Information Security: best practice for the construction sector

In Joint Ventures, each company involved contributes resources to the project. A company may provide land, capital, intellectual property, experienced staff, equipment or any other form of asset dependent on their skills or expertise. In doing so they also share the risks and benefits associated with the project.

People outside of the construction industry are often surprised at the complexities of modern construction programme delivery and the data sharing requirements. Modern techniques and processes such as Building Information Modelling (BIM) require data to be shared at the right time, in the right format, to the right third party and always with the right focus on security. This is why it's so important to set up a good foundation for Information Governance before the Joint Venture commences.

The guidance provides a set of non-mandatory recommendations for ensuring information security in Joint Ventures, together with details of how recommendations might best be implemented. At a high level, its main requirements are that security is represented at Joint Venture Board level, and that individuals responsible for information security from a personnel, physical and cyber security perspective understand and address the specific challenges that Joint Ventures face.

The guidance, which has been produced by members of the NCSC Civil Engineering, Architecture and Construction (CEAC) Trust Group, the Department for Business, Energy and Industrial Strategy (BEIS), the Centre for the Protection of National Infrastructure (CPNI) and the NCSC, can be adopted as a useful toolkit for Joint Venture Boards. We also intend to ensure the guidance remains relevant in future years as best practices and regulatory requirements evolve.