Chartered Institute of Building Magazine of the Chartered Institute of Building
  • 8 Nov 2014

BIM Bytes: Security of data under BS 1192-4:2014

Part 4 of the British Standard for collaborative production of information is a code of practice for “fulfilling employer’s information exchange requirements”. It was published in late September and sponsored by the Construction Industry Council.

BS 1192-4 represents a leap forward in setting consistent rules and methodology for collecting data using COBie (Construction Operations Building Information Exchange). Having any standard code of practice is helpful for designers setting up their BIM models to ensure that they accurately populate Excel data sheets. So the final publication of BS 1192-4 is very welcome. 

Public consultation on the draft BS 1192-4 closed at the end of July 2014 and, to a great extent, the final document is the same as the consultation document.

However, it is often interesting to analyse the changes between the consultation draft and the final publication. In the case of BS 1192-4, throughout the publication there have been insertions to deal with sensitive and classified data. An example in relation to the role of designers, contractors, and service providers is: “Where an asset is sensitive from a security perspective (physical and/or information security), this information should be handled in a separate limited access COBie deliverable.”

The code of practice suggests that the provider of information should determine whether information requires special handling for security, data protection or commercial sensitivity reasons and should also determine the required processes and procedures required to protect such data. This seems to suggest that the provider itself will have to make these key decisions.

However, the reality is that it is the employer that will have to consider the data security issue first, particularly where the COBie deliverables relate to the operation and configuration of security-sensitive systems. In those cases, the code of practice suggests that all parties should manage and protect the information “in accordance with the security requirements established in the Employer’s Information Requirements (EIR) such as security strategy, policy, processes and procedures”. 

The EIR will therefore need to consider at the outset the on-going cyber-security of the BIM data. That would include setting up data exchange requirements at the outset that will enable maintenance of confidentiality, storage of information, and access controls throughout the life of the asset.

Security issues will only gain greater import as we move towards BIM Level 3 and the “Internet of Things", as the final amendments to BS 1192-4 highlight.

By Assad Maqbool, a partner at Trowers & Hamlins specialising in projects and construction

Leave a comment


16 March 2017 New school frameworks explained

14 March 2017 GMP leads to pain if you don't tread carefully

13 March 2017 10 myths about construction apprenticeships

12 March 2017 Seven key tips for working overseas

27 February 2017 Initiative takes construction to the classroom

23 February 2017 Drones: when does monitoring become spying?

20 February 2017 Can we make sense of concurrent delays?

16 February 2017 Bird-proof your site before the nesting season

14 February 2017 North's future is bright, but there's work to be done

02 February 2017 EoT cancels out certificate of non-completion

25 January 2017 Out of site should not mean out of mind

23 January 2017 The importance of making yourself clear

11 January 2017 Prepare for a year of legal ups and downs

09 January 2017 Corporate burnout - stopping the downward spiral

16 December 2016 Don't let a pair of gloves land you in trouble

11 December 2016 Ignore payment schedules at your peril

04 December 2016 The new JCT Standard Building Contract explained

03 December 2016 Book review: £15 that could save you a lot more later on

01 December 2016 Yorkshire firm's plight a lesson in risk management

26 November 2016 Fighting it out on adjudication costs