MAPUA INSTITUTE OF TECHNOLOGY AT LAGUNA

Academic Year 2023-2024

GROUP 3 REVIEWER

ISO 28000:2007 Security Management System (SeMS)

NS 3454 Life Cycle costs for building and civil engineering work

DE GUZMAN, Sean Angelo R.

MIRANDA, Jan Chloe D.

NAVAL, Jan Michael Jr. C.

NEMO, Alyana Jolyn B.

C73

Professor: Ar. Alvin Tejada

 A. ISO 28000:2007 Specification for security management systems for the supply chain

ISO (the International Organization for Standardization)

- A worldwide federation of national standards bodies (ISO member bodies). The work of
preparing International Standards is normally carried out through ISO technical
committees. Each member body interested in a subject for which a technical committee
has been established has the right to be represented on that committee. International
organizations, governmental and non-governmental, in liaison with ISO, also take part in
the work. ISO collaborates closely with the International Electrotechnical Commission
(IEC) on all matters of electrotechnical standardization.
- The ISO 28000 has been developed in response to demand from industry for a security
management standard.
- Its ultimate objective is to improve the security of supply chains. It is a high-level
management standard that enables an organization to establish an overall supply chain
security management system.
- It requires the organization to assess the security environment in which it operates and to
determine if adequate security measures are in place and if other regulatory requirements
already exist with which the organization complies.
- If security needs are identified by this process, the organization should implement
mechanisms and processes to meet these needs. Since supply chains are dynamic, some
organizations managing multiple supply chains may look to their service providers to
meet related governmental or ISO supply chain security standards as a condition of being
included in that supply chain to simplify security management.
 - ISO 28000 is intended to apply in cases where an organization’s supply chains are
required to be managed securely. A formal approach to security management can
contribute directly to the business capability and credibility of the organization.
- Compliance with an International Standard does not in itself confer immunity from legal
obligations. For organizations that so wish, compliance of the security management
system with this International Standard may be verified by an external or internal
auditing process.
- This International Standard is based on the ISO format adopted by ISO 14001:2004
because of its risk-based approach to management systems. However, organizations that
have adopted a process approach to management systems may be able to use their
existing management system as a foundation for a security management system as
prescribed in this International Standard. It is not the intention of this International
Standard to duplicate governmental requirements and standards regarding supply chain
security management to which the organization has already been certified or verified
compliant. Verification may be by an acceptable first, second, or third party organization.

ISO 28000 is based on the methodology known as Plan-Do-Check-Act (PDCA). The PDCA can
be described as follows:

1. Plan
- Establish the objectives and processes necessary to deliver results in accordance
with the organization’s security policy.
2. Do
- Implement the processes.
3. Check
- Monitor and measure processes against security policy, objectives, targets, legal
and other requirements, and report results.
4. Act
- Take actions to continually improve performance of the security management
system.

Scope of ISO 28000:2007

This International Standard specifies the requirements for a security management system,
including those aspects critical to security assurance of the supply chain. Security management is
linked to many other aspects of business management. Aspects include all activities controlled or
influenced by organizations that impact supply chain security. These other aspects should be
considered directly, where and when they have an impact on security management, including
transporting these goods along the supply chain.
This International Standard applies to all sizes of organizations, from small to multinational, in
manufacturing, service, storage, or transportation at any stage of the production or supply chain
that wishes to:

​ a) establish, implement, maintain, and improve a security management system;

​ b) assure conformance with stated security management policy;
​ c) demonstrate such conformance to others;
​ d) seek certification/registration of its security management system by an Accredited
third party Certification Body; or
​ e) make a self-determination and self-declaration of conformance with this International
Standard.

ISO 28000 specifies the requirements for establishing, implementing, maintaining, and
improving a security management system (SeMS), including the aspects relevant to the security
of the supply chain.
The new edition of ISO 28000 includes additional recommendations as well. In clause 4,
recommendations on eight principles for security management have been added to ensure better
alignment with ISO 31000 (the standard for risk management). In addition, clause 8 sets out
recommendations related to security strategies, procedures, processes and treatments, and
security plans that ensure consistency with ISO 22301 (the standard for business continuity
management).
Importance of ISO 28000

- Considering that security incidents can occur at any moment, it is essential for
organizations to adopt a proactive approach toward security management. A security
management system based on ISO 28000 enables organizations to identify their valuable
assets, including property, personnel, products, data, and infrastructure, and implement
appropriate security processes and controls to safeguard them. In addition, an effective
SeMS enables organizations to improve recognition, increase reputation, enhance
business profitability and efficiency, and reduce long-term costs.
- ISO 28000 requires from the organization’s leadership to demonstrate commitment with
respect to the security management by, among others, establishing a security policy,
setting security objectives, and integrating security management into the organizations
processes and operations. This enables organizations to align security efforts with their
overall goals and objectives, embed security in their daily operations, and promote a
security culture that leads to proactive risk management.
- In addition, ISO 28000 includes requirements that address risk assessment, security
controls and strategies, and security plans. By establishing processes for risk assessment,
organizations can effectively identify, analyze, and evaluate security-related risks. Then,
they can implement controls and strategies to prevent security-related risks or mitigate
and treat those that cannot be prevented. Security plans, on the other hand, enable
organizations to respond to security-related incidents to minimize possible impact on
operations and business.
- ISO 28000 also outlines requirements regarding the monitoring and measurement of the
SeMS. Monitoring enables organizations to identify vulnerabilities and take appropriate
actions to address them, thus minimizing risk and loss. In addition, it enables them to
ensure compliance with changing regulations and standards related to security, as
violations of such regulations may lead to legal consequences and reputational damage.

