Explainers

Security of data under BS 1192-4:2014

Part 4 of the British Standard for collaborative production of information is a code of practice for “fulfilling employer’s information exchange requirements”. It was published in late September and sponsored by the Construction Industry Council.

BS 1192-4 represents a leap forward in setting consistent rules and methodology for collecting data using COBie (Construction Operations Building Information Exchange). Having any standard code of practice is helpful for designers setting up their BIM models to ensure that they accurately populate Excel data sheets. So the final publication of BS 1192-4 is very welcome.

Public consultation on the draft BS 1192-4 closed at the end of July 2014 and, to a great extent, the final document is the same as the consultation document.

However, it is often interesting to analyse the changes between the consultation draft and the final publication. In the case of BS 1192-4, throughout the publication there have been insertions to deal with sensitive and classified data. An example in relation to the role of designers, contractors, and service providers is: “Where an asset is sensitive from a security perspective (physical and/or information security), this information should be handled in a separate limited access COBie deliverable.”

The code of practice suggests that the provider of information should determine whether information requires special handling for security, data protection or commercial sensitivity reasons and should also determine the required processes and procedures required to protect such data. This seems to suggest that the provider itself will have to make these key decisions.

However, the reality is that it is the employer that will have to consider the data security issue first, particularly where the COBie deliverables relate to the operation and configuration of security-sensitive systems. In those cases, the code of practice suggests that all parties should manage and  protect the information “in accordance with the security requirements established in the Employer’s Information Requirements (EIR) such as security strategy, policy, processes and procedures”.

The EIR will therefore need to consider at the outset the on-going cyber-security of the BIM data. That would include setting up data exchange requirements at the outset that will enable maintenance of confidentiality, storage of information, and access controls throughout the life of the asset.

Security issues will only gain greater import as we move towards BIM Level 3 and the “Internet of Things", as the final amendments to BS 1192-4 highlight.

Assad Maqbool is a partner at Trowers & Hamlins specialising in projects and construction

The reality is that it is the employer that will have to consider the data security issue first, particularly where the COBie deliverables relate to the operation and configuration of security-sensitive systems– Assad Maqbool

Story for BIM+? Get in touch via email: [email protected]

Latest articles in Explainers