iTeh StandardsiTeh Standards
EURUSD
Your shopping cart is empty!
SIST

kSIST FprEN ISO 19650-5:2020

(Main)
Organization and digitization of information about buildings and civil engineering works, including building information modelling (BIM) - Information management using building information modelling - Part 5: Security-minded approach to information management (ISO/FDIS 19650-5:2020)

This proposed ISO standard will specify requirements for the security-minded management of projects utilizing digital technologies, associated control systems, for example building management systems, digital built environments and smart asset management. It outlines security threats to information during asset:.
• conception, strategy and briefing;
• procurement;
• design;
• construction;
• commissioning and handover;
• operation and maintenance;
• performance management;
• change of use/modification; and
• disposal/demolition.
It will explain the need for, and application of,trustworthiness and security controls throughout a built asset’s lifecycle (including the full project lifecycle) to deliver a holistic approach encompassing:
• safety;
• authenticity;
• availability (including reliability);
• confidentiality;
• integrity;
• possession;
• resilience; and
• utility.
The standard will address the steps required to create and cultivate an appropriate safety and security mindset and culture across many partners, including the need to monitor and audit compliance.
It will provide a foundation to support the evolution of future digital built environments, for example intelligent buildings, infrastructure and smart cities, but does not detail technical architectures for their implementation. While the processes contained within it may be applicable to other data management systems, this PAS does not specifically address issues relating to these systems.

Organisation von Daten zu Bauwerken - Informationsmanagement mit BIM - Teil 5: Spezifikation für Sicherheitsbelange von BIM, der digitalisierten Bauwerke und smarten Assetmanagement (ISO/FDIS 19650-5:2020)

Dieses Dokument legt die Grundsätze und Anforderungen eines ausgereiften sicherheitsbewussten Informationsmanagements fest, das als „Bauwerksinformationsmodellierung (BIM) nach der Normenreihe ISO 19650“, und wie in ISO 19650 1 festgelegt, beschrieben werden kann, und behandelt das sicherheitsbewusste Management von sensiblen Informationen, die als Teil von oder im Zusammenhang mit einer Initiative, einem Projekt, einem Asset, einem Produkt oder einer Dienstleistung erhalten, erstellt, verarbeitet und gespeichert werden.
Es geht auf die Schritte ein, die erforderlich sind, um ein angemessenes und verhältnismäßiges Sicherheitsbewusstsein und eine entsprechende Sicherheitskultur für Organisationen zu schaffen und zu erhalten, die Zugriff auf sensible Informationen haben, einschließlich der Notwendigkeit, die Einhaltung der Sicherheitsanforderungen zu überwachen und zu prüfen.
Der beschriebene Ansatz kann über den gesamten Lebenszyklus einer Initiative, eines Projekts, eines Assets, eines Produkts oder einer Dienstleistung (egal ob in Planung oder bereits vorhanden) angewendet werden, in dem sensible Informationen erhalten, erstellt, verarbeitet und/oder gespeichert werden.
Dieses Dokument ist für jede Organisation vorgesehen, die in den Einsatz des Informationsmanagements und Technologien für die Erstellung, den Entwurf, die Konstruktion, die Herstellung, den Betrieb, das Management, die Modifizierung, die Verbesserung, den Rückbau und/oder das Recycling von Assets oder Produkten sowie für die Bereitstellung von Dienstleistungen innerhalb der bebauten Umgebung eingebunden ist. Sie wird auch für Organisationen interessant sein, die ihre kommerziellen Informationen, ihre persönlichen Informationen und ihr geistiges Eigentum schützen möchten.

