Risk of goods and security incidents, such as theft, boycott, smuggling and terrorism are likely to occur in a shipping process, therefore risk controls are needed to reduce the adverse effects. A research on the supply chain security risk management based on ISO 28001 security supply chain is conducted to overcome such problems. The purpose of this research is to analyse compliance & supply chain security risks and propose a mitigation based on ISO 28001 in a logistic service provider in Indonesia. A gap analysis is conducted to assess the compliance of security performance in seven areas, i.e. supply chain security management, security plans, asset security, personnel security, information security, security of goods & conveyance and transportation units closed cargo. The result of the assessment showed that a compliance level of above 75% indicates that the company is ready to implement an ISO 28001. The risk mitigation plan is proposed based on Failure mode effect analysis (FMEA) which calculates the Risk Priority Number (RPN). The RPN value indicates the level of risk where the higher the value, the more critical the risk and become the priority to handle. The mitigation proposed for managing risk are reducing, sharing and avoiding.