Latest: PT Kary Indomas Elok awarded AEO certification by Direktur Jenderal Bea dan Cukai — 17 June 2026
Customs & Trade

ISO 28000 Supply Chain Security Consultant

Implement ISO 28000 to manage security risk across your supply chain — a strong foundation for AEO and C-TPAT.

What is ISO 28000?

ISO 28000 is the international standard for Security Management Systems for the supply chain, published by the International Organization for Standardization. The current revision is ISO 28000:2022, which replaced the 2007 edition and aligned the standard with the ISO Annex SL high-level structure — making it directly integrable with ISO 9001, ISO 14001, ISO 45001, and ISO 27001.

The standard provides a systematic framework for identifying, assessing, and managing security threats across the supply chain, from raw-material sourcing through manufacturing, warehousing, transportation, and delivery. It covers physical security, personnel security, IT security, incident management, and business continuity as they relate to supply-chain operations.

In Indonesia, ISO 28000 is particularly relevant as a structured foundation for organisations seeking AEO certification from DJBC or C-TPAT compliance for US export markets. The security management system requirements in ISO 28000:2022 map closely to the security criteria in both programs, enabling organisations to build once and apply across multiple recognition frameworks.

Who needs it?

  • Manufacturers with complex inbound or outbound supply chains
  • Exporters seeking AEO certification or C-TPAT compliance
  • Logistics service providers, warehousing operators, and freight forwarders
  • Port and terminal operators
  • Companies whose customers require demonstrated supply-chain security maturity
  • Organisations seeking to integrate security management with existing ISO management systems

Benefits of ISO 28000 certification

  • Structured risk management — systematic identification and treatment of supply-chain security threats, from cargo theft to unauthorized access
  • AEO and C-TPAT alignment — ISO 28000 controls directly support both programs' security requirements, reducing duplicated compliance work
  • Customer confidence — certification demonstrates security maturity to buyers, particularly in sectors with high-value cargo or sensitive materials
  • Insurance and finance benefits — demonstrable security controls can support favorable terms from insurers and financiers
  • Integration with other ISO standards — the Annex SL structure of ISO 28000:2022 enables seamless integration with existing ISO 9001, ISO 14001, or ISO 45001 systems
  • Incident preparedness — defined procedures for security incidents reduce response time and limit supply-chain disruption

Our process — from kickoff to certificate in 4 steps

  1. Gap Analysis. We assess your current supply-chain security controls against ISO 28000:2022 requirements, covering context of the organisation, risk assessment methodology, security planning, operational controls, and performance evaluation.
  2. Documentation. We develop your Security Management System documentation — policy, security risk register, objectives, procedures for physical security, access control, incident management, and business continuity.
  3. Implementation & Training. We support implementation across your facilities and supply-chain touchpoints, training your security management team and running an internal audit to confirm readiness.
  4. Certification Audit Support. We prepare you for the Stage 1 (documentation review) and Stage 2 (on-site) audits with your chosen certification body, and support corrective-action responses if needed.

What you'll get

  • ISO 28000:2022 Security Management System manual
  • Supply-chain security risk register and assessment methodology
  • Physical security, access-control, and personnel security procedures
  • IT security baseline procedures (aligned to Clause 8)
  • Incident management and business-continuity procedures
  • Internal audit programme and checklist
  • Training for your security management team
  • Certification audit accompaniment

Why RKM for ISO 28000

RKM's combination of ISO management-system expertise and deep AEO experience makes us a natural partner for ISO 28000. We understand how supply-chain security standards connect to customs trusted-trader programs, and we build documentation that serves both certification auditors and government validation teams.

Our integrated approach means that if you are simultaneously pursuing AEO certification, we structure your ISO 28000 system to satisfy AEO's security and safety management requirement — eliminating the need for separate documentation sets. This reduces cost, effort, and ongoing maintenance burden for your team.

Frequently Asked Questions

What is the difference between ISO 28000:2007 and ISO 28000:2022? The 2022 revision restructured the standard to align with ISO's Annex SL high-level structure, making it directly compatible for integration with ISO 9001, ISO 14001, and others. The 2022 edition also strengthened requirements for context analysis, risk-based thinking, and leadership commitment.

Does ISO 28000 certification satisfy AEO's security requirement? ISO 28000 directly addresses AEO's sixth special requirement (security and safety management system). A well-implemented ISO 28000 system provides strong evidence for DJBC during AEO validation. RKM builds the system to work for both.

Which certification bodies offer ISO 28000 certification in Indonesia? Several accredited certification bodies operate in Indonesia. RKM works with multiple bodies and can advise on selection based on your sector and customer requirements.

How long does ISO 28000 implementation take? Typically 4–8 months from gap analysis to certification, depending on the complexity of your supply chain and the maturity of existing security controls.

Can ISO 28000 be integrated with our existing ISO 9001 system? Yes — the Annex SL structure of both standards makes integration straightforward. We commonly implement ISO 28000 as an extension to an existing ISO 9001 or ISO 14001 system rather than as a standalone system.

What industries benefit most from ISO 28000? Any industry with valuable cargo, sensitive materials, or complex logistics operations: automotive, electronics, chemicals, pharmaceuticals, consumer goods, and logistics services.

Ready to start your AEO journey?

Free 30-minute scoping call. We'll assess readiness and quote within 48 hours.