Organisation des informations concernant les ouvrages de construction -- Gestion de l'information par la modélisation des informations de la construction (ISO/FDIS 19650-5:2020)

Le présent document spécifie les principes et les exigences relatifs à la gestion de l'information axée sur la sécurité à un stade de maturité décrit comme la « modélisation des informations de la construction (BIM) selon la série ISO 19650 », et comme défini dans l'ISO 19650-1, ainsi qu'à la gestion axée sur la sécurité des informations sensibles qui sont obtenues, créées, traitées et stockées dans le cadre de tout autre initiative, projet, actif, produit ou service, ou en relation avec ceux-ci.
Il traite des étapes requises pour créer et développer une culture et un état d'esprit de sécurité appropriés et proportionnés au sein des organismes ayant accès à des informations sensibles, y compris la nécessité de surveiller et de vérifier la conformité.
L'approche décrite est applicable pendant tout le cycle de vie d'une initiative, d'un projet, d'un actif, d'un produit ou d'un service, qu'il soit planifié ou existant, au cours duquel des informations sensibles sont obtenues, créées, traitées et/ou stockées.
Le présent document est destiné à être utilisé par tout organisme concerné par l'utilisation de technologies et de la gestion de l'information dans la création, la conception, la construction, la fabrication, l'exploitation, la gestion, la modification, l'amélioration, la démolition et/ou le recyclage d'actifs ou de produits, ainsi que la prestation de services, dans l'environnement bâti. Il sera également intéressant et pertinent pour les organismes qui souhaitent protéger leurs informations commerciales, leurs informations personnelles et leur propriété intellectuelle.

Organizacija in digitalizacija informacij v gradbeništvu - Upravljanje informacij z BIM - 5. del: Varnostni pristop k upravljanju informacij (ISO/FDIS 19650-5:2020)

General Information

Status
Not Published
Public Enquiry End Date
12-Sep-2019
ICS
35.240.67 - IT applications in building and construction industry
91.010.01 - Construction industry in general
Technical Committee
BIM - Building Information Modelling (BIM)
Current Stage
5020 - Formal vote (FV) (Adopted Project)
Start Date
08-Apr-2020
Due Date
27-May-2020
Completion Date
22-Apr-2020
Ref Project
EN ISO 19650-5:2020 - Organization and digitization of information about buildings and civil engineering works, including building information modelling (BIM) - Information management using building information modelling - Part 5: Security-minded approach to information management (ISO 19650-5:2020)

Buy Standard

First pageSecond page
PreviousNext
Standard
oSIST prEN ISO 19650-5:2019
English language
35 pages
sale - 10%
Preview
sale - 10%
Preview

Standards Content (sample)

SLOVENSKI STANDARD oSIST prEN ISO 19650-5:2019 01-september-2019

Organizacija in digitalizacija informacij v gradbeništvu - Upravljanje informacij z

BIM - 5. del: Varnostni pristop k upravljanju informacij (ISO/DIS 19650-5:2019)

Organization and digitization of information about buildings and civil engineering works,

including building information modelling (BIM) - Information management using building

information modelling - Part 5: security-minded approach to information management

(ISO/DIS 19650-5:2019)
Organisation von Daten zu Bauwerken - Informationsmanagement mit BIM - Teil 5:

Spezifikation für Sicherheitsbelange von BIM, der digitalisierten Bauwerke und smarten

Assetmanagement (ISO/DIS 19650-5:2019)

Organisation des informations concernant les ouvrages de construction -- Gestion de

l'information par la modélisation des informations de la construction (ISO/DIS 19650-

5:2019)
Ta slovenski standard je istoveten z: prEN ISO 19650-5
ICS:
35.240.67 Uporabniške rešitve IT v IT applications in building
gradbeništvu and construction industry
91.010.01 Gradbeništvo na splošno Construction industry in
general
oSIST prEN ISO 19650-5:2019 en,fr,de

2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.

