The cloud has proven to be a reliable and secure choice for even the largest organizations, and is fast becoming the most trusted data solution. This page provides details about how we keep your data safe and secure. Considerations are also provided for projects that are confidential, and for projects where information cannot be stored in the cloud.
1. The NBS Chorus platform
1.1 Cyber Essentials Plus accreditation
NBS has achieved Cyber Essentials Plus accreditation. This is a UK Government certification scheme, with standards designed to protect businesses from cyberattacks. Following the standards of this certification means that NBS is practising preventative cyber hygiene, such as having firewalls enabled and using multifactor authentication. View certificate.
1.2 G-Cloud Framework
NBS Chorus is on the G-Cloud, the digital marketplace for public sector organisations to access cloud technology and specialist services for digital projects. For companies that must purchase all software through this system, NBS Chorus can be procured through Lot 2 Cloud Software which offers applications that are usually accessed over the internet or private network and hosted in the cloud.
1.3 Additional security testing
We test our platform against the Google VSAQ (Vendor Security Assessment Questionnaire) – the process that Google uses to assess vendor security to ensure the highest levels of compliance.
VSAQ is a collection of adaptable questionnaires for evaluating a given vendor’s security and privacy posture. Whilst we do not publicly publish the results of this questionnaire, we can make this information available upon request. For further details on VSAQ, click here.
Furthermore, we perform regular penetration testing on the NBS software platforms, in line with the latest National Cyber Security Centre Guidance.
1.4 Data storage
All data within Chorus is stored in secure data centres in London, operated by Amazon Web Services (AWS).
The AWS cloud is a network of remote servers hosted on the internet and used to store, manage and process data in place of local servers or personal computers.
Chorus runs with AWS’ state-of-the-art infrastructure, and uses its comprehensive security features to enforce rigorous access control and defend against threats such as DDoS attacks. Our policy is to keep data encrypted in transit and at rest, wherever possible, to eliminate the possibility of any unauthorized access.
1.5 Data ownership
NBS claims no ownership rights to data entered into NBS Chorus by users. All of the intellectual property rights in the NBS Chorus service, NBS content and any materials or software created or used in the provision of training are, and shall remain at all times, the sole and exclusive property of NBS or its licensors.
1.6 Data backup
Our infrastructure is designed to be extremely reliable, and uses the latest cloud technologies to minimize the risk of any data loss. Data is continually backed up, with a restoration window target of five minutes (the maximum potential period of any data loss in the unlikely event of a problem). In addition, data and backups are stored on systems with designed durability of 99.999999999%, giving robust protection from component failure leading to data loss.
2. Working on more confidential projects
When working on more confidential projects, NBS Chorus allows for further restrictions to be applied. In addition, there is expert guidance available on the Centre of the Protection of National Infrastructure (CPNI) website.
2.1 Hide project names from colleagues
Within NBS Chorus, all users added to an organization’s licence can see the project names. There is an option at project level to control which colleagues can and cannot see the name of a project.
Further guidance covering the NBS Chorus options in this area is available at the support page below:
2.2 Data permissions
With respect to the specification information within a project, it is possible to grant levels of access at the level of the specification. For example, an architect at a multidisciplinary practice working on a project may be given contributor permissions to the building fabric specification and read-only permissions to the structural specification, but not granted access to the specification for the access control, CCTV and building management systems.
This is shown in the screenshot below.
Further support information on the restricted access features in Chorus is provided below:
2.3 Enhanced organization access control
NBS Chorus access can be configured to work within an organization’s ‘single sign-on’ authentication scheme. This can improve security by:
- Ensuring that, when they leave the business, colleagues are removed from all applications they may have had access to.
- Allowing administrators to apply enhanced rules on password strength.
- Enabling multifactor authentication, such as two or more pieces of evidence (e.g. remembering a password and receiving a code on a mobile device).
2.4 Security-minded tips
Over and above software considerations, there are many additional security-minded considerations. Specifications may be printed out, emailed to external organizations, copied to portable storage devices and distributed in a multitude of ways.
With this in mind, a confidential project may have policies in place such as:
- Not including the real project name or address in the specification. For example, a code name such as ‘Project Alpha’ may be used. Consider a specification being found on a portable storage device or even printed out and lost – on confidential projects, it may not be prudent to have an identifiable project name on the header or footer.
- Not including identifiable names in the specification, if doing so is not necessary. In particular, organization-level email addresses may be more appropriate; for example, email@example.com and not firstname.lastname@example.org.
- Use names that make it more difficult to identify assets. For example, ‘Doorset Type C’ and not ‘Doorset to secure storage room’.
Further information on a security-minded approach to digital engineering can be accessed at the link below:
3. Working on projects that are not allowed on the cloud
On the most secure projects, where all information must be securely controlled in an offline environment, it is still possible to use NBS, but in a much less functional way.
It is possible to access NBS Chorus to download the latest specification templates in DOCX (Microsoft Word) format.
This would then allow the specification to be developed in an offline word-processing tool.
Depending on the specific project procedures for read-only internet access, access to NBS Chorus and NBS Source may be allowed so that the technical guidance, suggested specification values, links to reference documents and manufacturer information can be viewed.