ACCREDITATION IN PROGRESSSCS · ISO 28000:2022 + 28001:2007

ISO 28001 Supply Chain Security

Organised protection of goods, people and information as cargo moves — against hijacking, theft, tampering and sabotage. Implemented with ISO 28001's supply-chain best practices, certified against ISO 28000:2022, and deliberately aligned with SARS AEO.

CURRENT EDITIONS
ISO 28000:2022 (certification) + ISO 28001:2007 (best practice)
WHO IT'S FOR
Importers, exporters, 3PLs, transporters, terminals & corridors
CERTIFICATION CYCLE
Two-stage audit · 3-year certificate · annual surveillance
WORKS WELL WITH
RTMS · ISO 9001 · SARS AEO
01 — WHAT IT COVERS

The whole chain, not just your gate.

A security management system makes you assess threats across the stretch of supply chain you control or influence, put documented, proportionate controls in place, and test them continually as the threat picture shifts.

Threat & risk assessment

Hijacking, depot theft, pilferage, tampering, insider collusion — mapped as credible scenarios.

Security plans

Documented countermeasures matched to assessed risks, with clear responsibilities.

Physical & cargo security

Sites, vehicles, seals, access control and handover integrity in transit.

Personnel security

Vetting, training and insider-risk management — without treating staff as suspects.

Information security

Routes, schedules and shipment data criminals prize, protected.

Response & continuity

The minutes after an incident, and how the business keeps moving afterwards.

02 — WHY IT PAYS

What a secured chain earns you.

  • 01Fewer, smaller losses — spend where incidents actually happen
  • 02Answers to the security questionnaires large shippers send
  • 03Strong preparation for SARS AEO accreditation
  • 04Insurer confidence on high-risk corridors
  • 05One framework consolidating C-TPAT, TAPA and client demands
  • 06Rehearsed response, so one hijacking isn't a lost contract
420
TRUCK HIJACKINGS IN ONE QUARTER · SAPS 2025
R577M
CARGO THEFT LOSSES IN 18 MONTHS · TAPA
831
SARS-ACCREDITED AEOs · MAY 2025
03 — THE AEO OPPORTUNITY

Security accreditation now opens three markets.

SARS runs a two-level Authorised Economic Operator programme, and in July 2025 signed mutual recognition arrangements with the customs authorities of the United States, United Kingdom and India — South Africa is the first African country recognised under the US C-TPAT programme.

ISO 28001's security assessments and plans map naturally onto the AEO Safety & Security criteria, making certification strong preparation — though AEO accreditation itself is granted only by SARS.

3
MUTUAL RECOGNITION MARKETS · US, UK, INDIA
1ST
AFRICAN COUNTRY IN US C-TPAT
04 — HOW IT RUNS · ISO/IEC 17021-1

The route, step by step.

  1. 01
    Security risk assessment
    Threats mapped across routes, cargo profiles, depots and information flows.
  2. 02
    Countermeasure design
    Controls proportionate to the threat — seals, vetting, tracking, response.
  3. 03
    Documentation & training
    Procedures, incident response and awareness embedded in operations.
  4. 04
    Certification audit
    Stage 1 and Stage 2 verification that the security plan works in practice.
  5. 05
    Surveillance
    Annual checks, plus incident-driven reviews when the threat picture shifts.
05 — STRAIGHT ANSWERS

Asked before every audit.

Do we certify to ISO 28000 or ISO 28001?

The management system certificate is issued against ISO 28000:2022, the requirements standard. ISO 28001 supplies the supply-chain-specific best practices — security assessments, security plans and AEO alignment — that a credible system is built on. Talk to us about which scope fits your operation.

Will certification stop hijackings?

No system can eliminate crime. What it does is reduce how often you are the easy target and how much each incident costs — through route risk assessment, information discipline, driver procedures and rehearsed response.

Does certification give us AEO status?

No. Only SARS grants AEO accreditation. But the overlap is deliberate: ISO 28001 was written to help organisations meet AEO-style criteria under the WCO SAFE Framework, so a certified system takes you a long way towards the SARS Safety & Security requirements.

We already hold RTMS. Why add this?

RTMS governs road transport safety and compliance — loading, driver wellness, vehicle maintenance. Supply chain security addresses deliberate criminal acts against your cargo and people. They overlap in driver and vehicle procedures, so RTMS-certified operators start well ahead.

How long does certification take?

Once your security assessment and plans are operating, expect roughly three to six months through quote, Stage 1 and Stage 2, depending on the complexity of your chain.

What does it cost?

Fees depend on sites, headcount and the scope of supply chain covered. Request a quote — we price transparently, in Rand.

GET STARTED

Ready for ISO 28001?

Describe your operation and we'll scope the work and quote clearly, in Rand — no obligation, no consulting strings attached.

Request a quote
RESPONSE WITHIN ONE BUSINESS DAY