iTeh StandardsiTeh Standards
EURUSD
Your shopping cart is empty.
SIST

SIST EN ISO 19650-5:2020

(Main)

Organization and digitization of information about buildings and civil engineering works, including building information modelling (BIM) - Information management using building information modelling - Part 5: Security-minded approach to information management (ISO 19650-5:2020)

Organization and digitization of information about buildings and civil engineering works, including building information modelling (BIM) - Information management using building information modelling - Part 5: Security-minded approach to information management (ISO 19650-5:2020)

This proposed ISO standard will specify requirements for the security-minded management of projects utilizing digital technologies, associated control systems, for example building management systems, digital built environments and smart asset management. It outlines security threats to information during asset:.
• conception, strategy and briefing;
• procurement;
• design;
• construction;
• commissioning and handover;
• operation and maintenance;
• performance management;
• change of use/modification; and
• disposal/demolition.
It will explain the need for, and application of,trustworthiness and security controls throughout a built asset’s lifecycle (including the full project lifecycle) to deliver a holistic approach encompassing:
• safety;
• authenticity;
• availability (including reliability);
• confidentiality;
• integrity;
• possession;
• resilience; and
• utility.
The standard will address the steps required to create and cultivate an appropriate safety and security mindset and culture across many partners, including the need to monitor and audit compliance.
It will provide a foundation to support the evolution of future digital built environments, for example intelligent buildings, infrastructure and smart cities, but does not detail technical architectures for their implementation. While the processes contained within it may be applicable to other data management systems, this PAS does not specifically address issues relating to these systems.

Organisation von Daten zu Bauwerken - Informationsmanagement mit BIM - Teil 5: Spezifikation für Sicherheitsbelange von BIM, der digitalisierten Bauwerke und smarten Assetmanagement (ISO 19650-5:2020)

1   Anwendungsbereich
Dieses Dokument legt die Grundsätze und Anforderungen eines ausgereiften sicherheitsbewussten Informationsmanagements fest, das als „Bauwerksinformationsmodellierung (BIM) nach der Normenreihe ISO 19650“, und wie in ISO 19650 1 festgelegt, beschrieben werden kann, und behandelt das sicherheitsbewusste Management von sensiblen Informationen, die als Teil von oder im Zusammenhang mit einer Initiative, einem Projekt, einem Asset, einem Produkt oder einer Dienstleistung erhalten, erstellt, verarbeitet und gespeichert werden.
Es adressiert die Schritte, die erforderlich sind, um ein angemessenes und verhältnismäßiges Sicherheitsbewusstsein und eine entsprechende Sicherheitskultur für Organisationen zu schaffen und zu erhalten, die Zugriff auf sensible Informationen haben, einschließlich der Notwendigkeit, die Einhaltung der Sicherheitsanforderungen zu überwachen und zu prüfen.
Der beschriebene Ansatz kann über den gesamten Lebenszyklus einer Initiative, eines Projekts, eines Assets, eines Produkts oder einer Dienstleistung, egal ob in Planung oder bereits vorhanden, angewendet werden, in dem/der sensible Informationen erhalten, erstellt, verarbeitet und/oder gespeichert werden.
Dieses Dokument ist zur Anwendung durch jede Organisation vorgesehen, die beteiligt ist an der Anwendung des Informationsmanagements und an Technologien bei der Bedarfsfeststellung, der Planung, der Bauausführung, der Herstellung, des Betriebs, des Managements, der Modifizierung, der Verbesserung, dem Rückbau und/oder dem Recycling von Assets oder Produkten sowie an der Bereitstellung von Dienstleistungen in der gebauten Umwelt. Sie wird auch für Organisationen interessant sein, die ihre Geschäftsinformationen, ihre persönlichen Informationen und ihr geistiges Eigentum schützen möchten.

Organisation des informations concernant les ouvrages de construction -- Gestion de l'information par la modélisation des informations de la construction (ISO 19650-5:2020)

Le présent document spécifie les principes et les exigences relatifs à la gestion de l'information axée sur la sécurité à un stade de maturité décrit comme la « modélisation des informations de la construction (BIM) selon la série ISO 19650 », et comme défini dans l'ISO 19650-1, ainsi qu'à la gestion axée sur la sécurité des informations sensibles qui sont obtenues, créées, traitées et stockées dans le cadre de tout autre initiative, projet, actif, produit ou service, ou en relation avec ceux-ci.
Il traite des étapes requises pour créer et développer une culture et un état d'esprit de sécurité appropriés et proportionnés au sein des organismes ayant accès à des informations sensibles, y compris la nécessité de surveiller et de vérifier la conformité.
L'approche décrite est applicable pendant tout le cycle de vie d'une initiative, d'un projet, d'un actif, d'un produit ou d'un service, qu'il soit planifié ou existant, au cours duquel des informations sensibles sont obtenues, créées, traitées et/ou stockées.
Le présent document est destiné à être utilisé par tout organisme concerné par l'utilisation de technologies et de la gestion de l'information dans la création, la conception, la construction, la fabrication, l'exploitation, la gestion, la modification, l'amélioration, la démolition et/ou le recyclage d'actifs ou de produits, ainsi que la prestation de services, dans l'environnement bâti. Il sera également intéressant et pertinent pour les organismes qui souhaitent protéger leurs informations commerciales, leurs informations personnelles et leur propriété intellectuelle.

