Information Security: best practice for the construction sector
New guidance for businesses of all sizes planning to take part in Joint Ventures.
The National Cyber Security Centre (NCSC) are delighted to announce new guidance on the holistic security approach Joint Ventures should adopt to protect any sensitive information they manage. 'Joint Ventures in the construction sector: Information Security Best Practice Guidance' is a collaborative effort between the construction sector and government organisations, and provides advice for construction businesses on how to secure information for Joint Ventures.
In Joint Ventures, each company involved contributes resources to the project. A company may provide land, capital, intellectual property, experienced staff, equipment or any other form of asset dependent on their skills or expertise. In doing so they also share the risks and benefits associated with the project.
People outside of the construction industry are often surprised at the complexities of modern construction programme delivery and the data sharing requirements. Modern techniques and processes such as Building Information Modelling (BIM) require data to be shared at the right time, in the right format, to the right third party and always with the right focus on security. This is why it's so important to set up a good foundation for Information Governance before the Joint Venture commences.
The guidance provides a set of non-mandatory recommendations for ensuring information security in construction sector Joint Ventures, together with details of how recommendations might best be implemented. At a high level, its main requirements are that security is represented at Joint Venture Board level, and that individuals responsible for information security from a personnel, physical and cyber security perspective understand and address the specific challenges that Joint Ventures face.
The guidance, which has been produced by members of the NCSC Civil Engineering, Architecture and Construction (CEAC) Trust Group, the Department for Business, Energy and Industrial Strategy (BEIS), CPNI and the NCSC, can be adopted as a useful toolkit for Joint Venture Boards. The intention for the guidance is for it to remain relevant in future years as best practices and regulatory requirements evolve.
Guidance on how to take a Security-Minded approach to Digital Engineering, Technologies, Projects and Initiatives
How to make security decisions as the increased adoption of digital technology in the built environment creates new risks and opportunities
A new set of guidance documents and video have been published to ensure security-related vulnerabilities are considered across a range of activities and processes within an organisation
The consequences of failing to plan properly for new security projects or upgrades of existing security measures can be costly