ISO 28004:2007 provides generic advice on the application of ISO 28000:2007, Specification for security management systems for the supply chain.
It explains the underlying principles of ISO 28000 and describes the intent, typical inputs, processes and typical outputs for each requirement of ISO 28000. This is to aid the understanding and implementation of ISO 28000.
ISO 28004:2007 does not create additional requirements to those specified in ISO 28000, nor does it prescribe mandatory approaches to the implementation of ISO 28000.