FAQs about PAS 1192-5, A Specification for securityminded building information modelling, digital built environments and smart asset management



Similar documents
Introduction. Clarification of terminology

CLOUD-BASED BIM AND SMART ASSET MANAGEMENT: ADOPTING A SECURITY-MINDED APPROACH

OPEN DATA: ADOPTING A SECURITY-MINDED APPROACH

A GOOD PRACTICE GUIDE FOR EMPLOYERS

CPNI VIEWPOINT 01/2010 CLOUD COMPUTING

idata Improving Defences Against Targeted Attack

BYOD Guidance: Architectural Approaches

SPEAR PHISHING UNDERSTANDING THE THREAT

CPNI VIEWPOINT CYBER SECURITY ASSESSMENTS OF INDUSTRIAL CONTROL SYSTEMS

CPNI VIEWPOINT CONFIGURING AND MANAGING REMOTE ACCESS FOR INDUSTRIAL CONTROL SYSTEMS

A specification for security-minded building information modelling, digital built environments and smart asset management

THE IMPORTANCE OF CODE SIGNING TECHNICAL NOTE 02/2005

The Advantages of a Firewall Over an Interafer

TECHNICAL NOTE 01/2006 ENGRESS AND INGRESS FILTERING

Thermal Imaging Test Target THERMAKIN Manufacture and Test Standard

TECHNICAL NOTE 01/02 PROTECTING YOUR COMPUTER NETWORK

Procurement Policy Note Use of Cyber Essentials Scheme certification

CPNI VIEWPOINT 02/2010 PROTECTION OF DATA CENTRES

OUTSOURCING: SECURITY GOVERNANCE FRAMEWORK FOR IT MANAGED SERVICE PROVISION GOOD PRACTICE GUIDE 2 ND EDITION

MANAGE THIRD PARTY RISKS

IMPORTANT IT IS DEAMED THAT YOU HAVE READ AND AGREE TO ALL TERMS & CONDITIONS BEFORE USING THIS WEBSITE.

3.0 ACCEPTANCE OF WORK

Infrastructure-as-a-Service (IaaS) Product Terms

TERMS AND CONDITIONS OF USE OF KUWAIT FINANCE HOUSE BAHRAIN S WEBSITE & INTERNET BANKING SERVICES

Cyber Essentials Scheme

IAAS Product Terms PRODUCT TERMS

WHL Affiliate Terms & Conditions

CPNI VIEWPOINT. SECURITY IMPLICATIONS OF IPv6. Disclaimer: MARCH 2011

App Terms and Conditions!

Welcome to Toozly. These Employer Terms apply to You if You place any Job Ads on Toozly.

TERMS OF USE 1. Definitions

Building Information Modelling (BIM): Addressing the Cyber Security Issues

1. Your Acceptance 2. LKIS App Access 3. Intellectual Property Rights 4. Warranty Disclaimer

Website Terms and Conditions

Next-Generation Building Energy Management Systems

IMPROVE AWARENESS AND SKILLS

WEBSITE TERMS OF USE

CFIR - Finance IT 2015 Cyber security September 2015

Terms of Use Table of Contents 1. General Information 2. Your Agreement to the Terms 3. Changes to the Terms 4. Provision of the Website

TERMS AND CONDITIONS

URM and Its Benefits FAQ

Use of tablet devices in NHS environments: Good Practice Guideline

Terms & Conditions. Introduction. The following terms and conditions govern your use of this website (VirginiaHomeRepair.com).

RedBlack CyBake Online Customer Service Desk

TECHNICAL NOTE 08/04 IINTRODUCTION TO VULNERABILITY ASSESSMENT TOOLS

Department of Treasury and Finance

INTDEV INTERNET TECHNOLOGIES FAX TO TERMS AND CONDITIONS

U.S. News Best Lawyers "Best Law Firms" Publicizing Guidelines

UK Dedicated Servers Limited. Dedicated Server Terms of Service

INSURANCE STANDARDS 20 May 2009

WCCM XII & APCOM VI Secretariat is in Seoul. Your use of will always be

inmarsat.com/isatphone

Supplier Assurance Framework Good Practice Guide

IAM Certificate in Asset Management Ver1.2 January 2013

PerfectForms End-User License Agreement

The products in Clauses 1c and 1d are collectively referred to as Wealth Products.

