I am part of a research team currently conducting a study on supply
chain security costs. My objective is to obtain detailed info on the
total costs for which a multinational company (e.g. 2,000 employees)
would have to incur in order to secure its supply chain according to
the ISO/PAS 28000 standards (www.sname.org/committees/
technical/standards/ISOPAS28000.doc). My focus is on the sessions 4.3
and 4.3. My question is: what are the costs for the company to
implement a security assessment and audit (for certification) of its:
facilities, transport system, cargo, trade and information system?
Tip: SGS in Switzerland
(http://www.sgs.com/food_supply_chain_security_services?serviceId=62547&lobId=5547)
provides that type of service. I would like to know either how much would
they charge for these EXACT services (costs should be detailed) or how much
any other service providers would charge for it?

We carry out Comprehensive Security Risk Assessment (CSRA) programs on
behalf of our clients. The initial assessment process involves a
discussion with the client to discuss her approach to security
management, and to identify the objectives of the assignment. This is
followed by the client and her colleagues completing a security
assessment questionnaire, the contents of which will vary depending on
the type of facility/environment/vehicle being assessed. We then sit
down with the client to evluate the results. This first phase costs
between $10,000 and $25,000, depending on the size and complexity of
the operation.

The next phase involves a detailed work-up based on the initial
results to focus on areas that need more detailed information (e.g.
air purification requirements within a shipping facility to
prevent/reduce a bioterrorism threat) so the client can start to
develop a business case. There are also various security solutions
that may provide the type of command and control solution the client
is seeking to install (e.g. a centralized facility that pulls in all
CCTV information from across the region, and/or the installation of
automated monitoring that signals an alarm when a designated event
occurs). The work-up phase can cost from $25,000 to upwards of
$100,000, with adopted solutions being in addition to that amount.

Now the client is in a position to present the completed security
management program to its auditors. They may have the in-house
expertise to provide the desired level of certification, or external
certified security auditors may be used if required. However this is
where the benefits of investing in the security assessment and
management process start to be paid back. Most insurers will be
willing to reduce premiums for certain types of coverage (e.g.
anti-terrorism) depending on the depth of the analysis and
comprehensiveness of the security management/response plan.

Hope that helps.