ISO 28000:2022 specifies requirements for a Security Management System (SeMS) for supply chains — providing organisations with a framework to manage security threats, assess vulnerabilities, and implement controls across their supply chain operations. Revised in 2022 with alignment to the ISO High Level Structure (like ISO 27001 and ISO 9001), ISO 28000 addresses threats to supply chain continuity — physical security, personnel security, transportation security, and increasingly cyber supply chain threats.
For Indian IT firms, the supply chain security dimension has become critical — IT equipment procurement (servers, network hardware), software supply chain integrity, and third-party vendor security all create attack surfaces that threat actors actively exploit. The 2020 SolarWinds attack and subsequent supply chain compromises have elevated supply chain security from a logistics concern to a board-level cybersecurity priority. ISO 28000 provides the management system framework that integrates with ISO 27001 for comprehensive supply chain security governance.