BS EN ISO 19650-5:2020: Supporting a secure future for digital construction

One of the key drivers of the Construction Innovation Hub’s mission is to quicken the pace towards greater digitalisation in the construction industry. In recent years, the UK’s built environment has undergone a notable shift towards digitally enabled collaboration, virtual stakeholder engagement and secure, resilient information sharing.

The use of digital technologies, including Building Information Modelling (BIM), is ultimately increasing across the design, construction, manufacture, operation and management of assets or products – as well as the provision of services – within the built environment. This uptake is already having a transformative effect on the parties involved, and has been demonstrated to support:

• increased levels of collaboration, within and across sectors;
• more transparent, open ways of working;
• capture of real-time information about asset use and condition; and
• sharing and use of digital data an and information.

The Hub recognises these long-standing benefits and is working, with others, to find ways to make them more accessible for the construction industry. This includes supporting the development and promotion of the UK BIM Framework which sets out the approach for implementing BIM in the UK and managing information provided by the ISO 19650 series.

BS EN ISO 19650-5:2020 is a specification for security-minded information management that seeks to address the security vulnerabilities which arise from this increasing use of, and reliance on, digital communication and technologies. Security-mindedness is defined as the understanding and routine application of appropriate and proportionate security measures in any business situation so as to deter and/or disrupt hostile, malicious, fraudulent and criminal behaviours or activities.

The ISO provides a framework to assist organisations in understanding the key vulnerability issues and the nature of the controls required to manage the resultant security risks to a level that is tolerable to the relevant parties. Its use should not in any way undermine collaboration or the benefits that BIM and other collaborative work methods and digital technologies can generate.

The standard replaces PAS 1192-5 which was published in 2015. The scope of the ISO is broader, recognising that the organisations generating, processing and storing digital information whether in relation to, for example, BIM, high value manufacturing, robotics, smart cities or digital twins, face similar challenges and are able to use the same type of approach to meet them.

The ISO therefore specifies the principles and requirements for security-minded management of sensitive information that is obtained, created, processed and stored as part of, or in relation to, an initiative, project, asset, product or service.

The only other significant change from the PAS is the removal of the Built Asset Security Manager as a specific named role, recognising that while there are considerable advantages to all of the functions being fulfilled by a single individual, these can, with appropriate management, be covered by a more than one person.

Implementation of the measures outlined in the ISO, as was the case with the PAS, will assist in reducing the risk of the loss, misuse or modification of sensitive information that can impact on the safety, security and resilience of:

• assets;
• products;
• the built environment, or
• the services provided by, from or through them.

The measures can also be applied to protect against the loss, theft or disclosure of valuable commercial information and intellectual property as well as personal data. Significantly, embedding good security can further enhance global positioning and offer competitive advantage to commercial enterprises by building trust with their stakeholders and customers in the services and products they provide.

At the Hub, we are committed to supporting the construction industry’s adoption of digital ways of working that are trusted and secure. Therefore, we recommend that BS EN ISO 19650-5 should be applied by any organisation involved in the use of information management and technologies in the creation, design, construction, manufacture, operation, management, modification, improvement, demolition and/or recycling of assets or products, as well as the provision of services, within the built environment.

It will also be of interest and relevance to other organisations wishing to protect their commercial information, personal information and intellectual property.

Supporting guidance and information is available on the Centre for the Protection of National Infrastructure website.

Alexandra Luck is the Security Manager for the Construction Innovation Hub.