Best Practices for Project Security

This research, sponsored by the National Institutes for Standards and Technology (NIST), was a first step in establishing security-related best practices with respect to the delivery of capital facility projects for the heavy industrial sector. Capitalizing on the expertise and knowledge base of the Construction Industry Institute (CII), its purpose was to develop best practices for security implementation during the project phases of planning to start-up to enhance facility security throughout the project lifecycle.

Twenty-six practices, 11 of which had been validated by CII and 15 of which had been proposed, were evaluated by a team of industry experts to determine which were most appropriate for security enhancements. Six practices, pre-project planning, alignment, constructability, design effectiveness materials management, and planning for startup, were determined to be applicable. After identifying the essential security practices, security elements were defined. These included physical, personnel, and information security. The expert panel made a detailed review of each of the practices, and security enhancements were integrated into each of the practices.

The next step involved the development of the Security Rating Index (SRI). The SRI provides a quantitative means for assessing the level of use of the practices and to assess impacts on cost, schedule, and safety. Two key constructs underpinning the SRI are threats, which quality the likelihood of a security breach, and consequences, which qualify the potential results of a security breach over the project lifecycle.