---------------------- Page: 1 ----------------------
oSIST prEN ISO 19650-5:2019
---------------------- Page: 2 ----------------------
oSIST prEN ISO 19650-5:2019
DRAFT INTERNATIONAL STANDARD
ISO/DIS 19650-5
ISO/TC 59/SC 13 Secretariat: SN
Voting begins on: Voting terminates on:
2019-07-05 2019-09-27
Organization and digitization of information about
buildings and civil engineering works, including building
information modelling (BIM) — Information management
using building information modelling —
Part 5:
security-minded approach to information management
ICS: 35.240.67; 91.010.01
THIS DOCUMENT IS A DRAFT CIRCULATED
This document is circulated as received from the committee secretariat.
FOR COMMENT AND APPROVAL. IT IS
THEREFORE SUBJECT TO CHANGE AND MAY
NOT BE REFERRED TO AS AN INTERNATIONAL
STANDARD UNTIL PUBLISHED AS SUCH.
IN ADDITION TO THEIR EVALUATION AS
ISO/CEN PARALLEL PROCESSING
BEING ACCEPTABLE FOR INDUSTRIAL,
TECHNOLOGICAL, COMMERCIAL AND
USER PURPOSES, DRAFT INTERNATIONAL
STANDARDS MAY ON OCCASION HAVE TO
BE CONSIDERED IN THE LIGHT OF THEIR
POTENTIAL TO BECOME STANDARDS TO
WHICH REFERENCE MAY BE MADE IN
Reference number
NATIONAL REGULATIONS.
ISO/DIS 19650-5:2019(E)
RECIPIENTS OF THIS DRAFT ARE INVITED
TO SUBMIT, WITH THEIR COMMENTS,
NOTIFICATION OF ANY RELEVANT PATENT
RIGHTS OF WHICH THEY ARE AWARE AND TO
PROVIDE SUPPORTING DOCUMENTATION. ISO 2019
---------------------- Page: 3 ----------------------
oSIST prEN ISO 19650-5:2019
ISO/DIS 19650-5:2019(E)
COPYRIGHT PROTECTED DOCUMENT
© ISO 2019

All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may

be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting

on the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address

below or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Fax: +41 22 749 09 47
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland
ii © ISO 2019 – All rights reserved
---------------------- Page: 4 ----------------------
oSIST prEN ISO 19650-5:2019
ISO/DIS 19650-5:2019(E)
Contents Page

Foreword ..........................................................................................................................................................................................................................................v

Introduction ................................................................................................................................................................................................................................vi

1 Scope ................................................................................................................................................................................................................................. 1

2 Normative references ...................................................................................................................................................................................... 1

3 Terms and definitions ..................................................................................................................................................................................... 1

4 Establish the need for a security-minded approach using a sensitivity assessment

process ............................................................................................................................................................................................................................ 3

4.1 Understand the range of security risks .............................................................................................................................. 3

4.2 Identify organizational sensitivities ..................................................................................................................................... 4

4.3 Establish any third-party sensitivities ................................................................................................................................ 4

4.4 Record the outcome of the sensitivity assessment .................................................................................................. 5

4.5 Periodically review the sensitivity assessment .......................................................................................................... 5

4.6 Determine whether a security-minded approach is required ....................................................................... 5

4.7 The organization(s) shall record the outcome of the application of the security

triage process for each initiative, project, asset, product or service to which it

is applied, including where there is no identified need for a security-minded

approach beyond protection of sensitive commercial and personal information. ...................... 6

4.8 Security-minded approach required .................................................................................................................................... 6

4.9 No security-minded approach required ............................................................................................................................ 7

5 Developing the security-minded approach .............................................................................................................................. 7

5.1 Establishing governance, accountability and responsibility for the security-

minded approach .................................................................................................................................................................................. 7

5.2 Commencing the development of the security-minded approach ............................................................. 8

6 Developing a security strategy ............................................................................................................................................................... 9

6.1 General ........................................................................................................................................................................................................... 9

6.2 Assess the security risk s ................................................................................................................................................................. 9

6.3 Develop security risk mitigation measures .................................................................................................................10

6.4 Document residual and tolerated security risks .....................................................................................................10

6.5 R eview of the security strategy .............................................................................................................................................11

7 Developing a security management plan .................................................................................................................................11

7.1 General ........................................................................................................................................................................................................11

7.2 Requirements relating to the provision of information to third parties ............................................12

7.3 Logistical security requirements ..........................................................................................................................................12

7.4 Managing accountability and responsibility for security ................................................................................13

7.5 Monit oring and auditing ..............................................................................................................................................................13

7.6 R eview of the security management plan ....................................................................................................................13

8 Developing a security breach/incident management plan ...................................................................................14

8.1 General ........................................................................................................................................................................................................14

8.2 Discovery of a security breach or incident ..................................................................................................................14

8.3 Containment and recovery ........................................................................................................................................................14

8.4 R eview following a security breach or incident ......................................................................................................15

