Development of a governance framework for delivery of collaborative and security-minded BIM projects

Abstract

This study explores secure-collaboration for BIM projects in response to concerns as to whether
project environments concerned with critical national infrastructure are able to govern digital
security-risks whilst also reconciling tensions between collaborative motives, leading to difficulties
in sharing enough information to ensure stakeholder efficiency whilst not exposing sensitivities
and elevating security-risk. This research aims to address these issues by: Devising a conceptual
process and data governance framework to enable secure collaboration for BIM projects. In
achieving this aim, the study captures the framework’s requirements by answering the first
research question: What is the nature of tensions between collaboration and security motives
within security-minded BIM projects that are barriers to achieving secure-collaboration? This
question’s answer is central to answering the second question: What is the nature of the process
and data governance framework that is required to resolve existing tensions and enable securecollaboration?
This thesis captures requirements via a thorough study (primary and secondary) in the context
of security-minded BIM projects. The design-science methodology was adopted to guide the
framework development and evaluation; semi-structured interviews with 13 experts were used to
diagnose the tensions concerning: security-risk governance, BIM process and technology
implementation, alongside BIM governance limitations. Based upon findings, the framework’s
requirements for comprising process and data governance concepts were developed. The
framework was evaluated with 8 experts via a qualitative feedback categorisation technique to
assess its capacity to facilitate secure-collaboration.
The outcome of the diagnostics process revealed that tensions arise within projects due to a lack
of a holistic security-risk governance approach, and a misalignment between project collaboration
and security requirements. This leads to a cascade of incompatible project implementation
xviii
choices, which limits the efficacy of information governance to appropriately secure critical assets,
whilst diminishing collaboration capacity to ensure a timely and cost-effective project-delivery.
Stakeholders are also constrained by security-measures which are not integrated with their
informational needs, resulting in issues such as securely coordinating sensitive information
amongst partners, or professionals being unable to access information due to inaccurate
sensitivity classification and clearance constraints. These tensions are also linked to divergent
cultural pressures for increased digitisation and openness, versus the need for security-minded
approaches which are accompanied by administrative, commercial and contractual burdens.
These tensions are the sources of great frustration within security-minded environments
interviewed in effortlessly achieving secure collaboration, whereas a bleaker picture is present for
the broader AEC sector as to whether organisations can support the secure digitisation needs of
inexperienced clients and protect their assets within an evolving digital security-risk landscape.
Alleviating such tensions requires clients to apply holistic security-risk governance approaches
and define integrated project requirements that reconcile security, collaboration and efficiency
motives. Findings also indicate that information-flow tensions are present for professionals to be
able to seamlessly share and receive only the necessary information, when and to who necessary,
at an appropriate and secured level of detail. Alleviating such tensions is difficult as they are tied
to the limitations of BIM-based governance approaches utilised within practices. To resolve such
information-flow tensions, findings propose that the key elements to be integrated into the
process and data governance framework are considerations for information planning, transaction
and governance concepts. At an overarching level, this is by ensuring practitioners securely share
and receive only the atomic information-sets which are necessary for them to deliver high-quality
project outcomes. The proposed framework has been validated via a high-level qualitative
technique as the framework is conceptual in nature. Therefore, future research is required to
implement and validate the framework in real-life project settings.