Which ISO standard refers to addressing security risks in a supply chain?

The correct choice highlights ISO/IEC 28000:2007, which specifically focuses on security management systems related to supply chain security. This standard provides a framework for organizations to manage security risks that can arise within their supply chains. It outlines processes and practices that aid in assessing, managing, and mitigating risks associated with the security of supply chain operations.

The standard includes requirements for establishing, implementing, maintaining, and continually improving a security management system, emphasizing the identification of security vulnerabilities and threats that could impact the supply chain. This makes it particularly relevant for organizations looking to ensure the integrity and security of their supply chains against various threats, including physical, information security, and operational risks.

Other standards mentioned do not specifically target supply chain security to the same extent. While ISO 31000:2009 provides principles and guidelines for risk management in a broad context, and ISO 27001 focuses on information security management systems, neither is as targeted in the context of supply chains as ISO/IEC 28000:2007. Similarly, ISO 18799 addresses security management in general but lacks the explicit focus on supply chain security found in ISO/IEC 28000:2007.