The concept of supply chain security management was proposed for international standards by the Technical Committee for Ships and Marine Technology, and the standards related to ISO 28000 were issued for the first time in 2005, and then included many developments until they reached a new update in 2007 AD, and this update continued until the present time The ISO 28000 specification includes many elements, which can be described in the following points:

1. Planning: which includes defining objectives and a plan of operations necessary to achieve results, in accordance with the company's security policy
2. Execution: This means the implementation of operations according to the plan described in the first element.
3. Investigation: It is a set of processes that aim to monitor and measure the processes and their progress on the right approach, and this includes observing the security policy, objectives and legal requirements, in addition to preparing reports to report the results.
4. Action: It is taking actions that aim to continuously improve the performance of the security management system.

Where many companies can resort to obtaining the ISO 28000 

1. Certificate, especially if they want to own the following items:
2. Establishing, implementing and maintaining the company's security management system.
3. Ensuring the company's compliance with the security policy.
4. Prove the company's compliance with the security policy of others.
5. Seeking to obtain certification or registration of the company's security management system from an approved third party.
6. Desire to issue a report that proves the compliance of the company's policy with ISO 28000 standards.

Basic Clauses of ISO 28000

The ISO 28000 standards include several items to be submitted to anyone wishing to obtain a certificate, and the following are theseitems:

1. Security management policy clause: it includes all aspects of security management policy.
2. Planning and evaluating security risks: it includes ensuring the job security of the company's employees, assessing security risks and developing a plan to deal with them.
3. Implementation and Operation Clause: It includes looking into all the operations and management of the company.
4. Audit and correction clause: where potential errors related to the management system must be evaluated and corrected
5. Management review and sustainable improvement clause: where the company's senior management must review the security system in the organization according to time periods, in order to ensure the continuity of efficiency of all activities carried out by the company, and to give the company opportunities for improvement and development.