Organization and digitization of information about buildings and civil engineering works, including building information modelling (BIM) - Information management using building information modelling - Part 5: Security-minded approach to information management (ISO 19650-5:2020)

This document specifies the principles and requirements for security-minded information management at a stage of maturity described as "building information modelling (BIM) according to the ISO 19650 series", and as defined in ISO 19650-1, as well as the security-minded management of sensitive information that is obtained, created, processed and stored as part of, or in relation to, any other initiative, project, asset, product or service.
It addresses the steps required to create and cultivate an appropriate and proportionate security mindset and culture across organizations with access to sensitive information, including the need to monitor and audit compliance.
The approach outlined is applicable throughout the lifecycle of an initiative, project, asset, product or service, whether planned or existing, where sensitive information is obtained, created, processed and/or stored.
This document is intended for use by any organization involved in the use of information management and technologies in the creation, design, construction, manufacture, operation, management, modification, improvement, demolition and/or recycling of assets or products, as well as the provision of services, within the built environment. It will also be of interest and relevance to those organizations wishing to protect their commercial information, personal information and intellectual property.

Organisation und Digitalisierung von Informationen zu Bauwerken und Ingenieurleistungen, einschließlich Bauwerksinformationsmodellierung (BIM) - Informationsmanagement mit BIM - Teil 5: Sicherheitsbewusster Ansatz für das Informationsmanagement (ISO 19650-5:2020)

1   Anwendungsbereich
Dieses Dokument legt die Grundsätze und Anforderungen eines ausgereiften sicherheitsbewussten Informationsmanagements fest, das als „Bauwerksinformationsmodellierung (BIM) nach der Normenreihe ISO 19650“, und wie in ISO 19650 1 festgelegt, beschrieben werden kann, und behandelt das sicherheitsbewusste Management von sensiblen Informationen, die als Teil von oder im Zusammenhang mit einer Initiative, einem Projekt, einem Asset, einem Produkt oder einer Dienstleistung erhalten, erstellt, verarbeitet und gespeichert werden.
Es adressiert die Schritte, die erforderlich sind, um ein angemessenes und verhältnismäßiges Sicherheitsbewusstsein und eine entsprechende Sicherheitskultur für Organisationen zu schaffen und zu erhalten, die Zugriff auf sensible Informationen haben, einschließlich der Notwendigkeit, die Einhaltung der Sicherheitsanforderungen zu überwachen und zu prüfen.
Der beschriebene Ansatz kann über den gesamten Lebenszyklus einer Initiative, eines Projekts, eines Assets, eines Produkts oder einer Dienstleistung, egal ob in Planung oder bereits vorhanden, angewendet werden, in dem/der sensible Informationen erhalten, erstellt, verarbeitet und/oder gespeichert werden.
Dieses Dokument ist zur Anwendung durch jede Organisation vorgesehen, die beteiligt ist an der Anwendung des Informationsmanagements und an Technologien bei der Bedarfsfeststellung, der Planung, der Bauausführung, der Herstellung, des Betriebs, des Managements, der Modifizierung, der Verbesserung, dem Rückbau und/oder dem Recycling von Assets oder Produkten sowie an der Bereitstellung von Dienstleistungen in der gebauten Umwelt. Sie wird auch für Organisationen interessant sein, die ihre Geschäftsinformationen, ihre persönlichen Informationen und ihr geistiges Eigentum schützen möchten.

Organisation et numérisation des informations relatives aux bâtiments et ouvrages de génie civil, y compris modélisation des informations de la construction (BIM) - Gestion de l’information par la modélisation des informations de la construction - Partie 5: Approche de la gestion de l’information axée sur la sécurité (ISO 19650-5:2020)

