This International Standard specifies the requirements for a security management system, including those
aspects critical to security assurance of the supply chain. Security management is linked to many other
aspects of business management. Aspects include all activities controlled or influenced by organizations that
impact on supply chain security. These other aspects should be considered directly, where and when they
have an impact on security management, including transporting these goods along the supply chain.
This International Standard is applicable to all sizes of organizations, from small to multinational, in
manufacturing, service, storage or transportation at any stage of the production or supply chain that wishes to:
a) establish, implement, maintain and improve a security management system;
b) assure conformance with stated security management policy;
c) demonstrate such conformance to others;
d) seek certification/registration of its security management system by an Accredited third party Certification
Body; or
e) make a self-determination and self-declaration of conformance with this International Standard.
There are legislative and regulatory codes that address some of the requirements in this International
Standard.
It is not the intention of this International Standard to require duplicative demonstration of conformance.
Organizations that choose third party certification can further demonstrate that they are contributing
significantly to supply chain security.