What is a sensitive built asset?
A sensitive built asset is defined as one which, as a whole or in part, may be of interest to a threat agent for hostile, malicious, fraudulent and criminal behaviours or activities.
Even if a built asset does not fall into the categories which would make it sensitive, there may be business benefits from applying a security-minded approach to its management. The need for a security-minded approach, and the breadth of the protection measures required, is determined by the Security Triage Process, shown in Figure 5 of PAS 1192-5.
Assessment of risk
Where a security-minded approach is adopted, a key component of the process set out in PAS 1192-5 relates to the management of risk. The employer or asset owner needs to assess potential vulnerabilities and threats, in combination with an assessment of the nature of harm which could be caused. The assessment needs to identify the high level security risks associated with:
- people;
- process;
- physical;
- technology.
It should also identify and record risks associated with intellectual property, commercial data, and information collected or held about neighbouring built assets.
Risk mitigation
For each identified risk it will be necessary to assess possible mitigation measures. The process should consider and record:
- The cost of the measure and its implementation;
- The achievable risk reduction:
- The potential cost saving;
- The measure’s impact on asset usability, efficiency and appearance;
- The potential for the measure to create further vulnerabilities;
- Delivery of business benefits.
Residual risks
It is important for any residual risks to be re-assessed and put through the risk mitigation process until they fit within the organization’s risk appetite.
Built Asset Security Strategy
The Built Asset Security Strategy will comprise a record of:
- The extent of the security-minded approach required;
- The built asset security risk management strategy;
- A list of those to be informed of residual risks;
- The mechanisms for reviewing and updating the strategy
Security policies, processes and procedures
The specific security risks identified in the Built Asset Security Strategy should be addressed through the policies, processes and procedures contained in the Built Asset Security Management Plan. This Plan should take a holistic approach, encompassing people and process, as well as physical and technological security. The measures should be appropriate and proportionate to both the sensitivity of the built asset and the related security risks.
Embedding security
The security-minded approach must be integrated with other strategic policies, plans, and requirements for the delivery, maintenance and operation of built assets. The approach is outlined in the diagram below:-
Note:- Images re-produced with the kind permission of the British Standard Institute.
Brief
Tasks
-
BIM Grading & ROI Tools
-
Determine the Info Management & CDE Strategy
-
Determine the BIM / AIM / GIS Strategy
-
Strategy to Determine the Built Asset Security
-
Determine the Soft Landings Approach
-
Create the Project Lifecycle Process Map
-
BIM Level 1 Approach
-
BIM Level 1 - CDE Technology
-
File Naming Convention
-
Asset Classification System
-
Roles & Responsibilities BIM Level 1
-
BIM Level 1 - Organisational Readiness
-
BIM Level 1 - Requirements
-
Create an Information Strategy & Data Exchange Plan
-
Determine Soft Landings Approach
-
Determine Built Asset Security
-
Create Employers Information Requirements
-
Brief
Standards
-
PAS 1192-5:2015:
Specification for security-minded building information modelling, digital b... -
BS 1192:2007 + A2:2016:
Collaborative production of architectural, engineering and construction inf... -
PAS 1192-2:2013:
Specification for information management for the capital/delivery phase of... -
BS 1192-4:2014:
Collaborative production of information. Fulfilling employer’s information... -
BS 8536-1:2015:
Briefing for design and construction. Code of practice for facilities manag... -
BS 8536-2:2016:
Briefing for design and construction. Code of practice for asset management... -
PAS 1192-6:2018:
Specification for collaborative sharing and use of structured Health and Sa... -
Read more about Standards