Organizacija in digitalizacija informacij v gradbeništvu - Upravljanje informacij z BIM - 5. del: Varnostni pristop k upravljanju informacij (ISO 19650-5:2020)

General Information

Status
Published
Public Enquiry End Date
12-Sep-2019
Publication Date
02-Sep-2020
ICS
35.240.67 - IT applications in building and construction industry
91.010.01 - Construction industry in general
Technical Committee
BIM - Building Information Modelling (BIM)
Current Stage
6060 - National Implementation/Publication (Adopted Project)
Start Date
12-Aug-2020
Due Date
17-Oct-2020
Completion Date
03-Sep-2020
Ref Project
EN ISO 19650-5:2020 - Organization and digitization of information about buildings and civil engineering works, including building information modelling (BIM) - Information management using building information modelling - Part 5: Security-minded approach to information management (ISO 19650-5:2020)

Buy Standard

SIST EN ISO 19650-5:2020SIST EN ISO 19650-5:2020
PreviousNext
Standard
SIST EN ISO 19650-5:2020
English language
40 pages
sale 10% off
Preview
sale 10% off
Preview
e-Library read for
1 day

Standards Content (Sample)

SLOVENSKI STANDARD
SIST EN ISO 19650-5:2020
01-oktober-2020

Organizacija in digitalizacija informacij v gradbeništvu - Upravljanje informacij z

BIM - 5. del: Varnostni pristop k upravljanju informacij (ISO 19650-5:2020)

Organization and digitization of information about buildings and civil engineering works,

including building information modelling (BIM) - Information management using building

information modelling - Part 5: Security-minded approach to information management

(ISO 19650-5:2020)
Organisation von Daten zu Bauwerken - Informationsmanagement mit BIM - Teil 5:

Spezifikation für Sicherheitsbelange von BIM, der digitalisierten Bauwerke und smarten

Assetmanagement (ISO 19650-5:2020)

Organisation des informations concernant les ouvrages de construction -- Gestion de

l'information par la modélisation des informations de la construction (ISO 19650-5:2020)

Ta slovenski standard je istoveten z: EN ISO 19650-5:2020
ICS:
35.240.67 Uporabniške rešitve IT v IT applications in building
gradbeništvu and construction industry
91.010.01 Gradbeništvo na splošno Construction industry in
general
SIST EN ISO 19650-5:2020 en,fr,de

2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.

---------------------- Page: 1 ----------------------
SIST EN ISO 19650-5:2020
---------------------- Page: 2 ----------------------
SIST EN ISO 19650-5:2020
EN ISO 19650-5
EUROPEAN STANDARD
NORME EUROPÉENNE
July 2020
EUROPÄISCHE NORM
ICS 35.240.67; 91.010.01
English Version
Organization and digitization of information about
buildings and civil engineering works, including building
information modelling (BIM) - Information management
using building information modelling - Part 5: Security-
minded approach to information management (ISO 19650-
5:2020)

Organisation et numérisation des informations Organisation von Daten zu Bauwerken -

relatives aux bâtiments et ouvrages de génie civil, y Informationsmanagement mit BIM - Teil 5:

compris modélisation des informations de la Spezifikation für Sicherheitsbelange von BIM, der

construction (BIM) - Gestion de l'information par la digitalisierten Bauwerke und des smarten

modélisation des informations de la construction - Assetmanagements (ISO 19650-5:2020)

Partie 5: Approche de la gestion de l'information axée
sur la sécurité (ISO 19650-5:2020)
This European Standard was approved by CEN on 15 June 2020.

CEN members are bound to comply with the CEN/CENELEC Internal Regulations which stipulate the conditions for giving this

European Standard the status of a national standard without any alteration. Up-to-date lists and bibliographical references

concerning such national standards may be obtained on application to the CEN-CENELEC Management Centre or to any CEN

member.

This European Standard exists in three official versions (English, French, German). A version in any other language made by

translation under the responsibility of a CEN member into its own language and notified to the CEN-CENELEC Management

Centre has the same status as the official versions.

