INTERNATIONAL STANDARD
First edition2020-06
information aboutbuildings andcivil Organizationanddigitizationof informationmodelling(BIM)- engineeringworks includingbuilding Informationmanagement using buildinginformationmodelling-
Part 5: Security-mindedapproachto informationmanagement
Organisation et numerisation des informations relatives auxinformations de la construction (BIM)-Gestion de l'information par batiments et ouvrages de genie civil y pris modelisation desla modelisation des informations de la construction -
Partie 5: Approche de la gestion de l’information axee sur la securite
COPYRIGHTPROTECTEDDOCUMENT
①ISO 2020
Allrights reserved. Unless otherwise specified or required in the context ofits imlementation o part of this publication maybe reproduced or utilized otherwise in any form or by any means electronic or mechanical including photocopying or posting on the internet or an intranet without prior written permission. Permission can be requested from either ISO at the addressbelow or ISO's member body in the country of the requester.
ISO copyright officeCH-1214 Vernier Geneva CP 401 • Ch. de Blandonnet 8Email: copyright@ Phone: 41 22 749 01 11Website: iso.orgPublished in Switzerland
Contents
Page
4.1 Undertaking a sensitivity assessment process. Understanding therange ofsecurityrisks. 34.2 4.3 Identifying organizational sensitivities. 4 44.4 4.5 Recording the oute of the sensitivity assessment. Establishing any third-party sensitivities. 5 54.6 Reviewing the sensitivity assessment 54.7 4.8 Recording the oute of the application of the security triage process Determining whether a security-minded approach is required. 5 64.9 Security-minded approach required. No security-minded approach required. 74.10 7
Initiating the security-minded approach
5.1 Establishing governance accountability and responsibility for the security-5.2 minded approach. Commencing the development of the security-minded approach 8 7
Developing a security strategy.6.1 6.2 General. Assessing the security risks. 6 66.3 6.4 Documenting residual and tolerated security risks. Developing security risk mitigation measures. 10 106.5 Review of the security strategy 11
Developing a security management plan 11
7.1 7.2 General. Provision of information to third parties. 11 127.3 7.4 Logistical security. Managing accountability and responsibility for security. 12 137.5 Review of the security management plan. Monitoring and auditing. 137.6 13
Developing a security breach/incident management plan. 14
8.1 General. 148.2 8.3 Containment and recovery Discovery of a security breach or incident. 14 158.4 Review following a security breach or incident. 15
Working with appointed parties. 15
9.1 Working outside formal appointments. 159.2 Measures contained in appointment documentation.. 166 9.4 Post appointment award. End of appointment. 17 17
AnnexA (informative) Information on the security context 18
Annex B (informative) Information on types of personnel physical and technical securitycontrols and management of information security. 20
ISO 19650-5:2020(E)
Bibliography28
@ ISO 2020 All rights reserved
Foreword
ISO (the International Organization for Standardization) is a worldwide federation of national standardsbodies (ISO member bodies). The work of preparing International Standards is normally carried outmittee has been established has the right to be represented on that mittee. InternationalISO collaborates closely with the International Electrotechnical Commission (IEC) on all matters of organizations governmental and non-governmental in liaison with ISo also take part in the work.electrotechnical standardization.
The procedures used to develop this document and those intended for its further maintenance aredifferent types of ISO documents should be noted. This document was drafted in accordance with theeditorial rules of the ISO/IEC Directives Part 2 (see
patent rights. ISO shall not be held responsible for identifying any or all such patent rights. Details ofon the ISo list of patent declarations received (see
Any trade name used in this document is information given for the convenience of users and does notconstitute an endorsement.
For an explanation of the voluntary nature of standards the meaning of ISO specific terms andexpressions related to conformity assessment as well as information about ISO's adherence to theWorld Trade Organization (WTO) principles in the Technical Barriers to Trade (TBT) see iso/foreword.html.
This document was prepared by Technical Committee ISO/TC 59 Buildings and civil engineering works SubmitteeSC13 Organization and digitization of information about buildings and civil engineeringfor Standardization (CEN) Technical Committee CEN/TC 442 Building Information Modelling (BIM) inaccordance with the Agreement on technical cooperation between ISO and CEN (Vienna Agreement).
A list of all parts in the ISO 19650 series can be found on the ISO website.
plete listing of these bodies can be found at
