ISO 28004-4:2014 サプライチェーンのセキュリティ管理システム— ISO 28000の実装に関するガイドライン—パート4：ISO28001への準拠が管理目標である場合のISO28000の実装に関する追加の具体的なガイダンス | ページ 2

Foreword

ISO (the International Organization for Standardization) is a worldwide federation of national standards bodies (ISO member bodies). The work of preparing International Standards is normally carried out through ISO technical committees. Each member body interested in a subject for which a technical committee has been established has the right to be represented on that committee. International organizations, governmental and non-governmental, in liaison with ISO, also take part in the work. ISO collaborates closely with the International Electrotechnical Commission (IEC) on all matters of electrotechnical standardization.

The procedures used to develop this document and those intended for its further maintenance are described in the ISO/IEC Directives, Part 1. In particular the different approval criteria needed for the different types of ISO documents should be noted. This document was drafted in accordance with the editorial rules of the ISO/IEC Directives, Part 2 (see www.iso.org/directives ).

Attention is drawn to the possibility that some of the elements of this document may be the subject of patent rights. ISO shall not be held responsible for identifying any or all such patent rights. Details of any patent rights identified during the development of the document will be in the Introduction and/or on the ISO list of patent declarations received (see www.iso.org/patents ).

Any trade name used in this document is information given for the convenience of users and does not constitute an endorsement.

For an explanation on the meaning of ISO specific terms and expressions related to conformity assessment, as well as information about ISO's adherence to the WTO principles in the Technical Barriers to Trade (TBT) see the following URL: Foreword - Supplementary information

The committee responsible for this document is ISO/TC 8, Ships and marine technology.

This first edition cancels and replaces ISO/PAS 28004-4:2012. It also incorporates the Amendment ISO 28004-1:2007/DAmd3.

ISO 28004 consists of the following parts, under the general title Security management systems for the supply chain — Guidelines for the implementation of ISO 28000:

• Part 1: General principles
• Part 2: Guidelines for adopting ISO 28000 for use in medium and small seaport operations
• Part 3: Additional specific guidance for adopting ISO 28000 for use by medium and small businesses (other than marine ports)
• Part 4: Additional specific guidance on implementing ISO 28000 if compliance with ISO 28001 is a management objective

Introduction

This part of ISO 28004 has been developed to supplement ISO 28004-1. The additional guidance in this part of ISO 28004, while amplifying the general guidance provided in the main body of ISO 28004-1, does not conflict with the general guidance. While ISO 28000 is less specific than ISO 28001 on certain technical security requirements, they do not conflict. This part of ISO 28004 helps to meet the Authorized Economic Operator security criteria.

1 Scope

This part of ISO 28004 provides additional guidance for organizations adopting ISO 28000 that also wish to incorporate the Best Practices identified in ISO 28001 as a management objective on their international supply chains. The Best Practices in ISO 28001 both help organizations establish and document levels of security within an international supply chain and facilitate validation in national Authorized Economic Operator (AEO) programmes that are designed in accordance with the World Customs Organization (WCO) Framework of Standards.

This part of ISO 28004 is not designed as a standalone document. The main body of ISO 28004-1 provides significant guidance pertaining to required inputs, processes, outputs and other elements required by ISO 28000. This part of ISO 28004 provides additional specific guidance on implementing ISO 28000 if compliance with ISO 28001 is a management objective.

Some requirements specified in the WCO AEO programme are government functions and are not addressed in the ISO international standards. These include:

• Demonstrated Compliance with Customs Requirements. Customs are to take into account the demonstrated compliance history of a prospective AEO when considering the request for AEO status.
• Satisfactory System for Management of Commercial Records. The AEO is to maintain timely, accurate, complete and verifiable records relating to import and export. Maintenance of verifiable commercial records is an essential element in the security of the international trade supply chain.
• Financial Viability. Financial viability of the AEO is an important indicator of an ability to maintain and improve upon measures to secure the supply chain.
• Consultation, Co-operation and Communication. Customs, other competent authorities and the AEO at all levels ― international, national and local ― should consult regularly on matters of mutual interest, including supply chain security and facilitation measures, in a manner which will not jeopardize enforcement activities. The results of this consultation should contribute to Customs development and maintenance of its risk management strategy.

2 Normative references

The following referenced documents, in whole or in part, are normatively referenced in this document and are indispensable for its application. For dated references, only the edition cited applies. For undated references, the latest edition of the referenced document (including any amendments) applies.