CEN members are the national standards bodies of Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia,

Finland, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway,

Poland, Portugal, Republic of North Macedonia, Romania, Serbia, Slovakia, Slovenia, Spain, Sweden, Switzerland, Turkey and

United Kingdom.
EUROPEAN COMMITTEE FOR STANDARDIZATION
COMITÉ EUROPÉEN DE NORMALISATION
EUROPÄISCHES KOMITEE FÜR NORMUNG
CEN-CENELEC Management Centre: Rue de la Science 23, B-1040 Brussels

© 2020 CEN All rights of exploitation in any form and by any means reserved Ref. No. EN ISO 19650-5:2020 E

worldwide for CEN national Members.
---------------------- Page: 3 ----------------------
SIST EN ISO 19650-5:2020
EN ISO 19650-5:2020 (E)
Contents Page

European foreword ....................................................................................................................................................... 3

---------------------- Page: 4 ----------------------
SIST EN ISO 19650-5:2020
EN ISO 19650-5:2020 (E)
European foreword

This document (EN ISO 19650-5:2020) has been prepared by Technical Committee ISO/TC 59

"Buildings and civil engineering works" in collaboration with Technical Committee CEN/TC 442

“Building Information Modelling (BIM)” the secretariat of which is held by SN.

This European Standard shall be given the status of a national standard, either by publication of an

identical text or by endorsement, at the latest by January 2021, and conflicting national standards shall

be withdrawn at the latest by January 2021.

Attention is drawn to the possibility that some of the elements of this document may be the subject of

patent rights. CEN shall not be held responsible for identifying any or all such patent rights.

According to the CEN-CENELEC Internal Regulations, the national standards organizations of the

following countries are bound to implement this European Standard: Austria, Belgium, Bulgaria,

Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Iceland,

Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Republic of

North Macedonia, Romania, Serbia, Slovakia, Slovenia, Spain, Sweden, Switzerland, Turkey and the

United Kingdom.
Endorsement notice

The text of ISO 19650-5:2020 has been approved by CEN as EN ISO 19650-5:2020 without any

modification.
---------------------- Page: 5 ----------------------
SIST EN ISO 19650-5:2020
---------------------- Page: 6 ----------------------
SIST EN ISO 19650-5:2020
INTERNATIONAL ISO
STANDARD 19650-5
First edition
2020-06
Organization and digitization of
information about buildings and civil
engineering works, including building
information modelling (BIM) —
Information management using
building information modelling —
Part 5:
Security-minded approach to
information management
Organisation et numérisation des informations relatives aux
bâtiments et ouvrages de génie civil, y compris modélisation des
informations de la construction (BIM) — Gestion de l’information par
la modélisation des informations de la construction —
Partie 5: Approche de la gestion de l’information axée sur la sécurité
Reference number
ISO 19650-5:2020(E)
ISO 2020
---------------------- Page: 7 ----------------------
SIST EN ISO 19650-5:2020
ISO 19650-5:2020(E)
COPYRIGHT PROTECTED DOCUMENT
© ISO 2020

All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may

be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting

on the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address

below or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland
ii © ISO 2020 – All rights reserved
---------------------- Page: 8 ----------------------
SIST EN ISO 19650-5:2020
ISO 19650-5:2020(E)
Contents Page

Foreword ..........................................................................................................................................................................................................................................v

Introduction ................................................................................................................................................................................................................................vi

1 Scope ................................................................................................................................................................................................................................. 1

2 Normative references ...................................................................................................................................................................................... 1

3 Terms and definitions ..................................................................................................................................................................................... 1

4 Establishing the need for a security-minded approach using a sensitivity

assessment process ........................................................................................................................................................................................... 3

4.1 Undertaking a sensitivity assessment process ............................................................................................................ 3

4.2 Understanding the range of security risks ...................................................................................................................... 4

4.3 Identifying organizational sensitivities ............................................................................................................................. 4

4.4 Establishing any third-party sensitivities ........................................................................................................................ 5

4.5 Recording the outcome of the sensitivity assessment .......................................................................................... 5

4.6 Reviewing the sensitivity assessment ................................................................................................................................ 5

4.7 Determining whether a security-minded approach is required .................................................................. 5

4.8 Recording the outcome of the application of the security triage process ............................................ 6

4.9 Security-minded approach required .................................................................................................................................... 7

4.10 No security-minded approach required ............................................................................................................................ 7

5 Initiating the security-minded approach .................................................................................................................................... 7

5.1 Establishing governance, accountability and responsibility for the security-

minded approach .................................................................................................................................................................................. 7

5.2 Commencing the development of the security-minded approach ............................................................. 8

6 Developing a security strategy ............................................................................................................................................................... 9

6.1 General ........................................................................................................................................................................................................... 9

6.2 Assessing the security risks ......................................................................................................................................................... 9

6.3 Developing security risk mitigation measures .........................................................................................................10

6.4 Documenting residual and tolerated security risks .............................................................................................10

6.5 Review of the security strategy .............................................................................................................................................11

7 Developing a security management plan .................................................................................................................................11

7.1 General ........................................................................................................................................................................................................11

7.2 Provision of information to third parties ......................................................................................................................12

7.3 Logistical security..............................................................................................................................................................................12

7.4 Managing accountability and responsibility for security ................................................................................13

7.5 Monitoring and auditing ..............................................................................................................................................................13

7.6 Review of the security management plan ....................................................................................................................13

8 Developing a security breach/incident management plan ...................................................................................14

8.1 General ........................................................................................................................................................................................................14

