Once you have decided to digitise your processes and adopt the use of a CDE, you will need to consider security. A CDE will bring significant benefits and efficiencies, but with all your project data in a single digital space, how vulnerable is it and how do you ensure it is accessible only to its intended users?
Why do you need to protect your CDE?
It’s worth remembering that even with a project that isn’t considered especially sensitive, protecting the information by appropriate document control and data security is paramount. Project files such as 3D models can hold vast amounts of information, some of which may contain personal data, protected by GDPR and the Data Protection Act. Therefore, keeping it safe is a legal obligation.
“Security is paramount when it comes to cloud-based CDEs,” says Zutec CTO, Mike White. “Data management processes and procedures need to be airtight every step of the way, which includes implementation, support and future software development.”
First you need to establish what standards your CDE is in compliance with, in terms of both data hosting and CDE administration. Then you need to grant managed and controlled access to the correct personnel, and deny it to everyone else, typically through a standard username/password combination.
Hosting your CDE on a secure server with appropriate backups and resilience measures is vital. This will make sure that any failure of the servers will not result in you losing data, therefore compromising your project.
But secure hosting is not just about backing up your data, adds Mike White: “When choosing a CDE vendor ensure that the security certificate is in their own name as opposed to your data being hosted on a third-party platform. This is the only way to be sure that data management compliance is being achieved.”
Appointing an Information Manager
The reason it’s so important to appoint an Information Manager who oversees access on a continuing basis, is that there is a lot involved in granting and monitoring these privileges. While you may choose to have more than one person responsible for administrating permissions, depending on the scale of your project, one team member should ultimately be in charge.
Thinking about when access controls are reviewed is key. As well as admitting new team members or organisations joining a project, you may want to set up periodic reviews, depending on your company structure. You’ll also need to remove access from people who are no longer involved, and decide how to keep an eye on and record unauthorised access attempts.
Simple access or activity permissions?
Another consideration is how much team members are allowed to interact with the data. In other words, can they edit as well as view files? The options include the usual – read only, read only and mark up, edit and upload/download. In some cases it’s a good idea for permissions to also limit the scope of data a user has access to, so that they don’t waste time trawling through folders and folders of information that is largely irrelevant to their role.
Permissions can be allocated by role or considered on an individual basis, depending on what you have capacity for. Adequate training also needs to be given to users to ensure that any data uploaded is appropriate to the project in question.
We’re here to help
There is a lot to remember, which is why we can’t stress enough how important the role of Information Manager is. While it may sound complicated, a secure CDE will create efficiencies that make you wonder why you didn’t adopt one sooner.
Teaming up with experts to cover all aspects of your CDE security is the simplest way forward. By choosing to work with the helpful team at Zutec you’ll ensure you get the most out of your CDE. Get in touch to book a free customised demo.