ISO 28004-4-2014 PDF

Full title and description

Security management systems for the supply chain — Guidelines for the implementation of ISO 28000 — Part 4: Additional specific guidance on implementing ISO 28000 if compliance with ISO 28001 is a management objective. This part of ISO 28004 provides supplemental, non-standalone guidance showing how ISO 28001 best practices map into an ISO 28000 security management system and how those combined elements support validation against national Authorized Economic Operator (AEO) programmes.

Abstract

ISO 28004-4:2014 offers additional, targeted guidance for organizations that are implementing ISO 28000 and also intend to adopt the best-practice requirements of ISO 28001 for international supply-chain security. It clarifies how ISO 28001 elements integrate with ISO 28000 inputs/processes/outputs and explains the relationship to AEO/WCO frameworks. The document is not intended to stand alone; ISO 28004‑1 remains the primary guidance document for ISO 28000 implementation.

General information

• Status: Published / Current.
• Publication date: 2014-02 (Edition 1, published February 2014).
• Publisher: International Organization for Standardization (ISO).
• ICS / categories: 03.100.01; 03.100.70 (Company organization and management; Management systems).
• Edition / version: Edition 1 — 2014-02 (ISO 28004-4:2014).
• Number of pages: 6 (official ISO listing).

Scope

This part of ISO 28004 provides additional, specific guidance for organisations adopting ISO 28000 that also wish to incorporate the Best Practices identified in ISO 28001 as a management objective for their international supply chains. It is intended to help map ISO 28001 requirements into the ISO 28000 management-system framework and to assist organisations seeking alignment with national AEO programmes based on the World Customs Organization (WCO) Framework of Standards. ISO 28004-4:2014 is a supplement to ISO 28004‑1 (the main implementation guidance) and is not a standalone norm.

Key topics and requirements

• Guidance on mapping ISO 28001 best practices into ISO 28000 inputs, processes and outputs.
• Clarification of how ISO 28000/28001 provisions support AEO validation and conformity with WCO SAFE Framework expectations.
• Supplementary, clause-level guidance (examples and mapping charts) to help implementers integrate ISO 28001 goals with an ISO 28000 security management system.
• Notes on the non-standalone character of the part — implementers should use it together with ISO 28004‑1 and ISO 28000.

Typical use and users

Used by organisations operating in international supply chains that already implement (or plan to implement) ISO 28000 and want to adopt ISO 28001 best practices — for example importers/exporters, freight forwarders, logistics providers, ports and terminal operators, carriers, customs brokers, large manufacturers and supply‑chain security managers. Also useful to consultants, certification bodies, and customs or trade authorities assessing relationships between ISO management-system approaches and AEO/trusted‑trader schemes.

Related standards

Key related documents include ISO 28000 (Specification for security management systems for the supply chain), ISO 28001 (Best practices for implementing supply‑chain security, assessments and plans), ISO 28004‑1 (general guidance for ISO 28000 implementation) and other ISO 28004 parts (Parts 2 and 3 provide additional sector/size‑specific guidance). The part also references sector-related documents (for example ISO 20858 for port facility security assessments in maritime contexts) and the WCO SAFE Framework / AEO guidance. Implementers should consider the full ISO 28000 family and applicable national AEO requirements when using ISO 28004‑4.

Keywords

Supply chain security; security management system; ISO 28000; ISO 28001; ISO 28004; AEO; WCO SAFE Framework; implementation guidance; mapping; best practices.

FAQ

Q: What is this standard?

A: ISO 28004‑4:2014 is Part 4 of the ISO 28004 series — guidance that gives additional, specific advice on implementing ISO 28000 when compliance with ISO 28001 is a management objective. It supplements ISO 28004‑1 rather than replacing it.

Q: What does it cover?

A: It covers how ISO 28001 best practices can be integrated into an ISO 28000 security management system, including mapping of requirements and explanations of how the combined approach supports AEO/trusted‑trader programmes. It is short (informative guidance) and not a standalone specification.

Q: Who typically uses it?

A: Organisations in international logistics and trade (shippers, carriers, ports, logistics providers), supply‑chain security managers, consultants, and certification or verification bodies — especially those seeking to align management‑system practice with AEO or national customs validation programmes.

Q: Is it current or superseded?

A: ISO lists ISO 28004‑4:2014 as the published edition (Edition 1, 2014‑02). It replaced the earlier ISO/PAS 28004‑4:2012; users should check ISO or their national standards body for any later reviews or confirmations.

Q: Is it part of a series?

A: Yes — it is one part of the ISO 28004 series of guidance documents that support implementation of ISO 28000 (see Parts 1, 2, 3 and 4), and it is closely related to ISO 28001 and ISO 28000. Implementers will commonly use multiple parts of the series together.

Q: What are the key keywords?

A: Supply chain security, security management system, ISO 28000, ISO 28001, AEO, WCO SAFE, implementation guidance, best practices.