8.2 Discovery of a security breach or incident ..................................................................................................................14

8.3 Containment and recovery ........................................................................................................................................................15

8.4 Review following a security breach or incident ......................................................................................................15

9 Working with appointed parties .......................................................................................................................................................15

9.1 Working outside formal appointments ...........................................................................................................................15

9.2 Measures contained in appointment documentation ........................................................................................16

9.3 Post appointment award .............................................................................................................................................................17

9.4 End of appointment .........................................................................................................................................................................17

Annex A (informative) Information on the security context.....................................................................................................18

Annex B (informative) Information on types of personnel, physical, and technical security

controls and management of information security ......................................................................................................20

Annex C (informative) Assessments relating to the provision of information to third parties ............24

Annex D (informative) Information sharing agreements ............................................................................................................26

© ISO 2020 – All rights reserved iii
---------------------- Page: 9 ----------------------
SIST EN ISO 19650-5:2020
ISO 19650-5:2020(E)

Bibliography .............................................................................................................................................................................................................................28

iv © ISO 2020 – All rights reserved
---------------------- Page: 10 ----------------------
SIST EN ISO 19650-5:2020
ISO 19650-5:2020(E)
Foreword

ISO (the International Organization for Standardization) is a worldwide federation of national standards

bodies (ISO member bodies). The work of preparing International Standards is normally carried out

through ISO technical committees. Each member body interested in a subject for which a technical

committee has been established has the right to be represented on that committee. International

organizations, governmental and non-governmental, in liaison with ISO, also take part in the work.

ISO collaborates closely with the International Electrotechnical Commission (IEC) on all matters of

electrotechnical standardization.

The procedures used to develop this document and those intended for its further maintenance are

described in the ISO/IEC Directives, Part 1. In particular, the different approval criteria needed for the

different types of ISO documents should be noted. This document was drafted in accordance with the

editorial rules of the ISO/IEC Directives, Part 2 (see www .iso .org/ directives).

Attention is drawn to the possibility that some of the elements of this document may be the subject of

patent rights. ISO shall not be held responsible for identifying any or all such patent rights. Details of

any patent rights identified during the development of the document will be in the Introduction and/or

on the ISO list of patent declarations received (see www .iso .org/ patents).

Any trade name used in this document is information given for the convenience of users and does not

constitute an endorsement.

For an explanation of the voluntary nature of standards, the meaning of ISO specific terms and

expressions related to conformity assessment, as well as information about ISO's adherence to the

World Trade Organization (WTO) principles in the Technical Barriers to Trade (TBT), see www .iso .org/

iso/ foreword .html.

This document was prepared by Technical Committee ISO/TC 59, Buildings and civil engineering works,

Subcommittee SC 13, Organization and digitization of information about buildings and civil engineering

works, including building information modelling (BIM), in collaboration with the European Committee

for Standardization (CEN) Technical Committee CEN/TC 442 Building Information Modelling (BIM), in

accordance with the Agreement on technical cooperation between ISO and CEN (Vienna Agreement).

A list of all parts in the ISO 19650 series can be found on the ISO website.

Any feedback or questions on this document should be directed to the user’s national standards body. A

complete listing of these bodies can be found at www .iso .org/ members .html.
© ISO 2020 – All rights reserved v
---------------------- Page: 11 ----------------------
SIST EN ISO 19650-5:2020
ISO 19650-5:2020(E)
Introduction

The built environment is experiencing a period of rapid evolution. It is anticipated that the adoption

of building information modelling (BIM) and the increasing use of digital technologies in the design,

construction, manufacture, operation and management of assets or products, as well as the provision

of services, within the built environment will have a transformative effect on the parties involved. It

is likely that to increase effectiveness and efficiency, initiatives or projects that are developing new

assets or solutions, or modifying or managing existing ones, must become more collaborative in nature.

Such collaboration requires more transparent, open ways of working, and, as much as possible, the

appropriate sharing and use of digital information.

The combined physical and digital built environment will need to deliver future fiscal, financial,

functional, sustainability and growth objectives. This will have an impact on procurement, delivery and

operational processes, including greater cross-discipline and sector collaboration. It will also lead to an

increased use of digital tools and availability of information. The use of computer-based technologies

is already supporting new ways of working, such as the development of off-site, factory-based

fabrication and on-site automation. Sophisticated cyber-physical systems, by using sensors (the cyber

or computation element) to control or influence physical parts of the system, are able to work in real-

time to influence outcomes in the real world. It is anticipated that such systems will be used to achieve

benefits such as increases in energy efficiency and better asset lifecycle management by capturing

real-time information about asset use and condition. They can already be found in transportation,

utilities, infrastructure, buildings, manufacturing, health care and defence, and when able to interact as

integrated cyber-physical environments, can be used in the development of smart communities.

As a consequence of this increasing use of, and dependence on, information and communications

technologies, there is a need to address inherent vulnerability issues, and therefore the security

implications that arise, whether for built environments, assets, products, services, individuals or

communities, as well as any associated information.

