INTERNATIONAL ISO STANDARD 19650-5 First edition 2020-06 Organizationanddigitizationof informationaboutbuildingsandcivil engineeringworks includingbuilding informationmodelling(BIM)- Informationmanagementusing buildinginformationmodelling- Part 5: Security-mindedapproachto informationmanagement Organisationetnumerisationdesinformationsrelativesaux batimentsetouvragesdegeniecivil.yprismodelisationdes informationsdelaconstruction(BIM)-Gestiondel'informationpar lamodelisationdesinformationsdelaconstruction- Partie5:Approche delagestion del'information axee surla securite Referencenumber ISO19650-5:2020(E) ISO 2020
ISO19650-5:2020(E) COPYRIGHTPROTECTEDDOCUMENT ISO 2020 All rightsreserved.less otherwisespecified orrequired in the context ofitsimplementationnopart ofthispublicationmay bereproduced orutilized otherwiseinanyformorbyanymeanslectronicormechanicalincludingphotocopyingorposting on the internet or anintranet without priorwritten permission.Permission canberequested from eitherISOat the address below or ISO's member body in the country of the requester. ISO copyright office CP 401 Ch. de Blandonnet 8 CH-1214 Vernier Geneva Phone: 41 22 749 01 11 Email: copyright@iso.org Website: .iso.org Published in Switzerland ii ISO 2020 All rights reserved
ISO 19650-5:2020(E) Contents Page Foreword V Introduction. vi 1 Scope 1 2 Normativereferences. 1 3 Terms and definitions 1 4 Establishing theneedfor a security-minded approach using a sensitivity assessmentprocess 3 4.1 Undertaking a sensitivity assessment process. 3 4.2 Understanding the range of security risks. 4 4.3 Identifying organizationalsensitivities. 4 4.4 Establishing any third-party sensitivities. 5 4.5 Recording the oute of the sensitivityassessment. 5 4.6 Reviewing the sensitivity assessment. 5 4.7 Determining whethera security-minded approach isrequired 5 4.8 Recordingthe outeof theapplicationof thesecurity triageprocess. 4.9 Security-minded approachrequired. 7 4.10 No security-minded approach required.. 7 5 Initiatingthe security-minded approach. 1 5.1 Establishinggovernance accountabilityandresponsibilityforthesecurity- minded approach. 7 5.2 Commencing the development of the security-minded approach. 8 6 Developingasecuritystrategy 9 6.1 General. 9 6.2 Assessing the security risks. 9 6.3 Developing security risk mitigationmeasures. 10 6.4 Documentingresidual and toleratedsecurity risks. 10 6.5 Reviewof the security strategy. 11 Developing a security management plan. 11 7.1 General. 11 7.2 Provision of information to third parties. 12 7.3 Logistical security. 12 7.4 Managing accountability andresponsibility forsecurity. 13 7.5 Monitoring and auditing. 13 7.6 Review of the security management plan. 13 8 Developing a security breach/incident management plan. 14 8.1 General 14 8.2 Discovery of a security breach orincident 14 8.3 Containment andrecovery. 15 8.4 Reviewfollowing a security breach or incident. 15 6 Working withappointed parties. 15 9.1 Working outsideformalappointments. 15 9.2 Measurescontainedinappointmentdocumentation.. 16 9.3 Post appointment award 17 9.4 End of appointment. 17 AnnexA(informative)Informationonthesecurity context 18 Annex B(informative)Information on types of personnel physical and technical security controls andmanagementof informationsecurity 20 Annex C(informative) Assessments relating to the provision of information to third parties. .24 Annex D(informative) Information sharing agreements. 26 ISO 2020 All rights reserved i
ISO 19650-5:2020(E) Foreword bodies(ISomember bodies).The work of preparing International Standardsis normally carried out through ISo technical mittees.Eachmember body interested in a subject forwhich a technical mittee has been established has theright to be represented on that mittee.International organizations governmental and non-governmental in liaison with ISo also take part in the work. ISO collaborates closely with the International Electrotechnical Commission (IEC) on all matters of electrotechnical standardization. The procedures used to develop this document and those intended for its further maintenance are different types of Iso documents should benoted.This document was draftedin accordance with the editorial rules of the ISo/IEC Directives Part 2 (see .iso.org/directives). any patent rights identified during the development of the document will be in the Introduction and/or on theISo list of patent declarationsreceived (see .iso.org/patents). Any trade name used in this document is information given for the convenience of users and does not constitute an endorsement. For an explanation of the voluntary nature of standards the meaning of ISospecific terms and expressions related to conformity assessment as well as information about ISo's adherence to the World Trade Organization (WTO) principles in the Technical Barriers to Trade (TBT) see .iso.org/ iso/foreword.html. ThisdocumentwaspreparedbyTechnicalCommitteeISO/TC59 Buildings andcivil engineeringworks SubmitteeSC13,Organizationanddigitizationofinformationaboutbuildings andcivilengineering forStandardization(CEN)Technical Committee CEN/TC442Building Information Modelling(BIM) in accordance with the Agreement on technical cooperation between ISO and CEN (Vienna Agreement). A list of all parts in the ISO 19650 series can be found on the ISO website. Anyfeedback or questions on this document should be directed to the user's national standards body.A plete listing of thesebodies canbe found at .iso.org/members.html. ISO 2020 All rights reserved
ISO 19650-5:2020(E) Introduction of building informationmodelling(BiM)and the increasinguse of digital technologies inthe design construction manufacture operation and management of assets or products aswell as the provision of services within the built environment will have a transformative effect on the parties involved.It is likely that to increase effectiveness and efficiency initiatives or projects that are developing new assets or solutions ormodifying ormanaging existing ones must beemore collaborative in nature. Such collaboration requires more transparent open ways of working and as much as possible the appropriate sharing and use of digital information. The bined physical and digital built environment will need to deliver future fiscal financial functional sustainability and growth objectives.This will have an impact on procurement delivery and operationalprocessesincludinggreatercross-disciplineandsectorcollaboration.Itwillalsoleadtoan increased use of digital tools and availability of information.The use of puter-based technologies orputation element)to control orinfluence physicalparts of the system are able towork inreal- time to influence outesin thereal world.It is anticipated that such systems will be used to achieve benefits such as increases in energy efficiency and better asset lifecycle management by capturing real-time information about asset use and condition.They can already be found in transportation utilities inrastructure buildingsmanufacturing healthcare and defence andwhen able tointeractas integrated cyber-physical environments can be used in the development of smart munities. As a consequence of this increasing use of and dependence on information and munications technologies there is a need to address inherent vulnerability issues and therefore the security implications that arise whether for built environments assets products services individuals or munities as well as any associated information. issues and thenature of the controlsrequired to manage theresultant securityrisks to alevel that benefits that BIM other collaborative work methods and digital technologies can generate. The term organization captures not only appointing parties and appointedparties as defined in system are set out in ISO/IEC 27001 but cannot be applied acrossmultiple organizations.BIM and other digital collaborative work methods and technologies generallyinvolve the collaborative sharing of information across a broad range of independent organizations within the built environment sector. be applied across aswellaswithin organizations.The appropriate and proportionate nature of the approach also hasthebenefit that measures should not prohibit theinvolvement of small and medium- sized enterprises in the delivery team. The security-minded approach can be applied throughout the lifecycle of an initiative project asset product or service whether planned or existing where sensitive information is obtained created processed and/or stored. Figure 1 shows theintegration of this security-minded approachwith other organizational strategies policies plans and information requirements for the digitally-enabled delivery of projects and the maintenance and operation of assets using BIM. vi ISO 2020 All rights reserved
ISO 19650-5 2020利用建筑信息模型的信息管理--以安全为前提的信息管理方法(英文版).pdf
