Comparison of TIA Quest Forum’s SCS 9001 Cyber and Supply Chain Security Management System with ISO 28001

This Technical Bulletin compares ISO 28001, the Security management systems for the supply chain with TIA’s SCS 9001 Cyber and Supply Chain Security Management System.

ISO 28001 was introduced in 2007, reviewed and reconfirmed in 2012 and 2021 without change, meaning ISO has determined it to be sufficient in its original form for its intended use. It was prepared by Technical Committee ISO/TC 8, Ships and Marine Technology, in collabor ation with other relevant technical committees responsible for specific nodes of the supply chain.

SCS 9001 is a new standard, originally released in Q1 2022 with preparations for a second release targeted within H2 2023. SCS 9001 has been purpose-built to address today’s cyber and supply chain security problems. It is a modern standard, developed by the Information and Communications Technology (ICT) industry and for the ICT industry.

When comparing against ISO 28001, SCS 9001 provides substantially more coverage and as appropriate to assess an organization’s security practices. A detailed comparison of the two standards is provided in this technical bulletin.