This document provides a framework to assist organizations in understanding the key vulnerability

issues and the nature of the controls required to manage the resultant security risks to a level that

is tolerable to the relevant parties. Its purpose is not in any way to undermine collaboration or the

benefits that BIM, other collaborative work methods and digital technologies can generate.

The term organization captures not only appointing parties and appointed parties, as defined in

ISO 19650-1, but also demand-side organizations who are not directly involved in an appointment.

Information security requirements for an individual organization, organizational department or

system are set out in ISO/IEC 27001 but cannot be applied across multiple organizations. BIM and other

digital collaborative work methods and technologies generally involve the collaborative sharing of

information across a broad range of independent organizations within the built environment sector.

Therefore, this document encourages the adoption of a security-minded, risk-based approach that can

be applied across, as well as within, organizations. The appropriate and proportionate nature of the

approach also has the benefit that measures should not prohibit the involvement of small and medium-

sized enterprises in the delivery team.

The security-minded approach can be applied throughout the lifecycle of an initiative, project, asset,

product or service, whether planned or existing, where sensitive information is obtained, created,

processed and/or stored.

Figure 1 shows the integration of this security-minded approach with other organizational strategies,

policies, plans and information requirements for the digitally-enabled delivery of projects, and the

maintenance and operation of assets, using BIM.
vi © ISO 2020 – All rights reserved
---------------------- Page: 12 ----------------------
SIST EN ISO 19650-5:2020
ISO 19650-5:2020(E)
Key
A coordinated and consistent strategies and policies
B coordinated and consistent plans
C coordinated and consistent information requirements
D activities undertaken during the operational phase of assets

E activities undertaken during the delivery phase of the asset (see also ISO 19650-2)

1 organizational plans and objectives
2 strategic asset management plan/policy (see ISO 55000)
3 security strategy
4 other organizational strategies and policy
5 asset management plan (see ISO 55000)
6 security management plan
7 other organizational plans
8 asset information requirements (AIR)

9 security information requirements (which form part of the security management plan)

10 organizational information requirements (OIR)
11 strategic business case and strategic brief
12 asset operational use
13 performance measurement and improvement actions
NOTE No order is implied by the numbering in A, B and C.

Figure 1 — The integration of the security-minded approach within the wider BIM process

NOTE Refer to ISO 19650-1 for concepts and principles including OIR and AIR to assist further understanding

of security-mindedness within the context of the ISO 19650 series.

The process for deciding on the need for and, where appropriate, implementing a security-minded

approach in relation information management is summarised in Figure 2.
© ISO 2020 – All rights reserved vii
---------------------- Page: 13 ----------------------
SIST EN ISO 19650-5:2020
ISO 19650-5:2020(E)
Key
A initiate a security-minded approach
B develop a security strategy
C develop a security management plan
Y yes
N no

1 determine, using the security triage process whether a security-minded approach is required

2 establish governance, accountability and responsibility arrangements for the security-minded approach

3 commence development of the security-minded approach
4 assess the security risks
5 develop security mitigation measures
6 document tolerated security risks
7 develop policies and processes to implement the security mitigation measures
8 develop security information requirements
9 develop requirements relating to provision of information to third parties
10 develop logistical security requirements
11 develop a security breach/incident management plan

12 work with appointed parties in and out of formal contracts to embed the security-minded approach,

including the development of information sharing agreements where necessary
13 monitor, audit and review

14 protect any sensitive commercial and personal information (no other security-minded approach required)

15 review if there is change in the initiative, project, asset, product or service which may impact on its sensitivity

Figure 2 — The process for implementing the security-minded approach set out in this

document
viii © ISO 2020 – All rights reserved
---------------------- Page: 14 ----------------------
SIST EN ISO 19650-5:2020
ISO 19650-5:2020(E)

Implementation of the measures outlined in this document will assist in reducing the risk of the loss,

misuse or modification of sensitive information that can impact on the safety, security and resilience

of assets, products, the built environment, or the services provided by, from or through them. It will

also assist in protecting against the loss, theft or disclosure of commercial information, personal

information and intellectual property. Any such incidents can lead to significant reputational damage,

impacting through lost opportunities and the diversion of resources to handle investigation, resolution

and media activities, in addition to the disruption of, and delay to, day-to-day operational activities.

Further, where incidents do occur and information has been made publicly available, it is virtually

impossible to recover all of that information or to prevent ongoing distribution.

© ISO 2020 – All rights reserved ix
---------------------- Page: 15 ----------------------
SIST EN ISO 19650-5:2020
---------------------- Page: 16 ----------------------
SIST EN ISO 19650-5:2020
INTERNATIONAL STANDARD ISO 19650-5:2020(E)
Organization and digitization of information about
buildings and civil engineering works, including building
information modelling (BIM) — Information management
using building information modelling —
Part 5:
Security-minded approach to information management
1 Scope

This document specifies the principles and requirements for security-minded information management

at a stage of maturity described as “building information modelling (BIM) according to the ISO 19650

series”, and as defined in ISO 19650-1, as well as the security-minded management of sensitive

information that is obtained, created, processed and stored as part of, or in relation to, any other

initiative, project, asset, product or service.