Terms of Use Gateway Clipper Website

ORACLE BUSINESS INTELLIGENCE APPLICATIONS FOR JD EDWARDS ENTERPRISEONE

OXFORD UNIVERSITY PRESS ONLINE JOURNALS: INSTITUTIONAL ONLINE AGREEMENT

Licence Agreement. Document filename. HSCIC Licence Agreement. Directorate / Programme. Solution, Design, Assurance and Standards. Status.

Third Party Software Used In PLEK500 (Utility for Win) v1.x.xx.xxx

ID number system - Recent revisions to guidelines for protection of personal information -

IPL Service Definition - Data Governance

Navigating the NIST Cybersecurity Framework

Core Fittings C-Core and CD-Core Fittings

Success Factors for Hosted and Managed VoIP in Europe. Margaret Hopkins Edited by Sarah Peake

1.3 These Conditions may only be amended or varied by written agreement signed by both Parties.

Licence Agreement (the Agreement )

Terms of Use. Please read these terms and conditions before using this Site. By continuing to use this Site, you agree to the Terms of Use.

Definitions. Broker means Veda Advantage Information Systems and Solutions Limited;

End User License Agreement

CESG Certification of Cyber Security Training Courses

AMERICAN INSTITUTES FOR RESEARCH OPEN SOURCE SOFTWARE LICENSE

BlackBerry Business Cloud Services. Version: Release Notes

User Agreement. Quality. Value. Efficiency.

GALLAGHER GROUP LIMITED, 181 KAHIKATEA DRIVE, HAMILTON, NEW ZEALAND GALLAGHER

LIST RENTAL PROCESSING ACKNOWLEDGEMENT FORM

Terms and Conditions for HSBC Rewards Programme (April 2015 Edition) 1. HSBC Bank Malaysia Berhad (Company No V) will be referred to as HSBC.

a leading UK law firm Technology Big decisions about the future

Oracle Service Cloud and Oracle Field Service Cloud Accelerator

ENTERPRISE MANAGEMENT AND SUPPORT IN THE AUTOMOTIVE INDUSTRY

Triton Systems of Delaware, LLC. Warranty Statement

SOFTWARE DEVELOPMENT AGREEMENT

(the "Website") is provided by Your Choice Counselling.

Building Information Modelling and collaborative construction

Transcription:

FAQs about PAS 1192-5, A Specification for securityminded building information modelling, digital built environments and smart asset management May 2015 Disclaimer Reference to any specific commercial product, process or service by trade name, trademark, manufacturer, or otherwise, does not constitute or imply its endorsement, recommendation or favour by CPNI. The views and opinions of authors expressed within this document shall not be used for advertising or product endorsement purposes. To the fullest extent permitted by law, CPNI accepts no liability for any loss or damage (whether direct, indirect or consequential, and including but not limited to, loss of profits or anticipated profits, loss of data, business or goodwill) incurred by any person and howsoever caused arising from or connected with any error or omission in this document or from any person acting, omitting to act or refraining from acting upon, or otherwise using the information contained in this document or its references. You should make your own judgment as regards use of this document and seek independent professional advice on your particular circumstances. Crown Copyright 2015 1

We have put together this list of Frequently Asked Questions (FAQs) to help your understanding of PAS 1192-5, its context and implementation. We will add to this list in the light of further common questions that we receive. If you have any questions you can email us at cross-cutting@cpni.gsi.gov.uk. Additional FAQs can also be found on the website of the BIM Task Group at www.bimtaskgroup.org/bim-faqs/ 1) Does PAS 1192-5 apply to my built asset? To establish whether PAS 1192-5 applies to a built asset the Employer or the Asset Owner should apply the Security Triage process set out in the PAS (Clause 5). This will help determine the level of the security-minded approach required for the built asset, the associated asset information and any other asset information held pertaining to neighbouring built assets. 2) As an organisation with an existing built asset, how can we determine if there are any security issues concerning our asset information? We have prepared a guidance document setting out questions which an organisation can ask of itself and its supply chain in order to understand what information it, or others, holds in relation to its built assets. The questions will also help in assessing the availability and accessibility of that information, and any associated potential impact on the security of the asset, its users or services. This guidance document is also available on the CPNI website. 3) Doesn t the protection of digital asset information just require good cyber security? Assuring the security of a built asset and related asset information requires a holistic approach - encompassing the aspects of people and process, as well as physical and technological security (see clause 4.3 of PAS 1192-5). 4) How does PAS 1192-5 fit with other government guidance and codes of practice on security? PAS 1192-5 deals specifically with the security-minded approach to building information modelling, digital built environments and smart asset management. However the policies, processes and procedures it specifies should, where appropriate, be cross-referenced to the other security management policies and plans which the employer or asset owner has in place, as well as relevant government guidance and codes of practice on wider security issues. 2

