What is a sensitive built asset?
A sensitive built asset is defined as one which, as a whole or in part, may be of interest to a threat agent for hostile, malicious, fraudulent and criminal behaviours or activities.
Even if a built asset does not fall into the categories which would make it sensitive, there may be business benefits from applying a security-minded approach to its management. The need for a security-minded approach, and the breadth of the protection measures required, is determined by the Security Triage Process, shown in Figure 5 of PAS 1192-5.
Assessment of risk
Where a security-minded approach is adopted, a key component of the process set out in PAS 1192-5 relates to the management of risk. The employer or asset owner needs to assess potential vulnerabilities and threats, in combination with an assessment of the nature of harm which could be caused. The assessment needs to identify the high level security risks associated with:
It should also identify and record risks associated with intellectual property, commercial data, and information collected or held about neighbouring built assets.
For each identified risk it will be necessary to assess possible mitigation measures. The process should consider and record:
- The cost of the measure and its implementation;
- The achievable risk reduction:
- The potential cost saving;
- The measure’s impact on asset usability, efficiency and appearance;
- The potential for the measure to create further vulnerabilities;
- Delivery of business benefits.
It is important for any residual risks to be re-assessed and put through the risk mitigation process until they fit within the organization’s risk appetite.
Built Asset Security Strategy
The Built Asset Security Strategy will comprise a record of:
- The extent of the security-minded approach required;
- The built asset security risk management strategy;
- A list of those to be informed of residual risks;
- The mechanisms for reviewing and updating the strategy
Security policies, processes and procedures
The specific security risks identified in the Built Asset Security Strategy should be addressed through the policies, processes and procedures contained in the Built Asset Security Management Plan. This Plan should take a holistic approach, encompassing people and process, as well as physical and technological security. The measures should be appropriate and proportionate to both the sensitivity of the built asset and the related security risks.
The security-minded approach must be integrated with other strategic policies, plans, and requirements for the delivery, maintenance and operation of built assets. The approach is outlined in the diagram below:-
Note:- Images re-produced with the kind permission of the British Standard Institute.
BIM Grading & ROI Tools
Determine the Info Management & CDE Strategy
Determine the BIM / AIM / GIS Strategy
Strategy to Determine the Built Asset Security
Determine the Soft Landings Approach
Create the Project Lifecycle Process Map
BIM Level 1 Approach
BIM Level 1 - CDE Technology
File Naming Convention
Asset Classification System
Roles & Responsibilities BIM Level 1
BIM Level 1 - Organisational Readiness
BIM Level 1 - Requirements
Create an Information Strategy & Data Exchange Plan
Determine Soft Landings Approach
Determine Built Asset Security
Create Employers Information Requirements
Specification for security-minded building information modelling, digital b...
BS 1192:2007 + A2:2016:
Collaborative production of architectural, engineering and construction inf...
Specification for information management for the capital/delivery phase of...
Collaborative production of information. Fulfilling employer’s information...
Briefing for design and construction. Code of practice for facilities manag...
Briefing for design and construction. Code of practice for asset management...
Specification for collaborative sharing and use of structured Health and Sa...
Read more about Standards