News about data breaches or hacked organisations often makes it painfully clear that protecting data is becoming more and more complex as our lives become entwined with the digital world. This also applies to construction projects where companies must deliver within time and budget, notwithstanding complex contractual conditions and complicated laws and regulations. Additionally, there is the challenge of many people working together with the data during the entire project lifecycle, regardless of time and location. Organisations often choose a Common Data Environment (CDE) to structure, coordinate and manage their data properly.
But how do you ensure your data is stored and disseminated securely?
The main benefits of a CDE are an open approach and accessibility. However, these also pose the greatest challenge. Construction projects are complex due to the enormous amount of information and communication between different people and companies. That is precisely why it is important to consider the subject of security in detail. The following three questions may help you.
Which data should I store?
Firstly being up-to-date with the requirements of GDPR and ISO27001 will benefit you greatly when it comes to deciding which data from your construction projects needs to be stored. Ultimately having an accurate and real-time record of why you have received and uploaded data will help you decide what needs to be stored in your CDE.
Where do I store my data?
Both you and your customers require the handling, storage and use of data to be covered by agreements in accordance with the applicable European rules an legislation. Therefore it makes sense that your servers are in an EU country. If you choose to store the data in your own server park, you will need to be sure that the CDE is secure and remains safe with regular maintenance and security checks.
Who will have access to my data?
You want to be able to identify who has access to your data at any time. A system based on roles and rights that determines who has access to what information, and what they can do with it, is intrinsic to keeping your data secure. This is something that is preferably mapped out with your project teams well in advance of any build phases.
thinkproject has extensive experience with large international construction projects, working with customers that are highly dependent on accessible information and efficient data processing. Read further for some of our lessons learnt on how to maintain the integrity and confidentiality of your company data.
- Data should be hosted in state-of-the-art, professionally managed data centres in the EU and with seamless monitoring and 24-hour service
- Make sure you have procedures in place to prevent unauthorised access through passwords, two-factor authentication and IP restriction.
- Always ensure an encrypted data transfer
- Install controls to protect against third-party attacks and malware
- Guarantee multi-level back-up with mirrored data centres, mirrored primary storage and mirrored back-up
- Certify the development, implementation and activities of software according to the international standard for information protection ISO/IEC 27001: 2013
thinkproject has recently been ISO 27001:2013 certified, awarded for our robust and trustworthy Information Security Management System. To read more about our Information Security Policy you can click through here. This document also has many tips and suggestions for companies and is available to download.