It addresses the steps required to create and cultivate an appropriate and proportionate security

mindset and culture across organizations with access to sensitive information, including the need to

monitor and audit compliance.

The approach outlined is applicable throughout the lifecycle of an initiative, project, asset, product or

service, whether planned or existing, where sensitive information is obtained, created, processed and/

or stored.

This document is intended for use by any organization involved in the use of information management

and technologies in the creation, design, construction, manufacture, operation, management,

modification, improvement, demolition and/or recycling of assets or products, as well as the provision

of services, within the built environment. It will also be of interest and relevance to those organizations

wishing to protect their commercial information, personal information and intellectual property.

2 Normative references

The following documents are referred to in the text in such a way that some or all of their content

constitutes requirements of this document. For dated references, only the edition cited applies. For

undated references, the latest edition of the referenced document (including any amendments) applies.

ISO 19650-2, Organization and digitization of information about buildings and civil engineering works,

including building information modelling (BIM) — Information management using building information

modelling — Part 2: Delivery phase of the assets

ISO 19650-3 , Organization and digitization of information about buildings and civil engineering works,

including building information modelling (BIM) — Information management using building information

modelling — Part 3: Operational phas
...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.

This May Also Interest You

SIST
SIST EN ISO 12006-3:2022(Main)
Building construction - Organization of information about construction works - Part 3: Framework for object-oriented information (ISO 12006-3:2022)
EN ISO 12006-3:2022

This document specifies a language-independent information model which can be used for the
development of dictionaries used to store or provide information about construction works. The model
is extended by instantiating content, such as further objects and their relationships, allowing the
content to serve as an ontology, taxonomy, meronomy, lexicon and thesaurus.
NOTE 1 Lexicons are resources for comprising lexical entries for a given language
NOTE 2 Meronomies are type of hierarchies which deals with part-whole relationships
NOTE 3 Ontologies are formal, explicit specification of a shared conceptualizationIt enables classification
systems, information models, object models, data templates and process models to be cross-referenced from
within a common framework.
This document provides the description of an API allowing the interconnection of data dictionaries as
described in ISO 23386.

  • Standard
    52 pages
    English language
    sale 10% off
    e-Library read for
    1 day
  • Draft
    78 pages
    English language
    sale 10% off
    e-Library read for
    1 day
SIST
SIST-TP CEN/TR 17741:2022(Main)
Guidance for understanding and utilize EN/ISO 29481-1 Building information models - Information delivery manual - Part 1: Methodology and format
CEN/TR 17741:2021

This document provides a guidance on how to develop an Information Delivery Manual (IDM) in compliance with EN ISO 29481-1 hereafter referred to as the "IDM standard". This document explains the core components and development process of the IDM methodology in non-technical terms. This guidance aims to help users and software vendors understand and utilise the IDM standard in defining information requirements and deliverables.
The technical implementation of IDM in a data model, Model View Definition 1) (MVD), is excluded from this guideline’s scope. IDM standard introduces the MVD concept but does not specify it in detail.
This guidance also utilises some transaction framework concepts introduced in EN ISO 29481-2. The technical XML- and XSD-schema definitions supporting the software solutions are excluded from this guidance.
1) An MVD defines a data model or a subset of an existing data model that is necessary to support one or many specific data exchange requirements. MVDs are used in software development and should have a machine-readable representation. An MVD that is dedicated to a single IDM can be used to filter information in software tools to a specific exchange requirement. [SOURCE: EN ISO 29481-1:2017, 5.6.4].
1.1   Background
This guideline primary reference is the IDM standard part 1 (EN ISO 29481-1:2017) (hereafter referred to as IDM standard). This guideline helps in understanding and using the IDM standard to describe information delivery. The guidance also uses some concepts described in part 2 of the IDM standard series (EN ISO 29481-2:2016). Considerable efforts have been made to align this guidance with the terminology and concepts introduced in EN ISO 19650-1 and EN ISO 19650-2.
Information Delivery Manual specification (hereafter referred to as the IDM specification) provides help in getting the full benefit from building information modelling (BIM). When the required information is available in the BIM to support a construction process or use case, and the quality of information is satisfactory, the process itself is much improved. The IDM standard provides a method to create the specification.
A complete IDM specification should support two perspectives: user requirements and technical solutions. User requirements describe the needed information delivery and the overall process in which information exchange occurs. The technical solution defines an exchange requirement model using a harmonised data schema.
EN ISO 29481-1 provides a methodology and a harmonised format to specify information requirements. It offers a framework and method to determine the needed information delivery with process maps and exchange requirements.
EN ISO 29481-2 specifies an interaction framework and format to describe "coordination acts" between actors or parties within an appointment. It facilitates interoperability between software applications used in the construction process to promote digital collaboration between actors in the building construction process. Also, it provides a basis for accurate, reliable, repeatable, and high-quality information exchange.
1.2   Users of this guidance document
This guidance document is intended for clients, architects, engineers, contractors, surveyors, authorities, and other parties who need to specify or implement information delivery. Originally, the IDM standard was focused on defining BIM deliverables, but the possible application of the standard is much broader. It can be used to specify any requirement for information delivery.
Although software developers and technology adapters are not the primary audiences of this guidance document, it may help them better understand existing IDMs and develop their own IDMs.
1.3   Relation to EN ISO 19650
The IDM standard is a process-oriented methodology used to describe the information exchange requirements for a particular purpose which may complement the information-management approach outlined in the EN ISO 19650 series...

