Nov 26 2015

BIM and data security

It is easy to get preoccupied with data security. After all, hardly a week goes by without media stories of security breaches, lost devices, hacked websites, stolen identities, etc.  It can be tempting to insist that all information should be locked down by default and only shared when necessary.CDE

In the paper-based world this was straightforward, but some construction businesses’ reluctance to share information often meant that data had to be recreated, adding time and cost to the process, and increasing the likelihood of human error and resulting rework.

The advent of electronic information increased the opportunity for collaboration – we could now share our documents and drawings, and in theory at least, maintain a single version of ‘the truth’ but adversarial attitudes and behaviours sometimes still got in the way. Again, design and construction information might need to be re-keyed, and bypassing centralised systems compromising co-ordination and version control.


“Open, shareable asset information”

However, the UK Government’s BIM drive – now pushing us ever closer to the April 2016 milestone for Level 2 – has long insisted that our construction projects should be more collaborative and be supported by open, shareable asset information. This ‘openness’ does not mean that project information is made freely available; it is intended to help organisations exchange data in common, non-proprietary formats across the life-cycle of the built asset.

As a Common Data Environment (CDE) provider, CONJECT is continuing to apply many of the exacting information security standards it has long maintained as a SaaS or cloud-based document and process collaboration specialist. Our customer promise is to provide the following as a minimum:

  • Help our clients and their teams know where their data is stored, and ensure it is backed up
  • Control access to information, so that users can access what they need, but not necessarily have a free view of everything
  • Clarify who owns the data, and also who is licensed to access it, reuse it, etc
  • Safeguard sensitive or confidential data
  • Record and report on who does what and when in accessing the system.



In early 2015, the suite of UK BIM Level 2 standards was also expanded by a guidance document dedicated to cyber-security. PAS1192-5 outlines:

“Security threats to the use of information during asset conception, procurement, design, construction, operation and disposal… [and] … the steps required to create and cultivate an appropriate security mind-set and the secure culture necessary to enable business to unlock new and more efficient processes and collaborative ways of working.”

This extends beyond secure management of asset information. PAS1192-5 also specifies processes to help organisations take appropriate and proportionate measures to reduce the risks of loss or disclosure of information which could compromise the safety and security of:

  • The built asset itself (eg: a railway station)
  • Personnel and other occupants or users of the built asset and its services (eg: rail employees, customers, and staff of retail outlets in the station)
  • The benefits the built asset exists to deliver (the rail services)

The PAS1192-5 processes can also be applied to protect against the loss, theft or disclosure of valuable commercial information and intellectual property.

Since the first issue of PAS1192-5 for consultation, further work has been undertaken to help both construction customers (ultimately, asset owners – who are urged to develop built asset security management plans, BASMPs) and CDE providers (such as Conject) assess and respond to the various cloud security issues. These place some obligations on the customer and others on the CDE provider and its hosting partners. CONJECT’s hosting provider ensures:


Your data is safe with CONJECT

As you might expect, CONJECT, the UK’s first SaaS construction collaboration technology vendor to achieve ISO27001 accreditation via its hosting provider, strives to maintain its industry-leading security regime. Conject has continued to work with its clients and its UK hosting partner Attenda to provide both increased capacity to cope with the demands of BIM traffic and – conscious of the obligations imposed by PAS1192-5 – enhanced security to meet the needs of the most demanding customers (read our June 2015 news release).



About the author

Michelle Mason

Michelle Mason leads the UK and MEAP Marketing team, with far too many years in B2B marketing to mention. A CONJECT newbie, Michelle is eagerly climbing a steep learning curve.

View my LinkedIn profile:

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>