Cybersecurity: A No Brainer for Construction Technology

In today’s digital world, every piece of information is stored on a remote system and it’s the service provider’s responsibility to take appropriate measures to protect client data.

Less than a decade ago, the construction industry was largely untouched by digital technology. A 2016 McKinsey article envisioned a future where the industry would embrace digitization. Yet, it barely touched upon the implications for data privacy. Fast forward to today, digital advancements are revolutionizing the sector, creating a new challenge–cybersecurity. 

A recent IBM report highlighted a grim reality. The average cost of a data breach in 2023 has escalated to $4.45 million, up 15% over three years. This figure isn’t just a statistic. It’s a wake-up call for enhanced data security measures in our field.


Creating Full-Circle Cybersecurity Measures


Understanding the complexities of cyber threats, especially in a sector as dynamic as construction, should be well known. However, recent studies indicate that the construction industry is the third most targeted industry for cyber attacks – particularly as a “symptomatic [effect] that the construction industry lags behind many other industries in terms of cyber security and privacy protections.” 

This vulnerability, exacerbated by our increasing reliance on technology, makes adopting comprehensive cybersecurity measures imperative. 

“The continuous adoption of cloud, continuous hybrid workforce, rapid emergence and use of generative AI (GenAI), and the evolving regulatory environment are forcing security and risk management (SRM) leaders to enhance their security and risk management spending,” – Shailendra Upadhyay, Senior Research Principal at Gartner

Aligning with this perspective, SmartPM’s CTO, Rohit Sinha, guided SmartPM to achieve its ISO 27001 certification and SOC 2 Type II compliance in one calendar year. For Sinha, these achievements represent more than regulatory compliance. They signify a commitment to embedding a culture of security in every aspect of our operations.


Achieving SOC 2 Type II Compliance


Developed by the AICPA, SOC 2 is an extensive auditing procedure that ensures secure and private handling of client data.

“By following the best practices laid out by industry leaders, we provide our clients with the reassurance that we are doing everything in our power to ensure their data remains secure. They entrust us with their data. So, it is our utmost responsibility to ensure its integrity and confidentiality on our watch.” – Rohit Sinha, CTO of SmartPM

SOC 2 Type II is an important milestone but is in no way an end to our commitment to our clients and the security of their data. SmartPM views security as the foundation upon which our products are built and trust with our clients is earned and maintained. And so, Sinha spearheaded another initiative for SmartPM in 2023: ISO 27001. 


The Role of ISO/IEC 27001 in Our Security Strategy


To achieve the ISO 27001 certification, organizations must meet the specific requirements for establishing, implementing, operating, monitoring, reviewing, and maintaining an Information Security Management System (ISMS).

“In today’s digital world, every piece of information is stored on some form of remote system. It is the service provider’s responsibility to ensure they take appropriate measures to protect their client’s data.  Our ISO 27001 certification marks another milestone in our commitment to ensure that our clients do not have to worry about the security of their data in SmartPM.” – Rohit Sinha, CTO of SmartPM

To validate conformity and certify SmartPM’s ISMS against the ISO 27001 standard, we engaged its Certification Body, Sensiba LLP. (Sensiba), to perform a thorough certification audit. In a landscape where cybercrime is escalating, and new threats are constantly evolving, managing cyber risks can appear daunting. However, ISO/IEC 27001 provides a structured approach that empowers organizations like ours to become risk-aware, enabling us to proactively identify and address potential weaknesses in our cybersecurity infrastructure. 


Why Data Privacy Matters to Us


On our journey through phishing simulations, mock attacks, vulnerability assessments, and extensive company-wide trainings, we’ve recognized one thing. This process goes beyond technology – it’s about people. Our efforts focus on cultivating a security-conscious culture, ensuring every team member is aware and equipped to protect our data and systems. 

“As we continue to navigate cybersecurity vulnerabilities, we stand firm in our resolve to protect the integrity and confidentiality of our clients’ data. In doing so, we not only adhere to the highest standards of data protection but also reinforce our position as a trusted, secure partner in an industry that is increasingly dependent on digital solutions.” – Michael Pink, CEO of SmartPM.

In an era where data breaches are not just probable but prevalent, the companies responsible for digitizing the industry know that robust cybersecurity isn’t just a feature. It’s a necessity. For more information on SmartPM’s cybersecurity measures, please visit our Security page

Related Stories

Join our webinar

Invest in Continuous Improvement

By clicking "Submit", I agree to SmartPM's Terms of Service and Privacy Policy.