8.5 R eview of the security breach/incident management plan ..........................................................................15

9 Working with appointed parties .......................................................................................................................................................15

9.1 Working outside formal appointments ...........................................................................................................................15

9.2 Measures contained in the appointment documentation ...............................................................................16

9.3 Post appointment award .............................................................................................................................................................16

9.4 End of appointment .........................................................................................................................................................................17

10 Compliance with other legislation and standards ..........................................................................................................17

Annex A (informative) Information on the security context.....................................................................................................18

© ISO 2019 – All rights reserved iii
---------------------- Page: 5 ----------------------
oSIST prEN ISO 19650-5:2019
ISO/DIS 19650-5:2019(E)

Annex B (informative) Information on types of personnel, physical, and technical security

controls and management of information security .........................................................................................................20

Annex C (informative) Assessments relating to the provision of information to third parties ................24

Annex D (informative) Information sharing agreements .............................................................................................................26

Bibliography .............................................................................................................................................................................................................................28

iv © ISO 2019 – All rights reserved
---------------------- Page: 6 ----------------------
oSIST prEN ISO 19650-5:2019
ISO/DIS 19650-5:2019(E)
Foreword

ISO (the International Organization for Standardization) is a worldwide federation of national standards

bodies (ISO member bodies). The work of preparing International Standards is normally carried out

through ISO technical committees. Each member body interested in a subject for which a technical

committee has been established has the right to be represented on that committee. International

organizations, governmental and non-governmental, in liaison with ISO, also take part in the work.

ISO collaborates closely with the International Electrotechnical Commission (IEC) on all matters of

electrotechnical standardization.

The procedures used to develop this document and those intended for its further maintenance are

described in the ISO/IEC Directives, Part 1. In particular the different approval criteria needed for the

different types of ISO documents should be noted. This document was drafted in accordance with the

editorial rules of the ISO/IEC Directives, Part 2 (see www .iso .org/directives).

Attention is drawn to the possibility that some of the elements of this document may be the subject of

patent rights. ISO shall not be held responsible for identifying any or all such patent rights. Details of

any patent rights identified during the development of the document will be in the Introduction and/or

on the ISO list of patent declarations received (see www .iso .org/patents).

Any trade name used in this document is information given for the convenience of users and does not

constitute an endorsement.

For an explanation on the voluntary nature of standards, the meaning of ISO specific terms and

expressions related to conformity assessment, as well as information about ISO's adherence to the

World Trade Organization (WTO) principles in the Technical Barriers to Trade (TBT) see the following

URL: www .iso .org/iso/foreword .html.

This document was prepared by Technical Committee ISO/TC 59, Buildings and civil engineering works,

Subcommittee SC 13, Organization and digitization of information about buildings and civil engineering

works, including building information modelling (BIM).

A list of all parts in the ISO 19650- series, published under the general title Organization and digitization

of information about buildings and civil engineering works, including building information modelling (BIM),

can be found on the ISO website.
© ISO 2019 – All rights reserved v
---------------------- Page: 7 ----------------------
oSIST prEN ISO 19650-5:2019
ISO/DIS 19650-5:2019(E)
Introduction

The built environment is experiencing a period of rapid evolution. It is anticipated that the adoption

of digital engineering, including building information modelling (BIM), and the increasing use of

digital technologies in the design, construction, manufacture, operation and management of assets or

products, as well as the provision of services, within the built environment will have a transformative

effect on the parties involved. It is likely that in order to increase effectivity and efficiency, initiatives

or projects that are developing new assets or solutions, or modifying or managing existing ones, must

become much more collaborative in nature to increase effectivity and efficiency. Such collaboration

requires more transparent, open ways of working, and, as much as possible, the appropriate sharing

and use of digital information.

Digital built environments will need to deliver future fiscal, financial, functional, sustainability and

growth objectives. This is likely to have an impact on procurement, delivery and operational processes

including far greater cross-discipline and sector collaboration, significantly increasing the availability

of information.

