What is the primary objective of **WELL**?

**The primary objective of WELL is to advance human health and well-being in the built environment through performance-based design, operations, and policies.** Administered by the International WELL Building Institute (IWBI), WELL v2 organizes requirements across **10 concepts**—**Air, Water, Nourishment, Light, Movement, Thermal Comfort, Sound, Materials, Mind, and Community**—plus **Innovation**. It mandates **24 Preconditions** (pass/fail minimums) and offers **102 Optimizations** (point-earning strategies), verified via on-site testing for outcomes like CO₂ ≤900 ppm and thermal comfort.

Who is legally or professionally required to comply with **WELL**?

**WELL is voluntary and not legally mandated for any organization.** It applies to building owners, developers, and operators pursuing certification for new or existing buildings across types like offices, residential, and hospitality via pathways such as **WELL Certification**, **WELL Core** (≥75% leased space), or thematic ratings (**Health-Safety, Performance, Equity**). Professionals like architects, facility managers, and WELL APs adopt it for market differentiation, ESG reporting, and occupant health metrics.

Does **WELL** require an external audit or third-party certification?

**Yes, WELL requires third-party documentation review and on-site performance verification (PV) by authorized WELL Performance Testing Agents.** This includes two rounds of review (preliminary/final) via IWBI's platform and testing for air, water, light, sound, and thermal parameters at ≥50% occupancy. Certification levels—**Bronze (40 points), Silver (50, min 1/concept), Gold (60, min 2/concept), Platinum (80, min 3/concept)**—are awarded post-verification.

How often should an assessment for **WELL** be performed?

**WELL certification requires recertification every three years, with annual reporting for select features like air quality monitoring.** Ongoing assessments involve continuous monitoring (e.g., CO₂, PM2.5) and performance testing; projects submit data via IWBI's platform. Pre-testing is recommended pre-PV for high-risk areas like air near highways or legacy water systems.

What are the consequences of non-compliance with **WELL**?

**Non-compliance with WELL results in certification denial, additional curative review fees, and delayed recertification.** Failed Preconditions block all levels; PV failures require remediation or appeals. No statutory fines apply (voluntary standard), but operational risks include occupant health issues, ESG reporting gaps, and lost market advantages like higher rents.

Can **WELL** be mapped to other international frameworks?

**Yes, IWBI provides official crosswalks mapping WELL features to frameworks like LEED.** These align overlapping strategies (e.g., air filtration, materials), reducing duplicate documentation for dual certifications and enabling integrated ESG reporting without mentioning specific external standards here.

What is the first step to begin implementing **WELL**?

**The first step is enrolling the project in IWBI's digital platform and developing a tailored scorecard.** Identify applicable features, Preconditions, and target level (e.g., 40+ points for Bronze), then conduct a gap analysis and optional pre-testing for air/water risks.

What is the primary objective of **ISO 28000**?

**ISO 28000 specifies requirements for establishing, implementing, maintaining, and continually improving a security management system (SMS) for supply chain security.** The 2022 edition provides a risk-based framework to identify threats, vulnerabilities, and interdependencies across supply chains, including people, assets, goods, infrastructure, and information. It follows the PDCA cycle and High Level Structure for systemic risk treatment, operational controls, performance evaluation, and continual improvement, applicable to all organization sizes and sectors like logistics, manufacturing, and ports.

Who is legally or professionally required to comply with **ISO 28000**?

**ISO 28000 is voluntary with no universal legal mandate but becomes professionally required via contracts, tenders, or programs like customs facilitation.** It targets organizations in logistics, transportation, manufacturing, retail, pharmaceuticals, energy, ports, and 3PL/4PL providers managing supply chain risks. C-suite (COO/CRO/CSO), supply chain directors, security managers, risk officers, and procurement leads are affected, especially where commercial obligations, insurance, or public-sector contracts demand demonstrable SMS conformity.

Does **ISO 28000** require an external audit or third-party certification?

**ISO 28000 requires internal audits but external audits and third-party certification are optional, following ISO 28003 requirements for certification bodies.** Accredited bodies (e.g., ANAB) conduct Stage 1 (readiness) and Stage 2 (effectiveness) audits, with 3-year certification validity and annual surveillance. Certification demonstrates conformity to stakeholders but is pursued for market access, not as a standard mandate.

How often should an assessment for **ISO 28000** be performed?

**ISO 28000 requires risk assessments to be maintained continuously, with formal reviews at planned intervals or upon changes.** Internal audits occur via a risk-based program considering prior results; management reviews happen periodically (at least annually). Security risk assessments refresh annually or on supply chain changes, supported by ongoing monitoring of KPIs like incident rates and supplier controls.

What are the consequences of non-compliance with **ISO 28000**?

