What is the primary objective of WELL?

The primary objective of WELL is to advance human health and well-being in the built environment through performance-based design, operations, and policies. Administered by the International WELL Building Institute (IWBI), WELL v2 organizes requirements across 10 concepts—Air, Water, Nourishment, Light, Movement, Thermal Comfort, Sound, Materials, Mind, and Community—plus Innovation. It mandates 24 Preconditions (pass/fail minimums) and offers 97 Optimizations (point-earning strategies), verified via on-site testing for outcomes like CO₂ ≤900 ppm and thermal comfort.

Who is legally or professionally required to comply with WELL?

WELL is voluntary and not legally mandated for any organization. It applies to building owners, developers, and operators pursuing certification for new or existing buildings across types like offices, residential, and hospitality via pathways such as WELL Certification, WELL Core (≥75% leased space), or thematic ratings (Health-Safety, Performance, Equity). Professionals like architects, facility managers, and WELL APs adopt it for market differentiation, ESG reporting, and occupant health metrics.

Does WELL require an external audit or third-party certification?

Yes, WELL requires third-party documentation review and on-site performance verification (PV) by authorized WELL Performance Testing Agents. This includes two rounds of review (preliminary/final) via IWBI's platform and testing for air, water, light, sound, and thermal parameters at ≥50% occupancy. Certification levels—Bronze (40 points), Silver (50), Gold (60), Platinum (80), requiring a minimum of 2 points per concept—are awarded post-verification.

How often should an assessment for WELL be performed?

WELL certification requires recertification every three years, with annual reporting for select features like air quality monitoring. Ongoing assessments involve continuous monitoring (e.g., CO₂, PM2.5) and performance testing; projects submit data via IWBI's platform. Pre-testing is recommended pre-PV for high-risk areas like air near highways or legacy water systems.

What are the consequences of non-compliance with WELL?

Non-compliance with WELL results in certification denial, additional curative review fees, and delayed recertification. Failed Preconditions block all levels; PV failures require remediation or appeals. No statutory fines apply (voluntary standard), but operational risks include occupant health issues, ESG reporting gaps, and lost market advantages like higher rents.

Can WELL be mapped to other international frameworks?

Yes, IWBI provides official crosswalks mapping WELL features to frameworks like LEED. These align overlapping strategies (e.g., air filtration, materials), reducing duplicate documentation for dual certifications and enabling integrated ESG reporting without mentioning specific external standards here.

What is the first step to begin implementing WELL?

The first step is enrolling the project in IWBI's digital platform and developing a tailored scorecard. Identify applicable features, Preconditions, and target level (e.g., 40+ points for Bronze), then conduct a gap analysis and optional pre-testing for air/water risks.

What is the primary objective of ISO 28000?

ISO 28000 specifies requirements for establishing, implementing, maintaining, and continually improving a security management system (SMS) for supply chain security. The 2022 edition provides a risk-based framework to identify threats, vulnerabilities, and interdependencies across supply chains, including people, assets, goods, infrastructure, and information. It follows the PDCA cycle and High Level Structure for systemic risk treatment, operational controls, performance evaluation, and continual improvement, applicable to all organization sizes and sectors like logistics, manufacturing, and ports.

Who is legally or professionally required to comply with ISO 28000?

ISO 28000 is voluntary with no universal legal mandate but becomes professionally required via contracts, tenders, or programs like customs facilitation. It targets organizations in logistics, transportation, manufacturing, retail, pharmaceuticals, energy, ports, and 3PL/4PL providers managing supply chain risks. C-suite (COO/CRO/CSO), supply chain directors, security managers, risk officers, and procurement leads are affected, especially where commercial obligations, insurance, or public-sector contracts demand demonstrable SMS conformity.

Does ISO 28000 require an external audit or third-party certification?

ISO 28000 requires internal audits but external audits and third-party certification are optional, following ISO 28003 requirements for certification bodies. Accredited bodies (e.g., ANAB) conduct Stage 1 (readiness) and Stage 2 (effectiveness) audits, with 3-year certification validity and annual surveillance. Certification demonstrates conformity to stakeholders but is pursued for market access, not as a standard mandate.

How often should an assessment for ISO 28000 be performed?

