BS EN ISO 19650-5:2020
$167.15
Organization and digitization of information about buildings and civil engineering works, including building information modelling (BIM). Information management using building information modelling – Security-minded approach to information management
| Published By | Publication Date | Number of Pages |
| BSI | 2020 | 44 |
This document specifies the principles and requirements for security-minded information management at a stage of maturity described as “building information modelling (BIM) according to the ISO 19650 series”, and as defined in ISO 19650-1, as well as the security-minded management of sensitive information that is obtained, created, processed and stored as part of, or in relation to, any other initiative, project, asset, product or service. It addresses the steps required to create and cultivate an appropriate and proportionate security mindset and culture across organizations with access to sensitive information, including the need to monitor and audit compliance. The approach outlined is applicable throughout the lifecycle of an initiative, project, asset, product or service, whether planned or existing, where sensitive information is obtained, created, processed and/or stored. This document is intended for use by any organization involved in the use of information management and technologies in the creation, design, construction, manufacture, operation, management, modification, improvement, demolition and/or recycling of assets or products, as well as the provision of services, within the built environment. It will also be of interest and relevance to those organizations wishing to protect their commercial information, personal information and intellectual property.
PDF Catalog
| PDF Pages | PDF Title |
|---|---|
| 2 | undefined |
| 5 | European foreword Endorsement notice |
| 9 | Foreword |
| 10 | Introduction |
| 15 | 1 Scope 2 Normative references 3 Terms and definitions |
| 17 | 4 Establishing the need for a security-minded approach using a sensitivity assessment process 4.1 Undertaking a sensitivity assessment process |
| 18 | 4.2 Understanding the range of security risks 4.3 Identifying organizational sensitivities |
| 19 | 4.4 Establishing any third-party sensitivities 4.5 Recording the outcome of the sensitivity assessment 4.6 Reviewing the sensitivity assessment 4.7 Determining whether a security-minded approach is required |
| 20 | 4.8 Recording the outcome of the application of the security triage process |
| 21 | 4.9 Security-minded approach required 4.10 No security-minded approach required 5 Initiating the security-minded approach 5.1 Establishing governance, accountability and responsibility for the security-minded approach |
| 22 | 5.2 Commencing the development of the security-minded approach |
| 23 | 6 Developing a security strategy 6.1 General 6.2 Assessing the security risks |
| 24 | 6.3 Developing security risk mitigation measures 6.4 Documenting residual and tolerated security risks |
| 25 | 6.5 Review of the security strategy 7 Developing a security management plan 7.1 General |
| 26 | 7.2 Provision of information to third parties 7.3 Logistical security |
| 27 | 7.4 Managing accountability and responsibility for security 7.5 Monitoring and auditing 7.6 Review of the security management plan |
| 28 | 8 Developing a security breach/incident management plan 8.1 General 8.2 Discovery of a security breach or incident |
| 29 | 8.3 Containment and recovery 8.4 Review following a security breach or incident 9 Working with appointed parties 9.1 Working outside formal appointments |
| 30 | 9.2 Measures contained in appointment documentation |
| 31 | 9.3 Post appointment award 9.4 End of appointment |
| 32 | Annex A (informative) Information on the security context |
| 34 | Annex B (informative) Information on types of personnel, physical, and technical security controls and management of information security |
| 38 | Annex C (informative) Assessments relating to the provision of information to third parties |
| 40 | Annex D (informative) Information sharing agreements |
| 42 | Bibliography |
