Quality and security are important subjects for CONJECT customers, tell us about the purpose of this role?
In order to provide best practice and meet clients’ changing needs, the aim of the role of Head of Governance is to continually improve the company’s overall approach to quality, security and sustainability. Whilst we have existing controls in place, this new role will be responsible for coordinating efforts, ensuring that Conject is able to evidence good practices.
What is driving the increased importance of cyber security in the AEC and Real Estate industries?
Globally, the AEC and real estate industries will be transformed over the next decade, and this transformation will be assisted by information and communications technology (ICT). It can be seen that Government departments are joining the private sector in the adoption of cloud technologies, evidenced by the determination to stop investments in on-premise, legacy systems and instead increase adoption of SaaS solutions, for example via Digital Marketplace (previously Cloudstore).
This driver is one of the reasons the UK Government has championed
and taken part in the creation of various cyber security initiatives, including the public-private frameworks of Cyber Essentials and Cyber Essentials Plus.
In addition, the creation of so-called ‘smart cities’ and ‘intelligent built require the integration of data and/ or systems owned by the users of built assets together with infrastructure suppliers such as water, transport and energy, who will provide commercial and open-source data.
What specific security and quality challenges will the industry face in the next 12 months?
The AEC industry will face challenges over the coming 12 months as the more advanced BIM practices, and in particular adherence with PAS1192-5 gain a foothold in projects. The delivery of data and the sharing of models in the built environment will result in security risks, especially where organisations sharing such information have differing levels of security awareness and processes.
IT operations will handle much bigger file sizes, requiring ever increasing storage capacity. As more types of construction information are digitised, ensuring the continuous availability of data should systems fail is important. Conject takes the resilience of its systems very seriously. The upgrade of our UK infrastructure last year ensured the highest levels of system resilience and security.
What are the key projects you’re working on?
There are two initial priorities, firstly to ensure that Conject has in place the rigorous controls and audit processes required so our customers’ data is treated with the highest levels of security. Secondly, to formalise internal processes at Conject to ensure we are ‘walking the talk’ on security.
We have already achieved the first couple of milestones on the Conject security roadmap. Conject now holds the Government supported Cyber Essentials and Cyber Essentials plus accreditations joining a short list of companies demonstrating the technical security controls required to defend against internet-borne threats.
Currently we are working towards compliance with the Cyber Security Model (CSM), the minimum requirements to allow bidding for new contracts with the MoD. Following that, we plan to extend this to meet the Cyber Essentials IASME certification GOLD standard in 2016, further demonstrating best practice and compliance with the international ISO27001 standard.
Building on the above, there will be a cohesive approach to Conject management systems around quality, business continuity, health & safety and the environmental aspects of the business. We will look to include elements related to management review, internal and external audit, risk management, corrective action and the identification of improvements where required.
The delivery of the above will cement Conject’s ability to deliver best-in-class data security. From this strong foundation, we will aim for new goals.