  • Technical report
    19 pages
    English language
    sale 10% off
    e-Library read for
    1 day
SIST
SIST-TP CEN/TR 17654:2021(Main)
Guideline for the implementation of BIM Execution Plans (BEP) and Exchange Information Requirements (EIR) on European level based on EN ISO 19650-1 and -2
CEN/TR 17654:2021

BIM Execution Plans (BEP) and Exchange Information requirements (EIR) are central complementary documents for the definition of information requirements and how to process them in collaborative BIM environments.
Where EIR defines the Exchange information requirements of an appointing party and BEP – the BIM execution Plan – is the plan how to fulfill these requirements by the appointed parties.
This work item will
•   examine and explain the demands for Exchange Information Requirements (EIR) and BIM execution Plans (BEP) based on EN/ISO 19650-1 and -2.
•   Provide guidance for the implementation of EIR and BEP
•   Provide templates for the creation of EIR and BEP

  • Technical report
    55 pages
    English language
    sale 10% off
    e-Library read for
    1 day
SIST
SIST EN ISO 21597-2:2021(Main)
Information container for linked document delivery - Exchange specification - Part 2: Link types (ISO 21597-2:2020)
EN ISO 21597-2:2020

This document provides the opportunity to add information about the contents of a container by further
specializing the generic types of links specified in ISO 21597-1. The defined link types have been chosen
to enhance the use of the container by allowing the addition of semantic relationships that are human
interpretable to provide greater clarity about those links.

  • Standard
    29 pages
    English language
    sale 10% off
    e-Library read for
    1 day
SIST
SIST EN 17412-1:2021(Main)
Building Information Modelling - Level of Information Need - Part 1: Concepts and principles
EN 17412-1:2020

This document specifies concepts and principles to establish a methodology for specifying level of information need and information deliveries in a consistent way when using Building Information Modelling (BIM).
This document specifies the characteristics of different levels used for defining the detail and extent of information required to be exchanged and delivered throughout the life cycle of built assets. It gives guidelines for principles required to specify information needs.
The concepts and principles in this document can be applied for a general information exchange and whilst in progress, for a generally agreed way of information exchange between parties in a collaborative work process, as well as for a contractually specified information delivery.
The level of information need provides methods for describing information to be exchanged according to exchange information requirements. The exchange information requirements specify the wanted information exchange. The result of this process is an information delivery.
The concepts and principles contained in this document are applicable to all those involved in the asset life cycle. This includes, but is not limited to, the asset owner/operator, the project client, the asset manager, the design team, the construction supply chain, the equipment manufacturer, the system specialist, the regulator, and the end-user.

  • Standard
    25 pages
    English language
    sale 10% off
    e-Library read for
    1 day
SIST
SIST-TP CEN/TR 17439:2020(Main)
Guidance on how to implement EN ISO 19650-1 and -2 in Europe
CEN/TR 17439:2020

The scope of this guidance is deliberately restricted only to refer to EN ISO 19650-1 and -2, highlighting and describing the manner in which to use it -and not extending or contradicting the scope and content of the standard  The document aims simply to provide minimum supporting text to achieve a basic understanding and ability to implement EN ISO 19650-1 and -2. In each country, each client, each team can use this guidance to provide the best response to information management in each project.  
This document explains the terms and definitions, explains the concepts and principles and how to use them, and gives typical examples with clear explanations.
It should be noted that in this guidance, Information Management is considered as a part of the Project Management.
This guidance is intended to demonstrate how the standard works at European level, which is neutral, agnostic, and applicable to any of the following circumstances:
-   the nature of contracts: e. g. public; private, alliances, global, partnership,
-   the actors' functions: e. g. through the programming, design, construction phases, from small agencies, SMEs to large firms, large companies,
-   the types of works: e. g. simple, complex, new, rehabilitated, housing, infrastructure.

