A Gap Analysis of Supply Chain Security Against ISO 28000 at a Defense Industry Company: A Case Study of Governance, Formalisation and Alignment

dc.contributor.authorMalmfors, Hilda
dc.contributor.authorEdhage, Teodor
dc.contributor.departmentChalmers tekniska högskola / Institutionen för teknikens ekonomi och organisationsv
dc.contributor.departmentChalmers University of Technology / Department of Technology Management and Economicsen
dc.contributor.examinerStefánsson, Gunnar
dc.contributor.supervisorStefánsson, Gunnar
dc.date.accessioned2026-06-04T11:31:21Z
dc.date.issued2026
dc.date.submitted
dc.description.abstractSupply chain security has emerged as a strategically significant governance challenge for organisations operating in security sensitive industries. As hostile actors increasingly target supply chain dependencies to exploit vulnerabilities below the threshold of armed conflict, the need for structured and formalised governance of supply chain security has become a strategic imperative rather than a compliance obligation. This examination investigates the degree of alignment between existing supply chain security practices at an established defence and security industry organisation and the requirements of ISO 28000, with the aim of identifying areas of compliance, partial alignment and significant nonconformance across relevant organisational processes and supplier interfaces. A mixed methods approach within a single case study framework is applied, combining semi-structured interviews with employees across relevant organisational functions and an analysis of internal company documentation. ISO 28000 serves as the analytical reference framework through which empirical material is systematically assessed. The gap analysis reveals substantial alignment in several foundational areas where existing organisational structures and processes reflect the underlying governance logic of the standard. However, these structures are developed primarily in relation to ISO 27001 and are not configured to address supply chain security as a distinct governance domain. Partial alignment is identified across areas where relevant structures exist but fall short of the formalisation and institutional embeddedness required by the standard. Significant nonconformances are identified in the absence of formally designated compliance ownership, the reliance on informal coordination as a substitute for formal governance, the absence of measurable supply chain security objectives and the lack of a context analysis oriented towards the supply chain security environment. The assessment concludes that the overall correspondence with ISO 28000 is partial rather than substantive. Supply chain security must be constituted as a governed domain in its own right, with formally designated compliance ownership, measurable objectives and structured verification mechanisms, before the organisation meaningfully pursues alignment with the standard.
dc.identifier.coursecodeTEKX08
dc.identifier.urihttps://hdl.handle.net/20.500.12380/311118
dc.language.isoeng
dc.setspec.uppsokTechnology
dc.subjectISO 28000, Supply Chain Security, Gap Analysis, Security Governance & Management Systems
dc.titleA Gap Analysis of Supply Chain Security Against ISO 28000 at a Defense Industry Company: A Case Study of Governance, Formalisation and Alignment
dc.type.degreeExamensarbete för masterexamensv
dc.type.degreeMaster's Thesisen
dc.type.uppsokH
local.programmeSupply chain management (MPSCM), MSc

Ladda ner

Original bundle

Visar 1 - 1 av 1
Hämtar...
Bild (thumbnail)
Namn:
Hilda Malmfors_Teodor Edhage.pdf
Size:
1.2 MB
Format:
Adobe Portable Document Format

License bundle

Visar 1 - 1 av 1
Hämtar...
Bild (thumbnail)
Namn:
license.txt
Size:
2.35 KB
Format:
Item-specific license agreed upon to submission
Description: