by Andy Schonberger and Michael Magee
“Compliance” is about as fun a word as “audit” and immediately brings to mind a checklist and a sour-faced auditor with a clipboard who wants to audit you as much as you want to be audited. Say this to a property manager or anyone who manages tech in buildings like we do, and you will likely get a frown or suddenly have staff call in sick.
But we must be aware of multiple federal, state (provincial, for my Canadian connections!), and local compliance requirements and the list seems to be getting longer. To list off a few of these fun areas:
- Tenant compliance: On leases, insurance, rent payments, fit-out compliance with building codes and more.
- ESG reporting and compliance: A growing list of local and state jurisdictions requiring disclosure of energy and carbon usage, creating risk for building owners that have not invested in basic system visibility or the ensuing efficiency measures.
- Cybersecurity compliance: We will not be able to hide breaches forever. New regulatory compliance requirements are rolling out, the largest of which is the SEC’s requirement for disclosure for “material” breaches for public companies.
- Building codes: Not a new area for development teams, consultants, and contractors to be aware of, but they are advancing into new areas in ESG and cybersecurity. For example, the 2023 update to the National Electrical Code now asks electrical inspectors and design reviewers to consider the impact of a cyber event on connected electrical equipment to ensure it meets industry cybersecurity standards.
What does this all mean to building owners, developers and operators? Most of these changes are incremental to previous regulations and mean we need to find more efficient ways to stay compliant. That generally means new tools, automation, and connectivity requirements are needed to track and deploy programs to demonstrate compliance. It is more important than ever for the digital infrastructure of the building to securely connect to these data sources so compliance teams have easy, secure access to the data they need.
Here’s an example: We recently had a client ask us about creating an audit trail for their risk team that tracks not only who physically entered the building during a specific period but also who’s connected to it digitally. Without managed internet access, fulfilling this requirement is nearly impossible, considering that building engineers, contractors, property managers, and even guests may have access. Offering this service is part of what we do, and its benefits extend beyond mere compliance. Though, compliance demands often drive the development of new services that enhance audibility and risk evaluations.
Easy enough to say in a post like this, but how? We use the SONIC (i.e., secure, open, normalized, interoperable, converged) framework for the technology in buildings.
Why take my word for it? Here is the General Services Administration (GSA) Administrator Robin Carnahan explaining their use of the SONIC framework:
“Security comes first because that’s a non-negotiable – whether we own or lease a building, we need to know that every system is secure because we have to protect our government systems and information. In fact, as of this year, we’ve invested in improving our cybersecurity posture in over 500 locations by implementing zero-trust architecture… and we’re going to keep ahead because we know that’s the only way to effectively and proactively minimize risk. Open – means we want systems that are easy to use, scalable, and non-proprietary and using standardized, open APIs. This reduces barriers and drives competition and innovation while streamlining how we manage our portfolio. We also need systems that are Normalized, Interoperable, and Converged. We want great technologies that use a single network, simplify how our folks interact with them, and make it easier to make smart decisions. The good news is that we’ve been using this SONIC model for years. To date, about a third of our building meters and control systems are connected to the GSA Network and more are coming online every year.”
Reach out to us for a guide describing these principles. Each one of these framework elements can be a can of worms in our industry if you aren’t sure how to navigate them. We have decades of experience deploying this framework in some of the largest portfolios on the planet and can help you, too.