BS EN ISO 19650-5:2020,Organization and digitization of information about buildings and civil engineering works, including building information modelling (BIM) — Information management using building information modelling — Part 5: Security-minded approach to information management.
BS EN ISO 19650-5:2020 specifies the principles and requirements for security-minded information management at a stage of maturity described as “building information modelling (BIM) according to the ISO 19650 series”, and as defined in ISO 19650-1, as well as the security-minded management of sensitive information that is obtained, created, processed and stored as part of, or in relation to, any other initiative, project, asset, product or service.
It addresses the steps required to create and cultivate an appropriate and proportionate security mindset and culture across organizations with access to sensitive information, including the need to monitor and audit compliance.
The approach outlined is applicable throughout the lifecycle of an initiative, project, asset, product or service, whether planned or existing, where sensitive information is obtained, created, processed and/or stored.
BS EN ISO 19650-5:2020 is intended for use by any organization involved in the use of information management and technologies in the creation, design, construction, manufacture, operation, management, modification, improvement, demolition and/or recycling of assets or products, as well as the provision of services, within the built environment. It will also be of interest and relevance to those organizations wishing to protect their commercial information, personal information and intellectual property.
This document provides a framework to assist organizations in understanding the key vulnerability is tole, and the nature of the controls required to manage the resultant security risks to a benefits that BlM.
The term organization captures not only appointing parties and appointed parties, as defined in IS0 19650-1, but also demand-side organizations who are not directly involved in an appointment.
Information security requirements for an individual organization, organizational department or
system are set out in ISO/IEC 27001 but cannot be applied across multiple organizations, BIM and other digital collaborative work methods and technologies generally involve the collaborative sharing of information across a broad range of independent organizations within the built environment sector. Therefore, this document encourages the adoption of a security-minded, risk-based approach that can be applied across, as well as within, organizations. The appropriate and proportionate nature of
approach also has the benefit that measures should not prohibit the involvement of small and medium sized enterprises in the delivery team.
The security-minded approach can be applied throughout the lifecycle of an initiative, project, asset, product or service, whether planned or existing, where sensitive information is obtained, created processed and/or stored.