Le présent document spécifie les principes et les exigences relatifs à la gestion de l'information axée sur la sécurité à un stade de maturité décrit comme la « modélisation des informations de la construction (BIM) selon la série ISO 19650 », et comme défini dans l'ISO 19650-1, ainsi qu'à la gestion axée sur la sécurité des informations sensibles qui sont obtenues, créées, traitées et stockées dans le cadre de tout autre initiative, projet, actif, produit ou service, ou en relation avec ceux-ci.
Il traite des étapes requises pour créer et développer une culture et un état d'esprit de sécurité appropriés et proportionnés au sein des organismes ayant accès à des informations sensibles, y compris la nécessité de surveiller et de vérifier la conformité.
L'approche décrite est applicable pendant tout le cycle de vie d'une initiative, d'un projet, d'un actif, d'un produit ou d'un service, qu'il soit planifié ou existant, au cours duquel des informations sensibles sont obtenues, créées, traitées et/ou stockées.
Le présent document est destiné à être utilisé par tout organisme concerné par l'utilisation de technologies et de la gestion de l'information dans la création, la conception, la construction, la fabrication, l'exploitation, la gestion, la modification, l'amélioration, la démolition et/ou le recyclage d'actifs ou de produits, ainsi que la prestation de services, dans l'environnement bâti. Il sera également intéressant et pertinent pour les organismes qui souhaitent protéger leurs informations commerciales, leurs informations personnelles et leur propriété intellectuelle.

Organizacija in digitalizacija informacij v gradbeništvu - Upravljanje informacij z BIM - 5. del: Varnostni pristop k upravljanju informacij (ISO 19650-5:2020)

General Information

Status
Published
Publication Date
30-Jun-2020
Withdrawal Date
30-Jan-2021
Current Stage
6060 - Definitive text made available (DAV) - Publishing
Start Date
01-Jul-2020
Due Date
16-Jul-2020
Completion Date
01-Jul-2020

Buy Standard

Standard
EN ISO 19650-5:2020
English language
40 pages
sale 10% off
Preview
sale 10% off
Preview
e-Library read for
1 day

Standards Content (Sample)


SLOVENSKI STANDARD
01-oktober-2020
Organizacija in digitalizacija informacij v gradbeništvu - Upravljanje informacij z
BIM - 5. del: Varnostni pristop k upravljanju informacij (ISO 19650-5:2020)
Organization and digitization of information about buildings and civil engineering works,
including building information modelling (BIM) - Information management using building
information modelling - Part 5: Security-minded approach to information management
(ISO 19650-5:2020)
Organisation von Daten zu Bauwerken - Informationsmanagement mit BIM - Teil 5:
Spezifikation für Sicherheitsbelange von BIM, der digitalisierten Bauwerke und smarten
Assetmanagement (ISO 19650-5:2020)
Organisation des informations concernant les ouvrages de construction -- Gestion de
l'information par la modélisation des informations de la construction (ISO 19650-5:2020)
Ta slovenski standard je istoveten z: EN ISO 19650-5:2020
ICS:
35.240.67 Uporabniške rešitve IT v IT applications in building
gradbeništvu and construction industry
91.010.01 Gradbeništvo na splošno Construction industry in
general
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.

EN ISO 19650-5
EUROPEAN STANDARD
NORME EUROPÉENNE
July 2020
EUROPÄISCHE NORM
ICS 35.240.67; 91.010.01
English Version
Organization and digitization of information about
buildings and civil engineering works, including building
information modelling (BIM) - Information management
using building information modelling - Part 5: Security-
minded approach to information management (ISO 19650-
5:2020)
Organisation et numérisation des informations Organisation von Daten zu Bauwerken -
relatives aux bâtiments et ouvrages de génie civil, y Informationsmanagement mit BIM - Teil 5:
compris modélisation des informations de la Spezifikation für Sicherheitsbelange von BIM, der
construction (BIM) - Gestion de l'information par la digitalisierten Bauwerke und des smarten
modélisation des informations de la construction - Assetmanagements (ISO 19650-5:2020)
Partie 5: Approche de la gestion de l'information axée
sur la sécurité (ISO 19650-5:2020)
This European Standard was approved by CEN on 15 June 2020.

CEN members are bound to comply with the CEN/CENELEC Internal Regulations which stipulate the conditions for giving this
European Standard the status of a national standard without any alteration. Up-to-date lists and bibliographical references
concerning such national standards may be obtained on application to the CEN-CENELEC Management Centre or to any CEN
member.
This European Standard exists in three official versions (English, French, German). A version in any other language made by
translation under the responsibility of a CEN member into its own language and notified to the CEN-CENELEC Management
Centre has the same status as the official versions.

