clauses 4 to 10. This structure facilitates the integration of the SeMS with other management systems based on ISO standards. The title of the standard has also changed from Specification for security management systems for the supply chain to Security and resilience – Security management systems – Requirements, to emphasize the fact that ISO 28000 requirements are not only applicable to organizations in the supply chain, but to all organizations, regardless of the type, size, or industry. 

The “PECB ISO 28000 Transition” training course provides detailed information on the revised and new requirements and terminology. Furthermore, it equips participants with the necessary competencies to support organizations in transitioning their SeMS to ensure compliance with ISO 28000:2022. 

After attending the training course, you can take the exam, and if you successfully pass the exam, you can apply for the “PECB Certified ISO 28000 Transition” credential. The internationally recognized “PECB ISO 28000 Transition” certificate demonstrates that you have the knowledge and professional capabilities to successfully update an SeMS to ensure compliance with the requirements of ISO 28000:2022.

Who should attend?

This training course is intended for:

  • Individuals seeking to remain up-to-date with the requirements of ISO 28000 
  • Individuals seeking to understand the differences between ISO 28000:2007 and ISO 28000:2022 
  • Individuals responsible for transitioning an SeMS from ISO 28000:2007 to ISO 28000:2022
  • Managers, trainers, and consultants involved in maintaining an SeMS 
  • Professionals wishing to update their ISO 28000 certificates 

Learning objectives

By the end of this training course, the participants will be able to:

  • Explain the differences between ISO 28000:2007 and ISO 28000:2022 
  • Interpret the new concepts, requirements, and recommendations of ISO 28000:2022
  • Plan and implement the necessary changes to an existing security management system to ensure conformity to the requirements of ISO 28000:2022 

Educational approach

  • This training course is based on theory, and best practices used in the transitioning process of an SeMS 
  • Lecture sessions are illustrated with quizzes 
  • Quizzes have a similar structure to the certification exam 

Prerequisites

In order to fully benefit from this training course, participants need to have a general understanding of security concepts and ISO 28000 requirements.

Course Agenda

  • Day 1: Introduction to ISO 28000:2022 and comparison to ISO 28000:2007

    Day 2: Clause by clause comparison between ISO 28000:2022 and ISO 28000:2007 and certification exam

Examination

  • The “PECB Certified ISO 28000 Transition” exam fully meets the requirements of the PECB Examination and Certification Program (ECP). It covers the following competency domains:

    Domain 1: Differences between main clauses of ISO 28000:2022 and ISO 28000:2007

    Domain 2: Understand, interpret, and plan the implementation of ISO 28000:2022 changes  

    For specific information about exam type, languages available, and other details, please visit the List of PECB Exams and the Examination Rules and Policies.

Certification

  • After passing the exam, you can apply for one of the credentials shown on the table below. You will receive a certificate as soon as you fulfill all the requirements related to the selected credential.

     

    CredentialExamProfessional experienceMS audit/assessment experienceSCSMS project experienceOther requirements
    PECB Certified ISO 28000:2022 TransitionPECB Certified ISO 28000:2022 Transition ExamNoneNoneNoneSigning of the PECB Code of Ethics

     

    For more information about the ISO 28000 certifications and the PECB certification process, please refer to the Certification Rules and Policies.

General Information

  • Certification and examination fees are included in the price of the training course.
  • Participants will be provided with training course materials containing over 120 pages of information, practical examples, and quizzes.
  • An attestation of course completion worth 14 CPD (Continuing Professional Development) credits will be issued to the participants who have attended the training course.
  • Candidates who have completed the training course but failed the exam are eligible to retake the exam once for free within a 12-month period from the initial date of the exam.