buildingSMART Forums

Audit trail: indisputable documentation

Each project party needs guaranteed long-term access to a complete, consistent and indisputable documentation of facts (“audit-trail”) to be prepared for possible claims and court procedures.
Detailed documentation helps all parties in dispute to clarify legal position and legitimat claims.
This helps to avoid lengthy and expensive court proceedings with uncertain outcome.

How does the demand for complete, consistent and indisputable documentation available to all project parties in the long term coincide with current BIM practice and new developments like CDE, Decentralized CDE, Linked Building Data, Semantic Web technologies ?

As a starting point for the discussion I draft some scenarios based on a principal-to-agent (P to A) relation (e.g. promoter-to-main contractor):

P … principal
A … agent

CDE/P … CDE under control of principal
CDE/A … CDE under control of agent
CDE/N … CDE under control of a neutral trustee

Scenario a)
P - A
(without CDE)

Scenario b)
P - CDE/P - A

Scenario c)
P - CDE/A - A

Scenario d)
P - CDE/P - CDE/A - A

Scenario e)
P - CDE/N - A

CDEs aren’t a new development. They have been around for decades in other industries.

An IFC dataset can be stored in a version control system, such as Git, SVN, Hg, CVS, P4, and so on, and that can achieve out of the box:

  • Complete, consistent and indisputable full log of changes including what changes were made, when, why, who, and relationships to various other 3rd party documents such as contracts
  • Digital signatures in line with government-grade cryptography standards via the PGP standard
  • Digital encryption to ensure access restriction to various parties who have responsibilities over certain things
  • Support for centralised data management strategies, if required
  • Support for decentralised data management strategies, if required
  • Access control listings to allow different people to modify various things
  • QA procedures to ensure changes are properly reviewed
  • Integration with robust data archiving and backup procedures
  • Ability to query the history for legal requirements

You can achieve this now with 100% free software standards which has been used for decades to provide the exact same benefits in the software industry, in the data warehousing and database industry, in the games industry, and in the film and VFX and animation industry.

In fact, the OpeningDesign studio has been using Git with digital encryption to do this already.

There is no need to develop yet another standard, since this is a solved problem. You can get started now, by learning how to use Git, and using it with IFC.

1 Like

Dion @Moult, you’r totally right, but like always I have a different view

Please please please don’t see things with “PROGRAMMERS” view

The maority of your target users are people who don’t have programming background and “won’t” learn something new, you have to “simplify” processes as much as possible, that even a kid can learn it

This is why today the majority use Revit, Tekla, or similar software, because “maybe they don’t support things well” but are user friendly

UX/UI is really important, even important than the solution and its technology/method

So, you’re right CDE is not a new thing, even in the built environment industry, and even some know that CDE generally wasn’t “successful” before

So, it means that if someone wants build a promising CDE, “SHOULD” think about processes more than anything

People working in the OpeningDesign team are not programmers but are capable of using these standards successfully. There are also very non-technical people at my work who are now able to use Git for their BIM projects. All it takes is a simple UI. I have found that the Github desktop client is extremely simple and takes about 5 minutes to train somebody how to use.

I think what is required is a new Git client with a nicer UI and with presets specific to the AEC industry, as well as using more AEC jargon. The underlying tech can be the same and buildingSMART doesn’t need to spend time reinventing the wheel.

1 Like

I couldn’t agree more, especially at this stage

For sure during the time we can improve workflows/processes as much as we can

@Moult and @ReD_CoDE

Thx for starting the discussion.
I like the way to use existing solutions instead of reinventing the wheel.

But what about reliability, warranty, guaranteed long-term availability, trustworthiness?

Scenario a) P - A the current standard case without CDE:
Every project party stores its own “truth” as its “personell” audit-trail.
In case of dispute each party of dispute takes that part of its “personell” audit-trail that supports best its position at the court.
In the absence of indisputable documentation we often see battles of subjective pseudo-facts (different “truth”) leading to lengthy and expensive court proceedings.

Scenario b) P - CDE/P - A
A will not trust P to provide complete and neutral audit-trail in case of dispute.
Hence, A will run its “own” shadow audit-trail finnaly leading again to different “truth” presented at court.

Scenario c) similar (mirrored) problem like in Scenario b)

Scenario d)
If CDE/P and CDE/A are synchronized permanently to ensure reliable consistency (single, common truth) then the demand for indisputable documentation is fullfilled.
Legal provision is needed in case of data-loss (e.g. intentional data-loss if data is detrimental for the corresponding party). Who is risk-taker and has burden of proof in case of (intentional) data-loss?

Scenario e)
CDE/N is operated by a neutral trustee. This takes the burden of multiple CDE operaton from the project. Project parties need not run their own CDE. But the neutral trustee is an additional service provider causing additional cost.
The trustee has to warrant in a legally binding way the long-term availability of the complete, consistent and indisputable documentation of facts (“audit-trail”).
Technically, IT provisions like replication on different locations are needed
Commercially, the trustee needs a high level of organizational long-term stability (like public infrastructure operators)
@Moult
I am sure that free software can handle the technical requirements.
I am NOT sure if the requirement of organizational long-term stability is fulfilled.

What do you think?