Which ISO standard refers to addressing security risks in a supply chain?

The correct answer is ISO/IEC 28000:2007, as it specifically addresses the requirements for establishing, implementing, operating, monitoring, reviewing, maintaining, and improving a security management system for the supply chain. This standard provides a framework to identify and manage security risks that can affect the integrity and reliability of supply chain processes. By focusing on risk assessment and mitigation strategies, ISO/IEC 28000 ensures that organizations can identify potential security threats within their supply chain and take necessary steps to protect their assets and operations.

ISO 31000:2009, while focused on risk management, does not address security specifically within the context of supply chains and is more generalized in its approach. ISO 27001 is an information security management standard that provides a framework for managing sensitive company information but does not specifically target supply chain security risks. ISO 18799 provides guidelines on information security management systems but is also not exclusive to supply chain security and is less applicable in this context. Therefore, ISO/IEC 28000:2007 is the most relevant and accurate choice for managing security risks specifically related to supply chains.