How the new international BIM security standard will affect users of the UK PAS
BSI have published the new international BIM security standard. This blog discusses why such a standard is necessary and how it works.
It has always been on the road-map that the UK’s suite of BIM specifications would be transitioned into international standards. This is only sensible in order to encourage the wider spread of BIM and therefore more effective collaborations on built environment projects.
However, strong as the benefits of information sharing are, there are also some downsides. Clearly, sharing information via the processes specified in the BIM standards introduces the risk that sensitive information is inadvertently exposed about a building, facility or infrastructure asset to those who could use it against the public good.
Recognizing the risks, and sponsored by the UK’s CPNI (Centre for the Protection of National Infrastructure), BSI therefore produced PAS 1192-5:2015 Specification for security-minded building information modelling, digital built environments and smart asset management.
Now the international replacement for PAS 1192-5 has been published. It is BS EN ISO 19650-5:2020 Organization and digitization of information about buildings and civil engineering works, including building information modelling (BIM) -- Information management using building information modelling -- Part 5: security-minded approach to information management.
Principles and requirements
What does BS EN ISO 19650-5:2020 cover? Well, it sets out principles and requirements for security-minded information management at a stage of maturity described as “building information modelling (BIM) according to the ISO 19650-series”. It also covers the security-minded management of sensitive information that’s obtained, created, processed and stored as part of, or in relation to, any other initiative, project, asset, product or service.
The standard provides a global framework that helps organizations understand key vulnerability issues and the nature of the controls needed to manage security risks to a level that is tolerable to relevant parties.
Implementation of the measures outlined in the standard will help reduce the risk of loss, misuse or modification of sensitive information that could impact on the safety, security and resilience of assets, the built environment, or the services provided by or from them.
The standard assists in protecting against the loss, theft or disclosure of commercial information, personal data and intellectual property.
It will also help protect organizations against the impacts of security breaches. These include significant reputational damage; the cost of diverting resources to repair the damage, including investigation, resolution and media activities; and the cost of disruptions to day-to-day operational activities.
As such, this standard also plays its part in encouraging more effective collaboration on global projects by giving relevant parties more assurance over how their information will be handled.
How does it differ from the PAS?
The short answer is “Not greatly”. BS EN ISO 19650-5:2020 was developed by an ISO technical committee led by the same UK convenor who was closely involved in the development of the UK PAS. Likewise, the new standard’s technical author played the same role in the development of the PAS. In other words, the international standard is being produced by some of the same people involved in the PAS so there is a high degree of continuity. So much so that BS EN ISO 19650-5:2020 is described as “an internationalized version” of the UK PAS which it replaces. This means that UK users of the PAS – aside from a few presentational conventions – should find the document to be reassuringly familiar.
In summary, then, the new international BIM security standard will not impact users of the UK PAS adversely. On the contrary, they will find that they’re already practicing what the international standard requires, so will have some early-adopter advantages.