https://chatgpt.com/share/695ce932-3214-8006-bfd4-997d3fa2e06a
🎓 ISO 28000:2007
Supply Chain Security Management Systems
Lead Auditor Certification Course – Clause by Clause
🔹 Course Level
Advanced (Lead Auditor – External & Third-Party Audits)
🔹 Target Audience
ISO Lead Auditors & aspiring auditors
Supply chain & logistics auditors
Security, risk & compliance professionals
ISO consultants transitioning to auditing
Port, aviation, shipping, oil & gas auditors
Certification body auditors
🎯 Course Objectives
By the end of this course, learners will be able to:
Interpret ISO 28000 requirements clause by clause
Plan, conduct, report, and close ISO 28000 certification audits
Apply risk-based auditing to supply chain security
Identify major & minor nonconformities
Lead audit teams and manage audit programs
Conduct audits in line with ISO 19011
🧩 SECTION 1: Course Introduction & Lead Auditor Foundation
Lecture 1.1 – Welcome to the ISO 28000 Lead Auditor Course
Course structure & learning outcomes
Certification & competency expectations
Role of a Lead Auditor
Lecture 1.2 – What Is ISO 28000?
Purpose of ISO 28000
Supply chain security concept
Industries & applicability
Lecture 1.3 – What Is a Lead Auditor?
Internal vs External vs Lead Auditor
Authority, responsibility & independence
Auditor ethics & professional conduct
🧩 SECTION 2: ISO 28000 & Auditing Framework
Lecture 2.1 – Structure of ISO 28000:2007
Clause layout
Auditable vs non-auditable clauses
Lecture 2.2 – ISO 28000 in the ISO System Family
Integration with:
ISO 9001
ISO 14001
ISO 45001
ISO 22301
ISO 27001
Lecture 2.3 – ISO 19011 Audit Principles
Integrity
Fair presentation
Due professional care
Confidentiality
Evidence-based auditing
Risk-based auditing
🧩 SECTION 3: Clause 1 – Scope (Non-Auditable)
Lecture 3.1 – Auditing the Scope
Understanding organizational scope
Supply chain boundaries
Multi-site & outsourced activities
Common scope-related audit issues
🧩 SECTION 4: Clause 2 – Normative References (Non-Auditable)
Lecture 4.1 – Normative References in Audits
Why this clause exists
Auditor expectations
No direct audit evidence required
🧩 SECTION 5: Clause 3 – Terms & Definitions (Non-Auditable)
Lecture 5.1 – ISO 28000 Terminology for Auditors
Security threat
Risk & vulnerability
Incident
Supply chain
Interested parties
Security management system (SMS)
🧩 SECTION 6: Clause 4 – Security Management System Requirements (Auditable Core)
🔹 Clause 4.1 – General Requirements
Lecture 6.1 – Auditing SMS Establishment
Existence of an SMS
Process-based approach
Integration with business operations
Evidence to look for
🔹 Clause 4.2 – Security Policy
Lecture 6.2 – Auditing the Security Policy
Policy content requirements
Leadership approval & commitment
Communication & availability
Typical nonconformities
🔹 Clause 4.3 – Security Risk Assessment & Planning
Lecture 6.3 – Auditing Security Risk Identification
Threat identification methods
Asset & vulnerability assessment
Supply chain risk mapping
Lecture 6.4 – Auditing Risk Evaluation & Prioritization
Risk criteria
Likelihood & impact
Risk acceptance
Lecture 6.5 – Auditing Security Objectives & Programs
Measurable objectives
Action plans
Alignment with risk assessment
🔹 Clause 4.4 – Implementation & Operation
Lecture 6.6 – Auditing Roles, Responsibilities & Resources
Security roles & accountability
Organizational structure
Competence requirements
Lecture 6.7 – Auditing Competence, Training & Awareness
Training needs analysis
Security awareness programs
Records & effectiveness
Lecture 6.8 – Auditing Communication
Internal communication
External communication
Coordination with authorities & partners
Lecture 6.9 – Auditing Documentation & Records Control
Documented procedures
Record retention & control
Version control
Lecture 6.10 – Auditing Operational Controls
Physical security
Access control
Cargo handling
Transport security
Supplier & contractor security
Lecture 6.11 – Auditing Emergency Preparedness & Response
Incident response plans
Emergency drills
Testing & review
🔹 Clause 4.5 – Checking & Corrective Action
Lecture 6.12 – Auditing Monitoring & Measurement
Security KPIs
Monitoring tools
Performance evaluation
Lecture 6.13 – Auditing Evaluation of Compliance
Legal & regulatory requirements
Compliance assessment methods
Lecture 6.14 – Auditing Incident Investigation
Incident reporting
Root cause analysis
Corrective actions
Lecture 6.15 – Auditing Nonconformities & Corrective Actions
Identification
Correction
Preventive actions
Effectiveness review
Lecture 6.16 – Auditing Internal Audits
Audit program
Auditor competence
Audit reports
🔹 Clause 4.6 – Management Review
Lecture 6.17 – Auditing Management Review
Inputs & outputs
Management involvement
Continual improvement decisions
🧩 SECTION 7: Audit Planning & Execution (Lead Auditor Focus)
Lecture 7.1 – Audit Program Management
Audit objectives
Scope & criteria
Audit team selection
Lecture 7.2 – Audit Planning
Audit plan
Checklists
Time management
Lecture 7.3 – Conducting the Audit
Opening meeting
Interviews
Sampling & observation
Lecture 7.4 – Collecting & Verifying Audit Evidence
Objective evidence
Traceability
Risk-based sampling
🧩 SECTION 8: Audit Reporting & Nonconformities
Lecture 8.1 – Writing Audit Findings
Conformities
Observations
Opportunities for improvement
Lecture 8.2 – Major vs Minor Nonconformities
Classification rules
Examples specific to ISO 28000
Lecture 8.3 – Closing Meeting
Presenting findings
Managing disputes
Auditor professionalism
🧩 SECTION 9: ISO 28000 Certification Process
Lecture 9.1 – Stage 1 Audit
Readiness review
Common gaps
Lecture 9.2 – Stage 2 Audit
Full system assessment
Certification decision
Lecture 9.3 – Surveillance & Recertification Audits
Ongoing compliance
Continual improvement
🧩 SECTION 10: Case Studies & Practical Audits
Lecture 10.1 – Logistics Company Audit Case Study
End-to-end audit simulation
Lecture 10.2 – Port & Shipping Audit Case Study
Cargo & access security
Lecture 10.3 – Oil & Gas Supply Chain Audit Case Study
High-risk logistics auditing
🧩 SECTION 11: Lead Auditor Exam & Certification Readiness
Lecture 11.1 – Lead Auditor Exam Preparation
Clause-based MCQs
Scenario-based questions
Lecture 11.2 – Audit Simulation Exercise
Audit planning
Findings & reporting
🏁 SECTION 12: Course Conclusion
Lecture 12.1 – Course Summary & Key Takeaways
Auditor competence achieved
Lecture 12.2 – Career Path After ISO 28000 Lead Auditor
Certification body auditor
Independent auditor
Consultant
Lecture 12.3 – Final Assessment & Certificate of Completion
If you want, I can next:
Convert this into a Udemy-ready syllabus
Prepare Lead Auditor exam questions (MCQs + scenarios)
Create audit checklists clause by clause
Develop ISO 28000 audit case studies & reports
Just tell me 👍