ISO 28000 requires risk assessments to be maintained continuously, with formal reviews at planned intervals or upon changes. Internal audits occur via a risk-based program considering prior results; management reviews happen periodically (at least annually). Security risk assessments refresh annually or on supply chain changes, supported by ongoing monitoring of KPIs like incident rates and supplier controls.

What are the consequences of non-compliance with ISO 28000?

Non-compliance with ISO 28000 risks operational disruptions, financial losses, reputational damage, and lost contracts, though no direct legal penalties apply. Indirect impacts include supply chain outages from theft/sabotage, higher insurance premiums, exclusion from tenders, and regulatory scrutiny in programs requiring security credentials. Weak SMS exposes single points of failure, amplifying incident costs.

Can ISO 28000 be mapped to other international frameworks?

Yes, ISO 28000:2022 aligns with the High Level Structure, enabling mapping to ISO 9001, ISO 14001, ISO 22301, and ISO/IEC 27001. Shared PDCA, risk processes, and clauses (e.g., leadership, planning) support integrated management systems, unified audits, and risk registers, reducing duplication while addressing supply chain-specific security.

What is the first step to begin implementing ISO 28000?

The first step is executive decision and scoping, securing C-suite sponsorship and defining SMS boundaries. Conduct supply chain mapping, appoint a Senior Responsible Owner, allocate resources, and produce a project charter with timeline. This Phase 0 (0-6 weeks) baselines context, risks, and deliverables before gap analysis.

Standards Comparison

WELL vs ISO 28000

WELL

Voluntary

2014

Certification for occupant health in buildings

ISO 28000

Voluntary

2022

International standard for supply chain security management systems

Quick Verdict

WELL advances building occupant health via performance verification for real estate; ISO 28000 builds supply chain security through risk management for logistics. Companies adopt WELL for ESG wellness, ISO 28000 for resilience and compliance.

Building Health & Wellness

WELL

WELL Building Standard v2

Cost

€€€€

Complexity

High

Implementation Time

12-18 months

Key Features

Mandatory on-site performance verification testing
Preconditions mandatory, Optimizations earn points
10 concepts: Air, Water, Light, Movement, more
Tiered certifications Bronze to Platinum via scoring
Continuous monitoring pathways for compliance

Supply Chain Security

ISO 28000

ISO 28000:2022 Security management systems — Requirements

Cost

€€€€

Complexity

High

Implementation Time

12-18 months

Key Features

Risk-based supply chain security assessment and treatment
PDCA cycle for continual SMS improvement
Supplier and third-party interdependency governance
Integration with ISO 22301 and 27001 standards
Incident response and recovery planning requirements

Detailed Analysis

A comprehensive look at the specific requirements, scope, and impact of each standard.

WELL Details

What It Is

WELL Building Standard v2 (WELL v2) is a performance-based certification framework administered by the International WELL Building Institute (IWBI). It focuses on designing, operating, and verifying buildings to advance human health and well-being, emphasizing indoor environmental quality and occupant outcomes across new and existing structures.

Key Components

**10 core conceptsAir, Water, Nourishment, Light, Movement, Thermal Comfort, Sound, Materials, Mind, Community (plus Innovation).
24 Preconditions (mandatory pass/fail) and 97 Optimizations (point-earning).
**Tiered certificationBronze (40 points), Silver (50), Gold (60), Platinum (80), with concept minimums.
Built on evidence-based health science; requires on-site performance verification.

Why Organizations Use It

Enhances occupant health, productivity, and ESG reporting.
Differentiates from LEED via people-first focus.
Drives higher rents, retention; mitigates health risks.
Builds stakeholder trust through verified outcomes.

Implementation Overview

Phased: gap analysis, scorecard, documentation, verification, recertification (3 years).
Cross-functional: facilities, HR, design teams.
Applies to offices, residential, portfolios globally.
Third-party review and testing mandatory.

ISO 28000 Details

What It Is

ISO 28000:2022 is an international certification standard specifying requirements for establishing, implementing, maintaining, and improving a security management system (SMS) focused on supply chain security and resilience. It uses a risk-based approach aligned with the PDCA cycle and ISO High Level Structure.

Key Components

Clauses 4-10 cover context, leadership, planning, support, operation, performance evaluation, and improvement.
Emphasizes risk assessment, security controls, incident response, supplier governance, and continual improvement.
Built on ISO 31000 risk principles; supports integration with ISO 9001, 22301, 27001.
Optional third-party certification via accredited bodies per ISO 28003.