The use of computer-based technologies is already supporting new ways of working, such as the

development of off-site, factory-based fabrication and on-site automation. Sophisticated cyber-physical

systems, by using sensors (the cyber or computation element) to control or influence physical parts

of the system, are able to work in real-time to influence outcomes in the real world. It is anticipated

that such systems will be used to achieve benefits such as increases in energy efficiency and better

asset lifecycle management by capturing real-time information about asset use and condition. They

can already be found in transportation, utilities, infrastructure, buildings, manufacturing, health care

and defence, and when able to interact as integrated cyber-physical environments, could be used in the

development of smart communities.

As a consequence of this increasing use of, and dependence on, information and communications

technologies there is a need to address inherent vulnerability issues, and therefore the security

implications that arise, whether for built environments, assets, products, services, individuals or

communities, as well as any associated information.

This standard provides a framework to assist organizations in understanding the key vulnerability

issues and the nature of the controls required to manage the resultant security risks to a level that

is tolerable to the relevant parties. Its purpose is not in any way to undermine collaboration or the

benefits that digital engineering techniques such as BIM, other collaborative work methods and digital

technologies can generate.

While information security requirements for an individual organization are set out in ISO/

IEC 27001, digital engineering generally involves the sharing of information between a broad range

of organizations. ISO/IEC 27001 therefore cannot be applied to these organizations as a whole. This

standard encourages the adoption of a security-minded, risk-based approach that can be applied across,

as well as within organizations. The appropriate and proportionate nature of the approach also has the

benefit that measures should not prohibit the involvement of small and medium-sized enterprises in

the delivery team.

The security-minded approach can be applied throughout the lifecycle of an initiative, project, asset,

product or service, whether planned or existing, where sensitive information is obtained, created,

processed and/or stored.

Figure 1 shows the integration of this security-minded approach with other organizational strategies,

policies, plans and information requirements for the digitally-enabled delivery, maintenance and

operation of projects and assets using BIM.

Implementation of the measures outlined in this standard will assist in reducing the risk of the loss,

misuse or modification of sensitive information that could impact on the safety, security and resilience

of assets, products, the built environment, or the services provided by, from or through them. It will

also assist in protecting against the loss, theft or disclosure of commercial information, personal

information and intellectual property. Any such incidents can lead to significant reputational damage,

vi © ISO 2019 – All rights reserved
---------------------- Page: 8 ----------------------
oSIST prEN ISO 19650-5:2019
ISO/DIS 19650-5:2019(E)

impacting through lost opportunities and the diversion of resources to handle investigation, resolution

and media activities, in addition to the disruption of, and delay to, day-to-day operational activities.

Further, where incidents do occur and information has been made publicly available, it is virtually

impossible to recover all of that information or to prevent ongoing distribution.

Key
A Coordinated and consistent strategies and policies
B Coordinated and consistent plans
C Coordinated and consistent information requirements

D Activities undertaken during the operational phase of assets (see also ISO 19650-3)

E Activities undertaken during the delivery phase of the asset (see also ISO 19650-2)

1 Organizational plans and objectives
2 Strategic asset management plan/policy (see ISO 55000)
3 Security strategy
4 Other organizational strategies and policy
5 Asset management plan (see ISO 55000)
6 Security management plan
7 Other organizational plans
8 Asset information requirements (AIR)
9 Security information requirements
10 Organizational information requirements (OIR)
11 Strategic business case and strategic brief
12 Asset operational use
13 Performance measurement and improvement actions

Figure 1 — The integration of the security-minded approach within the wider BIM process

© ISO 2019 – All rights reserved vii
---------------------- Page: 9 ----------------------
oSIST prEN ISO 19650-5:2019
---------------------- Page: 10 ----------------------
oSIST prEN ISO 19650-5:2019
DRAFT INTERNATIONAL STANDARD ISO/DIS 19650-5:2019(E)
Organization and digitization of information about
buildings and civil engineering works, including building
information modelling (BIM) — Information management
using building information modelling —
Part 5:
security-minded approach to information management
1 Scope

This standard specifies the principles and requirements for security-minded information management

at a stage of maturity described as “building information modelling (BIM) according to the ISO 19650-

series”, as well as the security-minded management of sensitive information that is obtained, created,

processed and stored as part of, or in relation to, any other initiative, project, asset, product or service.

