A note on supply chain risk classification: discussion and proposal

The main objective of this note is to complement the excellent work on supply chain risk classification by Rangel et al. [International Journal of Production Research, vol. 52 (7), 2014]. In this note, we consider the use of ISO/IEC (International Organisation for Standardisation/International Electrotechnical Commission) norms to support the supply chain risk classification. Its purpose is to develop, maintain and promote standards in the fields of information technology and information communications technology. Therefore, to improve on the work by Rangel et al. (2014), ISO 27036 (Information Security for Supplier Relationship) and ISO 28000 (Specification for Security Management Systems for the Supply Chain) are aligned with ISO 31000 (Risk Management-Risk Assessment Techniques). Furthermore, since supply chain risk management does not have a standardised process, these norms, particularly ISO 31000, can serve as a guide to improve its implementation.