Accessibility Tools

Skip to main content

Maturity Indicators of Smart Built Environments

Maturity Indicators of Smart Built Environments

To understand the difference between buildings that have smart technologies and those that are real Smart Built Environments, we need to use some maturity indicators, here we present a starting point.

The Smart Built Environment definition uses maturity levels to explain the technological improvements in decision-making to provide the expected benefits over time.

Smart Built Environment Maturity Level Indicators

There have been many definitions of Smart Buildings, from many factions including manufacturers, where some definitions seek to include their technologies and products, while at the same time excluding those other vendors or previous technologies. The unfortunate result of these definitions is that there is a lack of clarification or understanding of buildings and environments of the past and their context to other buildings and technologies. The following maturity levels are not in themselves intended to be a maturity model (this is being developed and finalised to be submitted to the IoT Security Foundation at a later date).Indicators

The purpose of the levels at this stage is to provide a basic understanding of buildings and environments which have used devices, technologies or systems which may be categorised as being smart by any wide or narrow definition.


At levels -1 and 0, there are no or a few security controls built into the device, so that any controls applied have to be applied at other levels. Further, that the cyber security and physical security teams are working independently and may or may not share some very basic threat or risk information.

From level 1 upwards security control capabilities are built first, into the device, then system and finally the system of systems. Also, the increase in communication between the cyber and physical security teams grow to a point where they finally work as a single aligned risk team (even if they are not co-located). Further, that the recognised need for a unified security operations centre to deal with incidents in the environment has led to its existence.

The higher levels of maturity indicate that the environment is not only purchasing secure devices and systems, but that the governance in place means that it is able to respond easily to device and system vulnerabilities. It’s cyber and physical security employees work together, and the response capabilities are integrated to impact where they need to, to ensure the security and safety of the environment at all times.

It will be noticed that as the maturity level increases, not only does the level of security control requirements increase but the Smart Built Environment is able to act or respond better to provide greater benefits safely than the previous level.

Points to note:

  • Indicators of security requirements or controls is no indication of correct configuration, and therefore actual security maturity.
  • The maturity controls or capabilities are indicative of manufacturer developed controls in building control devices and systems, not additional security controls at other levels (which may be the domains of other security professionals).
  • The “smartness” of the environment going up the levels is a combination of security control requirements, use of data for analysis and decision-making, and the efficiency with which these are executed to achieve the benefits.
  • The higher the level of maturity, the greater will be the efficiencies created by the decision-making through the use of data analysed, as well as the security requirements for assurance that the environment isn’t manipulated by intentional or unintentional rogue data. So, the number of data quality controls will go up proportionately in the maturity levels.


Copyright, Trade Marks and Licensing All product names are trademarks, registered trademarks, or service marks of their respective owners.

Copyright © 2020, Virtually Informed Limited. All rights reserved.

This work is licensed under the Creative Commons Attribution 4.0 International License. To view a copy of this license, visit Creative Commons Attribution 4.0 International License.