Secure Data Management for Utility Surveys

1. Tendering


When tendering for any survey work, the surveyor should consider the security of sensitive data at all stages and include appropriate and proportionate measures where required. The surveyor should:

01. Site assessment
Assess the site and/or asset being surveyed. If specific security measures are stipulated in the tender documents, plan the bid around these. If no, or minimal, security guidance is stipulated by the client, consider the Triage Process for the Publication or Disclosure of Information1 from the Centre for the Protection of National Infrastructure (CPNI) and assess the risk. Contact the client to discuss what additional measures may be needed. Sites requiring higher security measures could include utilities supplying or being adjacent to:

■ Critical national infrastructure.
■ Defence, law enforcement, national security or diplomatic buildings.
■ Commercial sites that create, trade or store significant volumes of valuable materials, currency, pharmaceuticals, chemicals, petrochemicals or gases.
■ Landmarks, nationally significant sites or crowded places.
■ Locations or routes used to host events that could have a security significance.


02. Assess the neighbouring buildings and infrastructure assets. If the survey will need to collect data on these, consider if they are sites that require additional security measures.

03. Existing data
If the client is supplying existing data, appraise the management of that data, whether in print or digital formats, and consider the following:

■ Will copyright licences be needed or included?
■ Will any of the supplied data be sensitive and therefore will additional security measures be required? For example, concerning who has access to the data or if it can be downloaded and stored offline.

■ Will data be combined from various sources? Consider if the management of combined data could allow sensitive information to be deduced and require additional security due to the information that can be gathered from models and simulations.
■ Will live monitoring data be shared? Consider who would require access to the system and what knowledge they would have of the alert codes and validation.

04. Data collection
If tendering for a survey at a site where the data will require higher security measures, consider what employee screening is required. If working regularly on projects that require higher security, consider arranging vetting2 for staff to demonstrate to clients that the survey company has a security-minded approach to data and to enable faster deployment.

05. Data processing
Make the client aware if external data processing, modelling and visualisation will be subcontracted to another company, and if this company is based in the UK or overseas. If considering an overseas subcontractor, appraise what data would be sent for processing and if there could be any risk to intellectual property or to the commercial success of a business, or if the location could be considered potentially hostile or a security threat to the UK.

06. Data delivery requirements
The client should supply clear directions for the delivery arrangements for hard and soft copy survey material, including raw survey data and what encryption is required.

07. Be aware of how the client expects to validate and verify the delivered survey data.

08. Data retention and storage
The client should supply clear directions about the retention of survey data for warranty or professional indemnity purposes by the surveyor.

■ If the surveyor is permitted to store the data, the storage requirements should be refected in the contract (for example, Cyber Essentials, Cyber Essentials Plus3 or ISO 270014 certification).
■ If the surveyor is not permitted to store the data, a 'digital fingerprint' system, for example, could be considered. This is where the client takes full responsibility for the storage of the survey data, with a verified manifest created on data delivery. If an issue or dispute arises, the client has to provide the surveyor with copies of relevant survey data, the authenticity of which can be verified using secure digital signatures generated during delivery of the original material.
■ The surveyor should check what requirements its insurance company has in relation to retention of, and access to, relevant data.


09. If the data is being stored in the cloud or in a file-sharing system for the surveyor, client or third party, consider if there are any access restrictions in the country that hosts the storage server. While ensuring the security of potentially sensitive data, it is important not to block access to data that can be shared under defined and agreed terms for permitted purposes.

10. Data ownership
The client should assert in the contract who owns the data and its permission requirements for sharing data with third parties. The surveyor could explore with the client the advantages and risks of data sharing, dependent on the project and collection method.

11. The client should state who will take ownership of excess data collected above the requirement, for example through mass data collection methods, and if it is permissible for sharing or onward sale to third parties. Clients should be mindful that some survey quotes may be artificially low in order to win a competitive tender, as the loss may be compensated by onward sale of data.

 

1 Triage Process for the Publication or Disclosure of Information: https://www.cpni.gov.uk/security-minded-approach-open-and-shared-data

2 https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/715778/May-2018_Government-Security-Classifications-2.pdf

3 https://www.ncsc.gov.uk/cyberessentials/overview

4 https://www.bsigroup.com/en-GB/iso-27001-information-security/