Home Certification Schemes ISO 28001
Security & Resilience ISO 28001 2007

Supply Chain Security Management

Best practices for implementing supply chain security, assessments, and plans for international trade, helping organisations manage supply chain security risks effectively.

logistics supply chain trade transportation
About This Standard

ISO 28001 provides best practices for implementing supply chain security assessments and plans for international trade. It supports organisations participating in security programmes such as the WCO SAFE Framework, Authorised Economic Operator (AEO) programmes, and C-TPAT.

The standard focuses on the security of specific supply chains — those involving cross-border movements of goods — and requires organisations to conduct security assessments, develop security plans, and communicate security requirements throughout the chain.

ACI-certified auditors evaluate supply chain security practices against ISO 28001 requirements, assessing the adequacy of security assessments and the implementation of partner security controls.

Examination Topic Areas
Supply chain security risk assessment methodology
Security assessment of supply chain partners and nodes
Container, cargo, and conveyance security requirements
Personnel security along the supply chain
Physical security at warehouses, distribution centres, and logistics nodes
AEO, C-TPAT, and customs security programme requirements
Information and trade document security
Security incident reporting and supply chain disruption management
Examination & Certification Process
01
Attend Training

Attend an ACI-Approved Training Provider (ATP) course for your chosen grade level. ACI-approved courses are aligned to the examination syllabus for ISO 28001.

02
Sit the Examination

Examinations are administered exclusively through ACI Approved Training Providers. Foundation and Internal Auditor examinations require 70% to pass; Lead Auditor requires 65%.

03
Apply for Certification

Submit your application through the ACI portal with your examination result, training certificate, and relevant audit experience log. Upon approval you receive your ACI Card ID and digital certificate.

Scheme Details
Standard ISO 28001
Edition 2007
Category Security & Resilience
Cert. Period 3 years
Framework ISO/IEC 17024 Aligned
Available Grades PA · AA · AU · LA · PR · FACI
Get Certified
Apply for Certification → Find an ATP Entry Requirements
All Certification Schemes
Auditor Grades

Available Grades for ISO 28001

All six ACI auditor grades are available for this scheme. Each grade has defined competence, experience, and examination requirements.

PA
Provisional Auditor

Entry-level certification for those beginning their auditing career. Suitable for individuals who have completed foundation training but have limited audit experience.

Foundation examination pass (70%)
No prior audit experience required
Annual CPD requirement applies
AA
Associate Auditor

For auditors who have completed Internal Auditor training and have begun accumulating audit experience under supervision or in an internal audit role.

Internal Auditor examination pass
Minimum 2 internal audits conducted
Annual CPD requirement applies
AU
Auditor

Full auditor grade for practitioners with demonstrated audit experience. Recognised as a competent independent auditor of management systems.

Internal Auditor examination pass
Minimum 5 complete audits
Annual CPD requirement applies
LA
Lead Auditor

Senior grade for experienced auditors capable of leading audit teams and managing full audit programmes. The most widely recognised auditor grade internationally.

Lead Auditor examination pass (65%)
Lead Auditor training course
Minimum 10 complete audits as team lead
PR
Principal Auditor

Advanced grade for highly experienced auditors demonstrating sustained performance in complex audit environments and contributions to the auditing profession.

Lead Auditor grade prerequisite
Minimum 5 years audit experience
Professional development portfolio
FACI
Fellow of ACI

The highest ACI designation, awarded to individuals who have made an exceptional contribution to the management system auditing profession and to the ACI community.

By nomination and committee review
Exceptional professional contribution
Sustained ACI membership
Ready to certify in ISO 28001?

Find an Approved Training Provider, sit the examination, and submit your application to ACI.

How to Apply → Find an ATP