It addresses the steps required to create and cultivate an appropriate and proportionate security

mindset and culture across organizations with access to that information, including the need to monitor

and audit compliance.

The approach outlined is applicable throughout the lifecycle of an initiative, project, asset, product or

service, whether planned or existing, where sensitive information is obtained, created, processed and/

or stored.

This standard is intended for use by any organization who is involved in the use of digital engineering

and related technologies in the creation, design, construction, manufacture, operation, management,

modification, improvement, demolition and/or recycling of assets or products, as well as the provision

of services, within the built environment. It will also be of interest and relevance to those organizations

who wish to protect their commercial information, personal information and intellectual property.

2 Normative references

The following documents are referred to in the text in such a way that some or all of their content

constitutes requirements of this document. For dated references, only the edition cited applies. For

undated references, the latest edition of the referenced document (including any amendments) applies.

ISO 19650-1:2018, Organization and digitization of information about buildings and civil engineering

works, including building information modelling (BIM) — Information management using building

information modelling — Part 1: Concepts and principles

ISO 19650-2:2018, Organization and digitization of information about buildings and civil engineering

works, including building information modelling (BIM) — Information management using building

information modelling — Part 2: Delivery phase of the assets

ISO 19650-3:2019, Organization of information about construction works — Information management

using building information modelling — Part 3: Operational phase of the assets
ISO 55000, Asset management — Overview, principles and terminology
3 Terms a nd definiti ons
For the purposes of this document, the following terms and definitions apply.
© ISO 2019 – All rights reserved 1
---------------------- Page: 11 ----------------------
oSIST prEN ISO 19650-5:2019
ISO/DIS 19650-5:2019(E)

ISO and IEC maintain terminological databases for use in standardization at the following addresses:

— IEC Electropedia: available at http: //www .electropedia .org/
— ISO Online browsing platform: available at https: //www .iso. org/obp
3.1
asset

Item, thing or entity that has potential or actual value to an organization[SOURCE: ISO 55000:2014].

Note 1 to entry: An asset can be fixed, mobile or movable. It can be an individual item of plant, a vehicle, a system

of connected equipment, a space within a structure, a piece of land, an entire piece of infrastructure, an entire

building, or a portfolio of assets including associated land or water. It can also comprise information in digital or

in printed form.

Note 2 to entry: The value of an asset can vary throughout its life and an asset can still have value at the end of its

life. Value can be tangible, intangible, financial or non-financial.
3.2
crowded place

location or environment to which members of the public have access that can be considered more at

risk from a terrorist attack by virtue of its crowd density or the nature of the site

Note 1 to entry: Crowded places can include: sports stadia, arenas, festivals and music venues; hotels and

restaurants; pubs, clubs, bars and casinos; high streets, shopping centres and markets; visitor attractions;

cinemas and theatres; schools and universities; hospitals and places of worship; commercial centres; and

transport hubs. They can also include events and public realm spaces such as parks and squares.

Note 2 to entry: A crowded place will not necessarily be crowded at all times – crowd densities can vary and can

be temporary, as in the case of sporting events or open-air festivals.
3.3
metadata
data about data or data elements
3.4
need-to-know

legitimate requirement of a prospective recipient of information to know, to access, or to possess any

sensitive information represented by these information
3.5
risk appetite
amount and type of risk that an organization is willing to pursue or retain
3.6
safety

the state of relative freedom from threat or harm caused by random, unintentional acts or events

3.7
security

the state of relative freedom from threat or harm caused by deliberate, unwanted, hostile or

malicious acts
3.8
security breach
infraction or violation of security
[SOURCE: ISO 14298:2013]
3.9
security incident
suspicious act or circumstance threatening security
2 © ISO 2019 – All rights reserved
---------------------- Page: 12 ----------------------
oSIST prEN ISO 19650-5:2019
ISO/DIS 19650-5:2019(E)
3.10
security-minded

the understanding and routine application of appropriate and proportionate security measures in any

business situation so as to deter and/or disrupt hostile, malicious, fraudulent and criminal behaviours

or activities
3.11
sensitive information

information, the loss, misuse or modification of which, or unauthorized access to, could:

— adversely affect the privacy, welfare or safety of an individual or individuals;

— compromise intellectual property or trade secrets of an organization;
— cause commercial or economic harm to an organization or country; and/or
— jeopardize the security, internal and foreign affairs of a nation
3.12
residual risk
risk that remains after controls have been implemented
[SOURCE: ISO 16530-1:2017]
3.13
threat
potential cause of an incident which may result in harm
3.14
top management

person or group of people who directs and controls an organization at the highest level

Note 1 to entry: Top management has the power to delegate authority and provide resources within the

organization.