Why Organizations Use It

Mitigates theft, sabotage, disruptions; reduces insurance costs and incidents.
Meets contractual, regulatory drivers like C-TPAT equivalents.
Enhances market access, trade facilitation, stakeholder trust.
Provides competitive edge in logistics, manufacturing, pharma.

Implementation Overview

Phased: gap analysis, risk assessment, controls deployment, audits.
Scalable for SMEs to multinationals; 6-36 months typical.
Involves supply chain mapping, training, KPIs, management reviews.

Key Differences

Aspect	WELL	ISO 28000
Scope	Occupant health, well-being in buildings	Supply chain security risks, resilience
Industry	Real estate, offices, all building types globally	Logistics, manufacturing, all supply chains globally
Nature	Voluntary performance-based certification	Voluntary management system standard
Testing	On-site performance verification, continuous monitoring	Internal audits, management reviews, certification audits
Penalties	Loss of certification, no legal penalties	Loss of certification, no legal penalties

Scope

WELL

Occupant health, well-being in buildings

ISO 28000

Supply chain security risks, resilience

Industry

WELL

Real estate, offices, all building types globally

ISO 28000

Logistics, manufacturing, all supply chains globally

Nature

WELL

Voluntary performance-based certification

ISO 28000

Voluntary management system standard

Testing

WELL

On-site performance verification, continuous monitoring

ISO 28000

Internal audits, management reviews, certification audits

Penalties

WELL

Loss of certification, no legal penalties

ISO 28000

Loss of certification, no legal penalties

Frequently Asked Questions

Common questions about WELL and ISO 28000

WELL FAQ

ISO 28000 FAQ

You Might also be Interested in These Articles...

SOC 2 for Bootstrapped SaaS: Lazy Founder's Automation Roadmap with Vanta/Drata Templates

Bootstrapped SaaS founders: Achieve SOC 2 Type 2 in 3 months with Vanta automation (cuts 70% manual work). Free templates, workflows, screenshots, metrics & Sig

DORA Third-Party Risk Management: A Consultant’s Guide to Mapping Critical ICT Service Providers in 2026

Navigate DORA's complex third-party risk pillar. Step-by-step consultant guide to identify critical ICT providers, remediate Article 30 contracts, and build the

5 Ways Modern Compliance Software Makes Evolving Regulations Your Strategic Advantage

Discover 5 ways modern compliance software turns evolving regulations into strategic advantage. Automate monitoring, cut 3x non-compliance costs, stay audit-rea

Run Maturity Assessments with GRADUM

Transform your compliance journey with our AI-powered assessment platform

Assess your organization's maturity across multiple standards and regulations including ISO 27001, DORA, NIS2, NIST, GDPR, and hundreds more. Get actionable insights and track your progress with collaborative, AI-powered evaluations.

100+ Standards & Regulations

AI-Powered Insights

Collaborative Assessments

Actionable Recommendations

Explore More Comparisons

See how WELL and ISO 28000 compare against other standards

Other WELL Comparisons

Other ISO 28000 Comparisons

What It Is

Key Components

**10 core conceptsAir, Water, Nourishment, Light, Movement, Thermal Comfort, Sound, Materials, Mind, Community (plus Innovation).

24 Preconditions (mandatory pass/fail) and 97 Optimizations (point-earning).

**Tiered certificationBronze (40 points), Silver (50), Gold (60), Platinum (80), with concept minimums.

Built on evidence-based health science; requires on-site performance verification.

What It Is

Key Components

Clauses 4-10 cover context, leadership, planning, support, operation, performance evaluation, and improvement.

Emphasizes risk assessment, security controls, incident response, supplier governance, and continual improvement.

Built on ISO 31000 risk principles; supports integration with ISO 9001, 22301, 27001.

Optional third-party certification via accredited bodies per ISO 28003.

Aspect

WELL

ISO 28000

Scope

Occupant health, well-being in buildings

Supply chain security risks, resilience

Industry

Real estate, offices, all building types globally

Logistics, manufacturing, all supply chains globally

Nature

Voluntary performance-based certification

Voluntary management system standard

Testing

On-site performance verification, continuous monitoring

Internal audits, management reviews, certification audits

Penalties

Loss of certification, no legal penalties