Rendra AS is ISO/IEC 27001 certified!

StreamBIM handles large quantities of our customers’ sensitive data.

We work systematically with data security.

In a world increasingly exposed to physical and cyber threats, construction industry stakeholders are becoming more aware of the need to protect their data. Given that the physical assets we design, construct and operate will last for many years, and that the data describing these assets is more mobile and consumable than ever before in the digital formats of today, safeguarding our physical assets requires more diligence than ever before.

One of the tenets of BIM is that sharing data with project participants and democratising project data is advantageous for the design and production processes. We want people to read from the same page and have the same understanding of the intended result. On the other hand, uncritical sharing of data can lead to breaches. Projects must be aware that their data needs to be protected in the same way as they would secure their building sites. Access should only be granted to the people who have a job to do inside the perimeter fence.

We are proud to have achieved ISO/IEC 27001 certification for our ongoing work on securing our systems and data against all threats. Our customers and partners can rely on us at Rendra to continue doing our utmost to protect their data in StreamBIM.

Customers looking for data management solutions that protect their data need confidence that the systems entrusted with their data are secure and managed appropriately. An Information Security Management System (ISMS) is a good response to these requirements. ISO 27001 formalises the structure of an ISMS. Certifying according to the standard demonstrates to customers and users alike that an organisation takes information security seriously and continually works to maintain and improve routines.

Why we spent so much time and resources on certification

The certification strengthens our obligation to provide first-rate BIM solutions in StreamBIM that not only are innovative and user friendly, but also secure and reliable.

- "We in Rendra have always had a focus on data security and worked continuously on protecting our customers’ data. We are proud that we now have formalised our ongoing work with the ISO/IEC 27001 certification. We will redouble our efforts on data security and maintain the quality our customers expect, so StreamBIM will continue to be the best - and most secure - collaboration platform on the market."

- Ole Kristian Kvarsvik, Managing Director of Rendra AS

We have maintained a high focus on data security since our founding in 2012, but in a digital world that is becoming ever more precarious, it is important to document that we make every effort to protect our systems against unfriendly actors who might want to exploit any security gap for whatever nefarious reason.

Some of our customers are required to document that their systems are secure against data breaches, either in general or for certain projects, and are in practice forced to choose systems that are ISO/IEC 27001 certified. For us at Rendra, this has been a good opportunity to better chart the risks we face and formalise and shore up our routines and have them scrutinised by a third-party audit.

What we have done

During the certification process we have taken all our preexisting routines and processes and formalised and documented them, in addition to enforcing a more stringent control system. This gives us more robust and verifiable routines to handle current and future data security threats.

Included in this are strict guidelines for access control, data encryption, regular revisions and systems maintenance, as well as a more systematic training programme for Rendra staff to increase their focus on data security.

What we have learned

Data security has always been part of Rendra's DNA. The streaming of building data from data centres to PCs and handheld devices has forced us to think about data security from the very beginning. Through access controls, we can ensure that only the relevant project data is being made available to only those who need to access it, and no one outside the project. We can further secure the data by disabling file downloads from projects.

- "For us at Rendra, the process of certifying to ISO 27001 has been fun! As I joined the organisation in 2021 and started the certification process in 2023, it has been very encouraging to see that solid foundations for an ISMS were already laid. Essentially, the task now was to demonstrate compliance with ISO 27001 by documenting the existing technical measures and describing organisational procedures."

- Rupert Hanna, Chief Implementation Officer in Rendra AS

During the certification process you learn that certification itself is not the end goal. Once an organisation is certified, the journey begins. Certification requires an organisation to continuously improve its procedures and systems, assess new and existing risks and follow its own procedures. Often, the weakest link in information security is the people who handle the data. Proper training of the entire organisation is key to ensuring the principles of information security and how to apply them in the context of operations.

It's not the system that is certified, it's the organisation.