**Non-compliance with ISO 28000 risks operational disruptions, financial losses, reputational damage, and lost contracts, though no direct legal penalties apply.** Indirect impacts include supply chain outages from theft/sabotage, higher insurance premiums, exclusion from tenders, and regulatory scrutiny in programs requiring security credentials. Weak SMS exposes single points of failure, amplifying incident costs.

Can **ISO 28000** be mapped to other international frameworks?

**Yes, ISO 28000:2022 aligns with the High Level Structure, enabling mapping to ISO 9001, ISO 14001, ISO 22301, and ISO/IEC 27001.** Shared PDCA, risk processes, and clauses (e.g., leadership, planning) support integrated management systems, unified audits, and risk registers, reducing duplication while addressing supply chain-specific security.

What is the first step to begin implementing **ISO 28000**?

**The first step is executive decision and scoping, securing C-suite sponsorship and defining SMS boundaries.** Conduct supply chain mapping, appoint a Senior Responsible Owner, allocate resources, and produce a project charter with timeline. This Phase 0 (0-6 weeks) baselines context, risks, and deliverables before gap analysis.

WELL vs ISO 28000

Standards Comparison

WELL

Voluntary

2014

Certification for occupant health in buildings

ISO 28000

Voluntary

2022

International standard for supply chain security management systems

Quick Verdict

WELL advances building occupant health via performance verification for real estate; ISO 28000 builds supply chain security through risk management for logistics. Companies adopt WELL for ESG wellness, ISO 28000 for resilience and compliance.

Building Health & Wellness

WELL

WELL Building Standard v2

Cost

€€€€

Complexity

High

Implementation Time

12-18 months

Key Features

Mandatory on-site performance verification testing
Preconditions mandatory, Optimizations earn points
10 concepts: Air, Water, Light, Movement, more
Tiered certifications Bronze to Platinum via scoring
Continuous monitoring pathways for compliance

Supply Chain Security

ISO 28000

ISO 28000:2022 Security management systems — Requirements

Cost

€€€€

Complexity

High

Implementation Time

12-18 months

Key Features

Risk-based supply chain security assessment and treatment
PDCA cycle for continual SMS improvement
Supplier and third-party interdependency governance
Integration with ISO 22301 and 27001 standards
Incident response and recovery planning requirements

Detailed Analysis

A comprehensive look at the specific requirements, scope, and impact of each standard.

WELL Details

What It Is

WELL Building Standard v2 (WELL v2) is a performance-based certification framework administered by the International WELL Building Institute (IWBI). It focuses on designing, operating, and verifying buildings to advance human health and well-being, emphasizing indoor environmental quality and occupant outcomes across new and existing structures.

Key Components

**10 core conceptsAir, Water, Nourishment, Light, Movement, Thermal Comfort, Sound, Materials, Mind, Community (plus Innovation).
24 Preconditions (mandatory pass/fail) and 102 Optimizations (point-earning).
**Tiered certificationBronze (40 points), Silver (50), Gold (60), Platinum (80), with concept minimums.
Built on evidence-based health science; requires on-site performance verification.

Why Organizations Use It

Enhances occupant health, productivity, and ESG reporting.
Differentiates from LEED via people-first focus.
Drives higher rents, retention; mitigates health risks.
Builds stakeholder trust through verified outcomes.

Implementation Overview

Phased: gap analysis, scorecard, documentation, verification, recertification (3 years).
Cross-functional: facilities, HR, design teams.
Applies to offices, residential, portfolios globally.
Third-party review and testing mandatory.

ISO 28000 Details

What It Is

ISO 28000:2022 is an international certification standard specifying requirements for establishing, implementing, maintaining, and improving a security management system (SMS) focused on supply chain security and resilience. It uses a risk-based approach aligned with the PDCA cycle and ISO High Level Structure.

Key Components

Clauses 4-10 cover context, leadership, planning, support, operation, performance evaluation, and improvement.
Emphasizes risk assessment, security controls, incident response, supplier governance, and continual improvement.
Built on ISO 31000 risk principles; supports integration with ISO 9001, 22301, 27001.
Optional third-party certification via accredited bodies per ISO 28003.

Why Organizations Use It

Mitigates theft, sabotage, disruptions; reduces insurance costs and incidents.
Meets contractual, regulatory drivers like C-TPAT equivalents.
Enhances market access, trade facilitation, stakeholder trust.
Provides competitive edge in logistics, manufacturing, pharma.

Implementation Overview

Phased: gap analysis, risk assessment, controls deployment, audits.
Scalable for SMEs to multinationals; 6-36 months typical.
Involves supply chain mapping, training, KPIs, management reviews.

