ISO/PAS 28003:2006 contains principles and requirements for bodies providing the audit and certification of supply chain security management systems according to management system specifications and standards such as ISO/PAS 28000.

It defines the minimum requirements of a certification body and its associated auditors recognizing the unique need for confidentiality when auditing and certifying/registering a client organization.

Requirements for supply chain security management systems can originate from a number of sources, and ISO/PAS 28003:2006 has been developed to assist in the certification of supply chain security management systems that fulfill the requirements of ISO/PAS 28000, Specification for security supply chain security management systems for the supply chain. The contents of ISO/PAS 28003:2006 may also be used to support certification of supply chain security management systems that are based on other sets of specified supply chain security management systems requirements.

ISO/PAS 28003:2006

• provides harmonized guidance for the accreditation of certification bodies applying for ISO/PAS 28000 (or other sets of specified supply chain security management systems requirements) certification/registration;
• defines the rules applicable for the audit and certification of a supply chain security management systems complying with the ISO/PAS 28000 requirements (or other sets of specified supply chain security management systems requirements);
• provides customers with the necessary information and confidence about the way certification of their suppliers has been granted.