Choosing a Common Data Environment (CDE) is a high-stakes decision. Get security wrong and sensitive data is exposed. Miss standards compliance and projects face contractual and legal risk. Fail on usability and adoption drops.
The challenge is widespread. Research from UCL’s Bartlett School of Sustainable Construction found that the most common failure in CDE adoption is teams reverting to multiple parallel information sources, defeating the purpose of a single source of truth (Jaskula et al., Construction Innovation, 2024). The causes are consistent: poor user engagement, fragmented workflows, inadequate change management, and overly complex implementation strategies.
Here are 7 criteria Information Management leaders should prioritize when evaluating an enterprise CDE aligned to ISO 19650.
1. Independently verified ISO 19650 Framework Kitemark
ISO 19650 alignment is easy to claim, but difficult to enforce consistently without a purpose-built CDE. The ISO 19650 Framework Kitemark reduces the burden of selecting a CDE by giving teams independent assurance that the platform and processes already align with recognised information management best practice.
Asite is one of two UK SaaS providers that are accredited with the BSI ISO 19650 Framework Kitemark.
2. Security that's built in, not bolted on
A CDE contains sensitive contracts, infrastructure models, asset data, and financial records. Security cannot be treated as an add-on.
According to Construction News, construction remains one of the most targeted sectors for ransomware attacks, yet many organizations still lack formalized CDE security baselines in procurement requirements.
ISO 27001 certification should be considered the baseline. Beyond that, evaluate penetration testing frequency, data residency controls, and whether access governance extends across the supply chain, not just internal users. See Asite’s Security certifications.
3. Role-Based Access for ISO 19650 Delivery Structures
ISO 19650-2 defines a delivery structure such as, lead appointed parties, task teams, and employers’ information requirements. A CDE’s permission model should reflect that complexity. Permissions should operate at the information-container level, enabling suppliers and partners to access only the data relevant to them.
Asite’s configurable permission templates align with ISO 19650 delivery structures to ensure only the right people have access to the right information.
4. Automate workflows and approval states
ISO 19650 defines information states such as work in progress, shared, published, and archived. These are governance checkpoints, not labels.
A CDE should enforce approval workflows so documents cannot move between states without the required sign-offs. This creates a consistent and auditable approval chain across projects and portfolios, even under the pressure of fast-paced builds.
Asite embeds ISO 19650 approval states and workflow controls directly into the platform architecture.
5. ISO 19650 aligned naming conventions
ISO 19650 naming conventions structure information using project, originator, type, role, classification, and revision data, making information easier to search and manage across large programmes.
Look for a CDE that enforces ISO-defined naming at upload. ISO 19650-aligned platforms like Asite help teams maintain consistent classification across programs and supply chains by mandating naming conventions at the point of upload.
6. Immutable revision history and audit trail
Every upload, review, approval, and revision should create an immutable audit record. ISO 19650 requires audit trails to be complete and tamper-evident. This becomes critical during disputes, audits, and regulatory reviews, where organizations need to demonstrate exactly what was approved, by whom, and when.
Asite generates immutable, timestamped audit trails at field, document, and workflow action level, with full export capability for legal and regulatory purposes.
7. Structured metadata and connected information
Metadata makes information searchable, governable, and reusable across the asset lifecycle. Without structured metadata, handover and asset management become manual and fragmented.
A strong CDE should support configurable classification structures and relationships between documents, approvals, BIM objects, and issues.
Asite's structured metadata capture and configurable information relationships help organizations maintain searchable, governed, and connected project data at scale, from early design through to asset handover.
Choosing an ISO 19650 CDE for a successful project delivery
The platforms that hold up across enterprise programs aren’t always the ones with the most features. They’re the ones still being used, consistently, by the right people.
These criteria won’t make the decision for you, but it will help you to surface the questions that separate a platform built for enterprise information management from one that has been positioned that way.
To learn how Asite helps organizations standardize information management and comply with ISO 19650, get in touch with the team.
2 minute read
Asite Insights in your inbox.
Sign up for product news and our latest insights published monthly. It's a newsletter so hot, even global warming can't keep up.