Question - Iso 28000:2007

Wondering if anyone has implemented non-technical frameworks like the ISO 28000:2007 (Specification for security management systems for the supply chain)? We are currently implementing the Cybersecure Canada framework in Eramba, and due to a staffing change our ISO 28000 program has at least temporarily fallen into my lap and I’m seeing a whole lot of reason to move it into Eramba.

Would appreciate any words of wisdom in this area.

With kindest regards,


any “framework” (in our little eramba world , compliance package) can be used in eramba because the principle of requirements mapped to solutions (controls, policies,etc) and later on an operational stage testing and reviews still applies

i just checked and there is no compliance package for 28000 , if you make one is never bad idea to share to the community : )



If we do go down this path, I will definitely share back the compliance package. I have one almost ready for the Cybersecure Canada program as well.