Note 2 to entry: In the context of this standard, management should be regarded as the function, not the activity

3.15
vulnerability
weakness that can be exploited to cause harm
4 Establish the need for a security-minded approach using a sensitivity
assessment process
4.1 Understand the range of security risks

4.1.1 The top management of an organization creating, managing, operating, disposing or re-

purposing an initiative, project, asset, product or service shall determine the range of security risks that

arise through greater availability of information, integration of services and systems, and the increased

dependency on technology-based systems.

NOTE Information on the types of security risks that should be considered are contained in Annex A.

4.1.2 Where two or more organizations are involved in:

a) initiating a project to develop a new asset(s), product(s) or service(s) or modify/enhance an

existing one;
b) managing, operating, re-purposing or disposing of an asset(s); and/or
© ISO 2019 – All rights reserved 3
---------------------- Page: 13 ----------------------
oSIST prEN ISO 19650-5:2019
ISO/DIS 19650-5:2019(E)
c) the provision of an asset-based service(s),

the top management of those organizations shall determine the range of security risks that arise

through greater availability of information, integration of services and systems, and the increased

dependency on technology-based systems.

NOTE 1 Such an arrangement of multiple organizations can occur in a city/community, a large, multi-purpose

development or in the provision of a transport system.

NOTE 2 Information on the types of security risks that should be considered are contained in Annex A.

4.2 Identify organizational sensitivities
4.2.1 into consideration the
...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.

This May Also Interest You

SIST
SIST EN ISO 21597-1:2020(Main)
Information container for linked document delivery - Exchange specification - Part 1: Container (ISO 21597-1:2020)
EN ISO 21597-1:2020

This document defines an open and stable container format to exchange files of a heterogeneous nature
to deliver, store and archive documents that describe an asset throughout its entire lifecycle.
It is suitable for all parties dealing with information concerning the built environment, where there is
a need to exchange multiple documents and their interrelationships, either as part of the process or
as contracted deliverables. The format is intended to use resources either included in the c...view more

    • sale - 10%
    • Standard
      49 pages
      English language
    • sale - 10%
    • Standard
      64 pages
      English language
SIST
SIST EN ISO 23386:2020(Main)
Building information modelling and other digital processes used in construction - Methodology to describe, author and maintain properties in interconnected data dictionaries (ISO 23386:2020)
EN ISO 23386:2020

This European standard establishes the rules for defining properties used in construction and a methodology for authoring and maintaining them, for a confident and seamless digital share between stakeholders.
Regarding definition of properties, it provides:
•   rules of definitions of properties
•   definition of property’s attributes
Regarding authoring and maintaining process, it provides:
•   definition of request’s attributes
•   definition and role of experts;
•   a governance model t...view more

    • sale - 10%
    • Standard
      48 pages
      English language
    • sale - 10%
    • Standard
      37 pages
      English language
SIST
SIST EN ISO 12006-2:2020(Main)
Building construction - Organization of information about construction works - Part 2: Framework for classification (ISO 12006-2:2015)
EN ISO 12006-2:2020

ISO 12006-2:2015 defines a framework for the development of built environment classification systems. It identifies a set of recommended classification table titles for a range of information object classes according to particular views, e.g. by form or function, supported by definitions. It shows how the object classes classified in each table are related, as a series of systems and sub-systems, e.g. in a building information model.
ISO 12006-2:2015 does not provide a complete operational clas...view more

    • sale - 10%
    • Standard
      31 pages
      English language
    • sale - 10%
    • Standard
      28 pages
      English language
SIST
SIST EN ISO 16757-2:2019(Main)
Data structures for electronic product catalogues for building services - Part 2: Geometry (ISO 16757-2:2016)
EN ISO 16757-2:2019

