Standard
Track updates
icon

AS ISO 19650.5:2021

[Current]

Organization and digitization of information about buildings and civil engineering works, including building information modelling (BIM) — Information management using building information modelling, Part 5: Security-minded approach to information management

Identically adopts ISO 19650-5:2020 which specifies the principles and requirements for security-minded information management at a stage of maturity described as “building information modelling (BIM) according to the AS ISO 19650 series”, and as defined in AS ISO 19650.1, as well as the security-minded management of sensitive information that is obtained, created, processed and stored as part of, or in relation to, any other initiative, project, asset, product or service.
Published: 25/06/2021
Pages: 28
$129.95
AUD
Inclusive of GST
Available formats
icon
Available formats
icon_export/16/close
Web Reader
Instantly view standards in your browser. Search, bookmark, highlight, and comment for anytime access - online and offline.
Web Reader (PDF)
View standards in PDF format in your browser. Search, bookmark, highlight, and comment for anytime access - online and offline.
Web Reader
Licence:
1 user
Total
$129.95
Add to cart
visa logo
mastercard logo
amex logo
Table of contents
Cited references
Content history
Table of contents
Header
About this publication
Preface
Foreword
Introduction
1 Scope
2 Normative references
3 Terms and definitions
4 Establishing the need for a security-minded approach using a sensitivity assessment process
4.1 Undertaking a sensitivity assessment process
4.2 Understanding the range of security risks
4.2.1
4.2.2
4.2.3
4.3 Identifying organizational sensitivities
4.3.1
4.3.2
4.3.3
4.3.4
4.3.5
4.4 Establishing any third-party sensitivities
4.4.1
4.4.2
4.5 Recording the outcome of the sensitivity assessment
4.6 Reviewing the sensitivity assessment
4.6.1
4.6.2
4.6.3
4.7 Determining whether a security-minded approach is required
4.8 Recording the outcome of the application of the security triage process
4.9 Security-minded approach required
4.10 No security-minded approach required
5 Initiating the security-minded approach
5.1 Establishing governance, accountability and responsibility for the security-minded approach
5.1.1
5.1.2
5.1.3
5.1.4
5.1.5
5.2 Commencing the development of the security-minded approach
5.2.1
5.2.2
5.2.3
5.2.4
6 Developing a security strategy
6.1 General
6.1.1
6.1.2
6.1.3
6.1.4
6.2 Assessing the security risks
6.2.1
6.2.2
6.2.3
6.3 Developing security risk mitigation measures
6.3.1
6.3.2
6.3.3
6.3.4
6.4 Documenting residual and tolerated security risks
6.4.1
6.4.2
6.4.3
6.5 Review of the security strategy
6.5.1
6.5.2
6.5.3
6.5.4
6.5.5
6.5.6
7 Developing a security management plan
7.1 General
7.1.1
7.1.2
7.1.3
7.1.4
7.2 Provision of information to third parties
7.2.1
7.2.2
7.2.3
7.2.4
7.2.5
7.3 Logistical security
7.3.1
7.3.2
7.4 Managing accountability and responsibility for security
7.5 Monitoring and auditing
7.5.1
7.5.2
7.5.3
7.6 Review of the security management plan
7.6.1
7.6.2
7.6.3
7.6.4
7.6.5
7.6.6
8 Developing a security breach/incident management plan
8.1 General
8.1.1
8.1.2
8.1.3
8.2 Discovery of a security breach or incident
8.3 Containment and recovery
8.4 Review following a security breach or incident
8.4.1
8.4.2
8.4.3
9 Working with appointed parties
9.1 Working outside formal appointments
9.1.1
9.1.2
9.1.3
9.1.4
9.1.5
9.2 Measures contained in appointment documentation
9.2.1
9.2.2
9.2.3
9.2.4
9.2.5
9.2.6
9.2.7
9.2.8
9.2.9
9.2.10
9.3 Post appointment award
9.3.1
9.3.2
9.4 End of appointment
Annex A
A.1 Understanding the potential security issues
A.2 Security advice
A.2.1
A.2.2
Annex B
B.1 Personnel aspects
B.2 Physical aspects
B.3 Technological aspects
B.3.1
B.3.2
B.3.3
B.3.4
B.4 Information security
B.4.1
B.4.2
Annex C
C.1 Information assessment
C.1.1
C.1.2
C.2 Regulatory and statutory processes
C.2.1
C.2.2
C.2.3
C.3 Public access to information
C.4 Public presentations
Annex D
D.1.1
D.1.2
D.1.3
D.1.4
Bibliography
Cited references in this standard
[Current]
Organization and digitization of information about buildings and civil engineering works, including building information modelling (BIM) — Information management using building information modelling — Part 3: Operational phase of the assets
[Current]
Organization and digitization of information about buildings and civil engineering works, including building information modelling (BIM) — Information management using building information modelling — Part 2: Delivery phase of the assets
Content history
DR AS ISO 19650.5:2021