Build March Issue

Build Magazine 61 Regulation physical security of the building and cyber-security. Further advice may also be obtained from the police architectural liaison officer (or in London the crime prevention advisor) who will be embedded in the Local Authority Planning Office. There is therefore a need for the employer to consider security generally and cyber security in particular, at the outset of a project. The employer should appoint a suitably qualified and experienced individual to advise and manage the security issues and threats which may occur during the lifecycle of the building/infrastructure. In particular the individual concerned should be responsible for the development of the built asset security strategy which identifies the employer’s security requirements. This strategy should then be used to develop the built asset security management plan (“BASMP”) which should address the specific security risks which have been identified and implement and maintain the security measures to counter those risks. If the employer is intending to carry out a building project, the contents of the BASMP should be used to inform and develop the security requirements in the Employer’s Information Requirements (“EIR”). This is the foundation document for any BIM project, which specifies the information to be delivered and the standards and processes to be adopted, (including security processes) by the suppliers as part of the BIM process. As noted in the ACE (UK) BIM Technology Protocol “All project BIM data developed within the CDE [common data environment] should be subject to the necessary security requirements as specified in the EIR” The CIC BIM Protocol requires the employer to appoint an Information Manager who has no design related duties, though the expectation is that the role will form part of wider duties undertaken by either the ‘Design Lead’ or the ‘Project Lead’. The Information Manager is responsible for managing the CDE, managing project information and supporting collaborative working, information exchange and the project team. The employer’s own security advisor who has prepared the BASMP should, in my view, work closely with the Information Manager to ensure that security standards are maintained because, despite one of the proposed duties of the Information Manager being to “maintain the Information Model to meet integrity and security standards in accordance with the Employer’s Information Requirements” during the project , the CIC BIM Protocol also states at Clause 5.1, that a Project Team Member (the Information Manager being one of the Project Team) gives no warranty as to the integrity of the electronic data and at clause 5.2 excludes liability for any corruption or unintended amendments etc. of the electronic data which occurs after transmission of a Model by a Project Team Member, unless caused by a failure to comply with the BIM Protocol. This does not encourage Project Team Members to take appropriate steps to assure the integrity and security of the BIM data. In addition the possibility that professional indemnity insurers may seek to exclude liability in respect of losses, damage or amendment to electronic documents, lead to the conclusion that liability for the integrity of the electronic data remains with the employer under the CIC BIM protocol, and consequently the employer needs to manage that risk. A more practical reason for suggesting the employer’s own security advisor should be working closely with the Information Manager is because as the project progresses from design and construction through to commissioning and operation, the PIM will (or should be) used to commission and operate the building or facility. The PIM may need to interface with facility management systems and operational management systems. The responsibility for the PIM should therefore transfer from the Project Team to the employer’s operational staff. The employer’s security advisor could manage that transfer and put in place procedures to ensure that confidentiality of the PIM is maintained and access to it is controlled as personnel and contractors change during the operational life of the facility. The integrity of the PIM will also need to be maintained and continuously up-dated to reflect changes to the asset during it life cycle if the PIM is to continue to be a useful working tool for the operation and maintenance of the facility. Similarly, the ability to access the PIM will need to be maintained as information and storage technologies change over the lifecycle of the facility. It is in the interest of the employer therefore to be involved throughout the project if it is to obtain the advantages of BIM while protecting itself from the potential security threats which arise through the increased use of information technology and collaborative working which BIM demands. Office for National Statistics 2015 crime statistics. National Institute of Standards and Technology - US Department of Commerce special Publication 800-82 – Guide to Industrial Control Systems (ICS) Security PAS 1192-5:2015 Specification for security-minded building information modelling, digital built environment sand smart asset management Built environment 2050 – A Report on Our Digital Future Defined in PAS 1192-5:2015 as the “built asset security manager” Practical implementation of BIM for the UK Architectural, Engineering and Construction (ACE) industry Version 2.1.1 June 2015 – section 4.4 Building Information Model (BIM) Protocol CIC/BIM Pro published by the Construction Industry Council Outline scope of services for the role of Information Manager CIC/INF MAN/S published by the Construction Industry Council