Benefits of ISO 28000

A security management system based on ISO 28000 enables organizations to achieve their
security management objectives. In particular, it enables organizations to:
● Enhance business capabilities
● Ensure the security of the environment in which they operate
● Comply with statutory, regulatory, and voluntary security obligations
● Identify and address risks and opportunities related to security management
● Effectively deal with security violations
● Recover from disruptions in the supply chain
● Manage relationships with all relevant interested parties in the supply chain
● Manage security-related risks
 ● Create and protect value
● Align security processes and controls with the organization’s objectives
● Gain a competitive advantage
● Demonstrate conformity to ISO 28000 through assessments by accredited third parties

B. NS 3454 Life Cycle Costs for Building and Civil Engineering work

- NS 3454 is a Norwegian standard related to building and construction. This calculates the
costs for the entire life cycle as a common calculation key when the construction,
building, and property industry BAE industry is to build up experience.
- It clarifies the relationship between Life Cycle Costs, Annual expenses, Lifetime costs,
and Annual Costs and prescribes an economical chart of accounts for these costs.
- It is a Norwegian Standard for energy calculation with BIM on consultation, and a
common standard for Life cycle costs for construction - Principles and classification.
- Its main use is to analyze the connection with project development, programming,
engineering, and construction/remodeling Cost accounting in the use phase.
- In September 2015, the NS 3454 has been revised into NS-EN 16627.

Who is the NS 3454 for?

- Players in the construction industry

- Public and private sector.
- An aid for those who want to carry out LCC analyses

Where can it be used/applied?

1. Building Management
2. Building Operations
3. Building Maintenance
4. Building Development

Definition of terms:

1. Annual Expenses
- What you have every year
- Can differ from year to year
- Annual expenses include costs for Management, Operation, Maintenance,
Development and Service (MOMDS) throughout use, and are calculated as a
fixed yearly amount, which includes capital costs and costs for MOMDS as well
as costs when the period of use is ended (demolition). The annual costs are
 calculated as an annuity which means the same amount every year. The main rule
is that all costs must be in the value of the year of calculation. A building will be
used for its purpose for a certain time.
2. Life Cycle Costs
- A methodology that enables cost comparisons over a specific period of time,
taking into account relevant integral economic factors. That is, both initial costs
and future operating costs were considered. In the past, therefore, the life cycle
cost was applied to optimize product performance and lifetime cost of ownership.
- All costs incurred during the construction, use, and disposal of a building or a part
of a building. The standard can be used in all phases of a building and in
management, operation, maintenance and development.
- Investment + annual costs + residual costs (demolition)
3. Lifetime Costs
- Net present value of Life Cycle Costs (LCC)
4. Annual Costs
- Annuity of lifetime costs

Annual Cost Book

There are three books in this series:

1. Book 1, Annual Costs – Calculation Guide

2. Book 2, Annual Costs - Buildings in use
3. Book 3, Annual Costs - Calculation Examples.

Book 1, however, is the actual textbook of LCC. The main purpose of this book is to give
information and guidance on the use of LCC; calculations during the process of planning, design,
and construction of new buildings and renovation projects. Such calculations may be used as a
decision basis for choosing between alternative projects or solutions.

Calculation Levels

1. Level 1 (Calculations at this level are suitable at the initial planning stage of a project.)
- Gives a rough estimate on life cycle cost and annual cost for the project. The
result can be used as input in investment analysis.

To carry out a level 1 LCC – analysis the following basis is necessary:

● Location
● Type of building and area
● Calculation rate and expected service life (calculation periode)
Because of limited information about the building, calculations on this level are done based on
rough figures based on experience. The following formula can be used:

2. Level 2 (Calculations at this level are suitable at the programme/planning phase)

- The focus is to find project solutions that lay within the frames that was set under
the preliminary phase of the project. Final determination of cost frame should be
done on sketch project calculations.

To carry out a level 2 LCC – analysis the following basis is necessary:

● Location
● Type of building, sketches and areas
● Construction programme with specified technical standard and main systems
● Calculation rate and service life (calculation periode)

Calculation on this level is normally based on key-figures on two-figures level according to NS

3454 account plan.

3. Level 3 (Calculations at this level are suitable at the pilot project/main project phase)
- The purpose of calculations at this level is to control the estimates of earlier
phases, as well as discover and assess alternative solutions to improve the total
economy of the project on short or long term. A systematic, 7 operation-oriented
design process is the most important tool to produce buildings with sound whole
life economy.

To carry out a level 3 LCC – analysis the following basis is necessary:

● Structure, materials and installations must principally be decided

● Quantities for the different parts of the building must be measurable as a basis for
calculations.
● Relatively certain price-information must be available.
● Calculation rate and service life must be decided
● Intervals for periodic maintenance/replacements must be presumed.
● Size of operational staff and management must be presumed
● Calculation of energy - budget.

To obtain a good whole life economy at an early stage at the project, it is necessary to focus on
the most dominating cost elements. Capital cost is influenced by area/shape of building, type of
construction, type of materials and choice of technical installations. They always have to be seen
in connection with operation- and maintenance costs planning for future reconstructions,
additional area and new technical installations.

Operation and minor maintenance cost: Quality materials/technical installations and easy
access to components is essential factors influencing the cost.

Cleaning services: Surfaces/materials that provides easy cleaning. Floor space with limited
disruption of walls, columns and interior. Entrance area arranged for walking off dirt on the way
in.

Energy cost: Several measures can be done in order to reduce energy usage and hence energy
cost. Different sources of energy must be considered. Design of façades and windows will play a
major role in how much energy that will be let in and out.