Abstract
The main objective of this note is to complement the excellent work on supply chain risk classification by Rangel et al. [International Journal of Production Research, vol. 52 (7), 2014]. In this note, we consider the use of ISO/IEC (International Organisation for Standardisation/International Electrotechnical Commission) norms to support the supply chain risk classification. Its purpose is to develop, maintain and promote standards in the fields of information technology and information communications technology. Therefore, to improve on the work by Rangel et al. (2014), ISO 27036 (Information Security for Supplier Relationship) and ISO 28000 (Specification for Security Management Systems for the Supply Chain) are aligned with ISO 31000 (Risk Management–Risk Assessment Techniques). Furthermore, since supply chain risk management does not have a standardised process, these norms, particularly ISO 31000, can serve as a guide to improve its implementation.
Acknowledgements
The authors would like to thank the reviewers, who contributed for the valuable revision of this paper. The first author also would like to thank FAPESP, CNPq and CAPES for their partial financial support.
Disclosure statement
No potential conflict of interest was reported by the authors.