  • Technical report
    63 pages
    English language
    sale 10% off
    e-Library read for
    1 day
SIST
SIST EN ISO 23387:2020(Main)
Building Information Modelling (BIM) - Data templates for construction objects used in the life cycle of any built asset - Concepts and principles (ISO 23387:2020)
EN ISO 23387:2020

This International standard sets out the concepts, principles and the general structure for product data templates for products used in construction works. This general structure can be used to describe any product, e.g. in the domains of construction products, mechanical products, electrical products, plumbing products, and HVAC products.
This standard gives the specification of a taxonomy model based on ISO 12006-3 Building construction -- Organization of information about construction works -- Part 3: Framework for object-oriented information, that provides a methodology for creating concepts, grouping concepts, and defining relationships between concepts. Concepts defined in this standard are representing reference documents, product types, properties, property sets, quantities, units and values, with relationships between the concepts to provide the formal description of the product type as well as its typical behavior. This structure of concepts and relationships forms the basis for a product data template.
This standard describes how product data templates shall be linked to IFC classes according EN ISO 16739 - Industry Foundation Classes (IFC) for data sharing in the construction and facility management industries, by describing the general rule for creating relations between xtdsubject and xtdproperty with Ifc entities and Ifc properties in a data dictionary based on EN ISO 12006-3 Building construction -- Organization of information about construction works -- Part 3: Framework for object-oriented information.
This standard describes the general product data template structure that shall be used for developing specific product data templates based on domain and/or specific areas such as standards developed in ISO/IEC, CEN/CENELEC, ASTM, ANSI, etc.

  • Standard
    25 pages
    English language
    sale 10% off
    e-Library read for
    1 day
SIST
SIST EN ISO 19650-3:2020(Main)
Organization and digitization of information about buildings and civil engineering works, including building information modelling (BIM) - Information management using building information modelling - Part 3: Operational phase of the assets (ISO 19650-3:2020)
EN ISO 19650-3:2020

This new Standard will specify requirements for information management in relation to the operation and maintenance of assets (buildings and infrastructure)
It will cover the information management processes to:
a)    establish an asset breakdown structure and data dictionary;
b)    establish and fulfil the organization’s requirements for information throughout the operational phase of an asset and for operational information throughout the delivery phase of an asset;
c)    create an asset information model (AIM) for an existing asset or portfolio of assets;
d)    create an AIM from selected contents of a project information model (PIM) from a construction project;
e)    exchange asset information with appointed parties (service providers) during operation and maintenance activities, and also during construction projects.
f)    revise the AIM as the asset changes
g)    record information relating to the disposal, decommissioning or demolition of an asset;
h)    use the AIM to support organizational business processes; and
i)    hold the AIM as a resource for the organization.
NOTE 1 In developing and implementing these processes it is important to consider ISO 19650-5 and the need for adoption of appropriate and proportionate security-minded policies, processes and procedures to ensure that sensitive assets and data/information are afforded appropriate protection.
NOTE 2 References to information should be understood to cover both data and information relevant to both asset and facilities management.
This standard will be for use by organizations and individuals responsible for the operation, maintenance and strategic management of assets. It will also be of use to individuals involved in exchanging information from a PIM to and from an AIM. In addition, it will be of use to individuals involved in exchanging information throughout the life of an asset.
The standard will not cover detailed information content as this can only be defined in the information requirements which are developed by the organization. However, the standard will identify activities and documents which define information content.

  • Standard
    43 pages
    English language
    sale 10% off
    e-Library read for
    1 day
SIST
SIST EN ISO 21597-1:2020(Main)
Information container for linked document delivery - Exchange specification - Part 1: Container (ISO 21597-1:2020)
EN ISO 21597-1:2020

This document defines an open and stable container format to exchange files of a heterogeneous nature
to deliver, store and archive documents that describe an asset throughout its entire lifecycle.
It is suitable for all parties dealing with information concerning the built environment, where there is
a need to exchange multiple documents and their interrelationships, either as part of the process or
as contracted deliverables. The format is intended to use resources either included in the container
(such as documents) or referenced remotely (such as web resources). A key feature is that the container
can include information about the relationships between the documents. Relevant use-cases reflect the
need for information exchange during the entire life cycle of any built asset and can include, but are not
limited to, the handover of
1. a published bidding package,
2. required project deliverables at a specific project stage (e.g. when proposing different design
scenarios),
3. shared information as background or for further development,
4. published approval packages, or
5. information about versions between partners to provide a means to reference particular states of
the information and track changes.

  • Standard
    49 pages
    English language
    sale 10% off
    e-Library read for
    1 day
SIST
SIST EN ISO 23386:2020(Main)
Building information modelling and other digital processes used in construction - Methodology to describe, author and maintain properties in interconnected data dictionaries (ISO 23386:2020)
EN ISO 23386:2020

This European standard establishes the rules for defining properties used in construction and a methodology for authoring and maintaining them, for a confident and seamless digital share between stakeholders.
Regarding definition of properties, it provides:
•   rules of definitions of properties
•   definition of property’s attributes
Regarding authoring and maintaining process, it provides:
•   definition of request’s attributes
•   definition and role of experts;
•   a governance model through the establishment of steering committee;
•   management rules to interconnect dictionaries through properties mapping process.

  • Standard
    48 pages
    English language
    sale 10% off
    e-Library read for
    1 day