Black image showing bright coding lines on the left and a finger pointing at the numbers

Norms, Compliance and Data Security


C-Levels, business leaders, and directors of the companies in the AECO industry are professionals that have experimented in their own life the shift from paper-based analogic work and communication towards the digitalized world we operate in now. As responsible for the success and failure of their companies, and all the families and people whose lives depend on that, they are aware of the threat that represents a changing legal environment. 


To state that the job of a construction or engineering company is to design a facility or to assemble a building is simply too naive. These companies have to deliver these services and products but always inside a framework of proven legal compliance. The latter seemed to be static no later than two decades ago. Now it is changing and adapting. Sometimes the speed is so high, that it feels like shooting at a moving target. Sometimes it is more like a new idea that is defined, but as a target not visible or defined enough to even aim at it.


Quality sources

When studying professional project management at the PMI (Project Management Institute), the concept of Quality is one of the 10 areas of knowledge (in the PMBOK by PMI). First, the concept itself is defined to make it clear that quality means basically: meet the expected. Second, clarification is that norms and legal framework are part of that quality. Most interesting is the fact that the third eye-opener is that all projects have 3 qualities or quality sources that need to be respected. 


The company’s quality itself is the primary quality source. If an engineering company is participating in a project, it has to work internally based on some workflows and standards. Those who are responsible are in charge of tasks including precise aspects of the design, correct naming of documents, right sizes and color codes of printed documents, etc., printed documents have sizes and color codes, etc. Every company has that, even an individual architect will work into a folder structure that he has created, store information in a way he decided is optimal for his size, and communicate in specific ways with the outside depending on the relevance of the information.

The second quality is the client’s standards and the object themselves are quality sources. By norms and depending on the country or region, a hospital must have X meters of distance maximum between A and B, X elevators depending on the bedrooms per floor, etc. Some clients add a specific quality requirement, such as a grey book of style for instance, where it defines the client’s quality standards for an object, i.e., client’s standards. As an example, Hilton Hotels define the norms according to the different hotels, e.g., “Garden Inn” or “Hampton by Hilton”. 

The third one is the quality of the spot. Any client who wants to build something somewhere has to respect the city’s legal framework. This goes in the bucket of official norms or laws.


Impact of digitalization

All this was complex, but pretty clear two decades ago. It was only arranging the content of the documents and the physical output of the project, which for most of the participants seemed to be a building or facility. Even in those times, the PMI was already talking about the other output of every project and referring to it as a set of data. The objective of that data set was to flow back to the PMO (Project Management Office) to be used as records for continuous improvement processes and for future claim management.

What happened with digitalization?  Documents have become data and a layer of metadata has been born. Data is shared, linked, and sent. This generates an exponential increase of data, which then affects the information. The data in this document states that 1+1=2. However, it is now possible to know how many people have seen the document and how many are working on the current file. With the same data, it is possible to go from one piece of information to a much larger quantity, e.g. 24. And this example is still very conservative. Digitalization of data, in the case of the Schiphol Airport BIM (Building Information Modeling) journey, represented the basis for a “Digital Twin (1:1) of the airport” modeled in 3D.


So quality number one (i.e., company quality itself) is being affected in terms of “what can we share/publish” which needs to be filtered out. Second quality, i.e., the clients’ standards and the object itself has become incredibly complex, as the regulation around objects in a copy-paste environment has multiplied infinitely. It used to be possible to construct a building with 10 drawings and 20 pages of text. Now it is more like 500 drawings and 1000 pages of text. Finally, quality number three, i.e., spot quality, has become the worst, as it is now trying to define the what and how. 


It is obvious that there needs to be regulation around the protection of personal data. The collateral effect is to understand how to do that in a world where everything is tagged with metadata and transnational projects, including different regulations. So what is the legal framework to be respected? On one hand, this is a very interesting challenge as it is combined with global tensions due to different approaches to data authority. On the other hand, constantly evolving technologies can no longer run on privately hosted servers and must be outsourced to the cloud. In the latter, control over hosting is much more difficult. The market insists on preserving safe data, but this is easier to state as to do. Data protection, GDPR, norms, compliance, etc. are the hot topics for some years, and will even get hotter. 


This takes us back to the leaders of companies that are trying to make the correct decisions, or at least not dramatically incorrect ones. In order to decide the system these actors will choose in the coming years, they need to think about a system that is able to protect the data, store it in the correct places with guarantees, protect the participants of the project, and their personal data. At the same time, the systems need to set the conditions to guarantee that all three qualities are possible in the future inside it. They have to decide how the ecosystem of projects and tools will allow them to continue growing into higher degrees of digitalization.


Andrés Garcia Damjanov, Chief Revenue Officer (CRO) at Catenda.