5) Isn t this guidance all about Information Assurance? PAS 1192-5 is wider than Information Assurance as epitomised by international standards, e.g. ISO 27001, and the implementation of an information security management system (ISMS) to protect corporate business systems. The securityminded approach includes: physical and personnel security in relation to built assets, which are outside of the scope of an ISMS; the need to address safety risks and the long-term usability of built asset data; steps to reduce the risk of hostile reconnaissance against the built assets and the people that use them; and policies, processes and procedures that can function across a collaborative supply chain, rather than just within a single organisation. 6) Why can t we just apply ISO 27001? ISO 27001 sets out the information security requirements for an individual organisation. BIM and smart asset management, as well as future digital built environments, are inherently collaborative processes involving the sharing of large amounts of digital models, data and information between the broad range of organisations in a supply chain, from multinational companies to sole traders. In addition, requiring the application of ISO 27001 may be too onerous for many within this diverse range of enterprises, in particular SMEs and sole traders. It is recommended that the Cyber Essentials Scheme be adopted as a minimum cyber security standard (see clause 5.6 of PAS 1192-5). 7) Is the PAS only relevant to Level 2 BIM? The PAS is specifically aimed at Level 2 BIM, but it also provides a foundation to support the evolution of future digital built environments, for example intelligent buildings, infrastructure and Smart Cities. However it does not detail technical architectures for their implementation. In addition, although the processes contained within it may be applicable to other data management systems, this PAS does not specifically address issues relating to these systems. 8) Why is the PAS not prescriptive of what needs to be done in individual sectors? The PAS has been developed to provide a specification for both the full range of sensitivities relating to built assets and asset types, e.g. a building, multiple buildings or infrastructure. This is why a generic approach has been adopted. A suite of additional guidance documents which will set out the specific application of the PAS to individual sectors is in preparation. 3

9) Are there any additional questions which need to be added into the Employer s Information Requirements when applying PAS 1192-5? Suggested additional text to be included in the Employer s Information Requirements where PAS 1192-5 is applicable is under preparation and will be available on the CPNI website. 10) Why can t the Built Asset Security Manager role be fulfilled by the Information Manager on the project? The Information Manager exists only during the course of a project and is a role fulfilled by the supply chain. However, the Built Asset Security Manager is directly accountable to the Employer or Asset Owner for the design, implementation and operation of an appropriate security regime throughout the asset s lifecycle. 11) Does the Built Asset Security Manager have a role outside a project? The Built Asset Security Manager has a key role in security-minded delivery of projects. There is also a need for this function to continue throughout the lifecycle of a sensitive built asset in order to ensure appropriate and proportionate measures are maintained to protect asset information. 12) Does PAS 1192-5 place any new responsibilities on the Information Manager? The Information Manager will have to work closely with the Employer s Built Asset Security Manager in the delivery of the Built Asset Security Information Requirements (BASIR). (See clauses 6 & 10). 13) Is it acceptable for the common data environment to be hosted in the cloud? The Employer or Asset Owner needs to take appropriate security advice regarding the processing, storage and use of any sensitive data or information regarding its built asset where it is proposed that the cloud environment will be used. The term cloud covers a diverse range of solutions and therefore the advice needs to address the cloud-specific risks as outlined in the PAS (clause 8.5). 14) Is there any guidance relating to cloud security for BIM? CPNI are currently preparing BIM-specific cloud guidance to supplement the guidance on cloud security currently available on the Cabinet Office website (https://www.gov.uk/government/collections/cloud-security-guidance) 4

15) Will there be any training provided which will help us to fulfil the requirements of PAS 1192-5? CPNI are developing a range of training packages which will cover basic security training through to the role based training for Built Asset Security Managers and Information Managers. 5

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information