Skip to main content
DE6: Security Requirements (pdf)
Back To All Knowledge Items

DE6: Security Requirements (pdf)

Standard Rate
£35.00  +VAT
Member Rate

DE6, part of CIBSE’s Digital Engineering Series, is intended for those that commission, design, construct and operate built assets to understand the scale of security implications.

These implications may revolve around national security, commercial security or private security. Each will have individual requirements and this document looks to provoke thought in this regard. The solutions will be a matter for each individual organisation, company or person to ascertain.

This guidance follows the approach of PAS 1192-5:2015, but also addresses other aspects of security not covered by the PAS. It considers aspects to be made that are more specific to the Building Services Engineer, such as Building Management Systems (BMS) and Internet of Things (IoT) devices as used in Building Services systems.

The increasing use of technology in construction has revolutionised the way information is shared, accessed, transferred and used. The advent of Building Information Modelling (BIM) has increased the amount of data transferred and required in these information exchanges. This in turn presents a number of issues to be considered when collaborating on projects, from those responsible for the implementation and administration of information management systems, to the day to day users and operators of the asset.

This document deals with cyber security in terms of planning for and dealing with attacks with reference to other, existing standards and with special interest paid to the elements of building services systems that may represent vulnerabilities to such actions.

We have also provided templates that should help with organise Model Review Meetings, which are available here: 

Model Review Meeting Agenda

Model Review Meeting Minutes

The following free-to-all templates are made available alongside the Digital Engineering Series, and can be downloaded here:

Contents of DE6:

  • PAS 1192-5
  • General principles
  • Built Asset Security
    • Security manager
    • Built Asset Security Strategy
    • Built Asset Security Management Plan
    • Security Breach/Incident Management Plan
    • Assessment of the potential risks in the event of a security breach or incident
    • Risk mitigation
    • The review process
    • Review of the SB/IMP
  • Built Asset Security Information Requirements
  • Working with suppliers
  • Asset management
  • Common Data Environments
    • Setup
    • Access
    • Training and awareness
    • Technical integrity
  • Cyber security
    • Building Management Systems
    • Smart meters
    • Web-enabled devices
    • Internet of Things
  • Security and building regulations
  • Questions for the IT Department
    • Boundaries
    • Connectivity
    • Cooperation and coordination
    • Advice for behaviour
    • Updates and maintenance
    • Firewalls between connections
    • Air gaps
    • Intelligence and surveillance
    • Server locations
  • Dealing with the aftermath
    • Continuity planning
    • Data recovery
    • Public relations


Carl Collins - Consultant to CIBSE


Dwight Wilson – Imtech

Dr Hywel Davies – CIBSE

Martin Howe – SES Engineering

Jeremy Newsome – WSP

Chris Powell – Atelier Ten

Mojca Roženičnik Korošec – Turner & Townsend

BEAMA BIM Steering Group

Share this page