ISO 16757-2:2016 describes the modelling of building services product geometry. The description is optimized for the interchange of product catalogue data and includes
- shapes for representing the product itself,
- symbolic shapes for the visualization of the product's function in schematic diagrams,
- spaces for functional requirements,
- surfaces for visualization, and
- ports to represent connectivity between different objects.
The shape and space geometry is expressed as Constructive ...view more

    • sale - 10%
    • Standard
      91 pages
      English language
SIST
SIST EN ISO 16757-1:2019(Main)
Data structures for electronic product catalogues for building services - Part 1: Concepts, architecture and model (ISO 16757-1:2015)
EN ISO 16757-1:2019

The primary purpose of ISO 16757 is the provision of data structures for electronic product catalogues to transmit building services product data automatically into models of building services software applications. This includes a meta model for the specification of product classes and their properties and a meta model for the product data which is exchanged in product catalogues. Product data has to follow the specifications for their product groups.
ISO 16757-1:2015 specifies
the underlying...view more

    • sale - 10%
    • Standard
      42 pages
      English language
SIST
SIST EN ISO 19650-1:2019(Main)
Organization and digitization of information about buildings and civil engineering works, including building information modelling (BIM) - Information management using building information modelling - Part 1: Concepts and principles (ISO 19650-1:2018)
EN ISO 19650-1:2018

This document is part one of an International Standard for information management using building information Modelling – ISO 19650. It sets out the concepts and principles for successful information management at a level of maturity described as “BIM according to ISO 19650”.
This standard applies to the whole life cycle of a built asset, including initial design and construction, day-to-day operation, maintenance, refurbishment, repair and end-of-life.
The concepts and principles contained in ...view more

    • sale - 10%
    • Standard
      44 pages
      English language
SIST
SIST EN ISO 19650-2:2019(Main)
Organization and digitization of information about buildings and civil engineering works, including building information modelling (BIM) - Information management using building information modelling - Part 2: Delivery phase of the assets (ISO 19650-2:2018)
EN ISO 19650-2:2018

This document is part of a series of International Standards for information management using building information modelling and focuses specifically on the delivery phase of assets, where the majority of graphical models, structured data and documentation, known collectively as an information model, are accumulated throughout the entire delivery phase.
Commencing at the point at which a client identifies the need to initiate a project to build, maintain, refurbish, or decommission an asset, th...view more

    • sale - 10%
    • Standard
      38 pages
      English language
SIST
SIST EN ISO 29481-1:2017(Main)
Building information models - Information delivery manual - Part 1: Methodology and format (ISO 29481-1:2016)
EN ISO 29481-1:2017

ISO 29481-1:2016 specifies
- a methodology that links the business processes undertaken during the construction of built facilities with the specification of information that is required by these processes, and
- a way to map and describe the information processes across the life cycle of construction works.
ISO 29481-1:2016 is intended to facilitate interoperability between software applications used during all stages of the life cycle of construction works, including briefing, design, docum...view more

    • sale - 10%
    • Standard
      37 pages
      English language
SIST
SIST EN ISO 12006-3:2016(Main)
Building construction - Organization of information about construction works - Part 3: Framework for object-oriented information (ISO 12006-3:2007)
EN ISO 12006-3:2016

ISO 12006-3:2007 specifies a language-independent information model which can be used for the development of dictionaries used to store or provide information about construction works. It enables classification systems, information models, object models and process models to be referenced from within a common framework.

    • sale - 10%
    • Standard
      41 pages
      English language
SIST
SIST EN ISO 29481-2:2016(Main)
Building information models - Information delivery manual - Part 2: Interaction framework (ISO 29481-2:2012)
EN ISO 29481-2:2016

ISO 29481-2:2012 specifies a methodology and format for describing ?coordination acts' between actors in a building construction project during all life cycle stages.
It therefore specifies
a methodology that describes an interaction framework,
an appropriate way to map responsibilities and interactions that provides a process context for information flow,
a format in which the interaction framework should be specified.
ISO 29481-2:2012 is intended to facilitate interoperability between ...view more

    • sale - 10%
    • Standard
      82 pages
      English language