Key Differences

Aspect	WELL	ISO 28000
Scope	Occupant health, well-being in buildings	Supply chain security risks, resilience
Industry	Real estate, offices, all building types globally	Logistics, manufacturing, all supply chains globally
Nature	Voluntary performance-based certification	Voluntary management system standard
Testing	On-site performance verification, continuous monitoring	Internal audits, management reviews, certification audits
Penalties	Loss of certification, no legal penalties	Loss of certification, no legal penalties

Scope

WELL

Occupant health, well-being in buildings

ISO 28000

Supply chain security risks, resilience

Industry

WELL

Real estate, offices, all building types globally

ISO 28000

Logistics, manufacturing, all supply chains globally

Nature

WELL

Voluntary performance-based certification

ISO 28000

Voluntary management system standard

Testing

WELL

On-site performance verification, continuous monitoring

ISO 28000

Internal audits, management reviews, certification audits

Penalties

WELL

Loss of certification, no legal penalties

ISO 28000

Loss of certification, no legal penalties

Frequently Asked Questions

Common questions about WELL and ISO 28000

WELL FAQ

ISO 28000 FAQ

You Might also be Interested in These Articles...

SOC 2 Audit Survival Guide: First 5 Steps to Ace Your Type 2 Audit with Infographic

Ace your SOC 2 Type 2 audit with the first 5 essential steps: evidence collection, auditor tips, red flags from SignWell's experience. Get checklists & infograp

CMMC Sustainment Mastery: Continuous Monitoring, Annual Affirmations, and Subcontractor Flow-Down Playbook

Master CMMC sustainment beyond certification: continuous monitoring dashboards, SPRS/eMASS affirmations, enforceable subcontractor clauses. Get templates for ve

NIST CSF 2.0 Plain English Decoder: Translating Govern, Supply Chain, and Core Functions from Jargon to Actionable Insights

Demystify NIST CSF 2.0 jargon with plain English tables for Govern, Supply Chain & Core Functions. Actionable steps for risk oversight & vendor management. Empo

Run Maturity Assessments with GRADUM

Transform your compliance journey with our AI-powered assessment platform

Assess your organization's maturity across multiple standards and regulations including ISO 27001, DORA, NIS2, NIST, GDPR, and hundreds more. Get actionable insights and track your progress with collaborative, AI-powered evaluations.

100+ Standards & Regulations

AI-Powered Insights

Collaborative Assessments

Actionable Recommendations

Check out these other Gradum.io Standards Comparison Pages

ISO 31000 vs APRA CPS 234

ISO 31000 vs APRA CPS 234: Compare global risk guidelines with Australia's financial info security standard. Gain compliance strategies, key differences & implementation tips for resilience. (154)

DORA vs ISO 41001

Compare DORA vs ISO 41001: Financial resilience regulation meets FM standard. Key differences in ICT risks, compliance & ops. Boost your strategy—explore now!

Six Sigma vs ISO 31000

Compare Six Sigma vs ISO 31000: DMAIC defect reduction & belts vs risk principles/framework. Key diffs, benefits for process excellence & governance. Choose wisely—optimize now!

WELL

ISO 28000

Quick Verdict

WELL

Key Features

ISO 28000

Key Features

Detailed Analysis

WELL Details

What It Is

Key Components

Why Organizations Use It

Implementation Overview

ISO 28000 Details

What It Is

Key Components

Why Organizations Use It

Implementation Overview

Key Differences

Scope

Industry

Nature

Testing

Penalties

Frequently Asked Questions

WELL FAQ

What is the primary objective of WELL?

Who is legally or professionally required to comply with WELL?

Does WELL require an external audit or third-party certification?

How often should an assessment for WELL be performed?

What are the consequences of non-compliance with WELL?

Can WELL be mapped to other international frameworks?

What is the first step to begin implementing WELL?

ISO 28000 FAQ

What is the primary objective of ISO 28000?

Who is legally or professionally required to comply with ISO 28000?

Does ISO 28000 require an external audit or third-party certification?

How often should an assessment for ISO 28000 be performed?

What are the consequences of non-compliance with ISO 28000?

Can ISO 28000 be mapped to other international frameworks?

What is the first step to begin implementing ISO 28000?

You Might also be Interested in These Articles...

SOC 2 Audit Survival Guide: First 5 Steps to Ace Your Type 2 Audit with Infographic

CMMC Sustainment Mastery: Continuous Monitoring, Annual Affirmations, and Subcontractor Flow-Down Playbook

NIST CSF 2.0 Plain English Decoder: Translating Govern, Supply Chain, and Core Functions from Jargon to Actionable Insights

Run Maturity Assessments with GRADUM

Check out these other Gradum.io Standards Comparison Pages

ISO 31000 vs APRA CPS 234

DORA vs ISO 41001

Six Sigma vs ISO 31000