CEN members are the national standards bodies of Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia,
Finland, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway,
Poland, Portugal, Republic of North Macedonia, Romania, Serbia, Slovakia, Slovenia, Spain, Sweden, Switzerland, Turkey and
United Kingdom.
EUROPEAN COMMITTEE FOR STANDARDIZATION
COMITÉ EUROPÉEN DE NORMALISATION

EUROPÄISCHES KOMITEE FÜR NORMUNG

CEN-CENELEC Management Centre: Rue de la Science 23, B-1040 Brussels
© 2020 CEN All rights of exploitation in any form and by any means reserved Ref. No. EN ISO 19650-5:2020 E
worldwide for CEN national Members.

Contents Page
European foreword . 3

European foreword
This document (EN ISO 19650-5:2020) has been prepared by Technical Committee ISO/TC 59
"Buildings and civil engineering works" in collaboration with Technical Committee CEN/TC 442
“Building Information Modelling (BIM)” the secretariat of which is held by SN.
This European Standard shall be given the status of a national standard, either by publication of an
identical text or by endorsement, at the latest by January 2021, and conflicting national standards shall
be withdrawn at the latest by January 2021.
Attention is drawn to the possibility that some of the elements of this document may be the subject of
patent rights. CEN shall not be held responsible for identifying any or all such patent rights.
According to the CEN-CENELEC Internal Regulations, the national standards organizations of the
following countries are bound to implement this European Standard: Austria, Belgium, Bulgaria,
Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Iceland,
Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Republic of
North Macedonia, Romania, Serbia, Slovakia, Slovenia, Spain, Sweden, Switzerland, Turkey and the
United Kingdom.
Endorsement notice
The text of ISO 19650-5:2020 has been approved by CEN as EN ISO 19650-5:2020 without any
modification.
INTERNATIONAL ISO
STANDARD 19650-5
First edition
2020-06
Organization and digitization of
information about buildings and civil
engineering works, including building
information modelling (BIM) —
Information management using
building information modelling —
Part 5:
Security-minded approach to
information management
Organisation et numérisation des informations relatives aux
bâtiments et ouvrages de génie civil, y compris modélisation des
informations de la construction (BIM) — Gestion de l’information par
la modélisation des informations de la construction —
Partie 5: Approche de la gestion de l’information axée sur la sécurité
Reference number
ISO 19650-5:2020(E)
©
ISO 2020
ISO 19650-5:2020(E)
© ISO 2020
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may
be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting
on the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address
below or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland
ii © ISO 2020 – All rights reserved

ISO 19650-5:2020(E)
Contents Page
Foreword .v
Introduction .vi
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 1
4 Establishing the need for a security-minded approach using a sensitivity
assessment process . 3
4.1 Undertaking a sensitivity assessment process . 3
4.2 Understanding the range of security risks . 4
4.3 Identifying organizational sensitivities . 4
4.4 Establishing any third-party sensitivities . 5
4.5 Recording the outcome of the sensitivity assessment . 5
4.6 Reviewing the sensitivity assessment . 5
4.7 Determining whether a security-minded approach is required . 5
4.8 Recording the outcome of the application of the security triage process . 6
4.9 Security-minded approach required . 7
4.10 No security-minded approach required . 7
5 Initiating the security-minded approach . 7
5.1 Establishing governance, accountability and responsibility for the security-
minded approach . 7
5.2 Commencing the development of the security-minded approach . 8
6 Developing a security strategy . 9
6.1 General . 9
6.2 Assessing the security risks . 9
6.3 Developing security risk mitigation measures .10
6.4 Documenting residual and tolerated security risks .10
6.5 Review of the security strategy .11
7 Developing a security management plan .11
7.1 General .11
7.2 Provision of information to third parties .12
7.3 Logistical security.12
7.4 Managing accountability and responsibility for security .13
7.5 Monitoring and auditing .13
7.6 Review of the security management plan .13
8 Developing a security breach/incident management plan .14
8.1 General .14
8.2 Discovery of a security breach or incident .14
8.3 Containment and recovery .15
8.4 Review following a security breach or incident .15
9 Working with appointed parties .15
9.1 Working outside formal appointments .15
9.2 Measures contained in appointment documentation .16
9.3 Post appointment award .17
9.4 End of appointment .
...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.