Introduction to Purchasing Security

Introduction to Purchasing Security

The key objective of this briefing is to bridge the gap of the complexities involved in buying security services. This has been achieved by incorporating the experiences and perspectives of both parties. The UK security sector is currently undergoing a period of rapid legislative change. Against a background when security and procurement professionals were found to have misunderstandings about each others role, a guide to good practice aimed at both groups was viewed as timely.

Executive Summary contract management philosophy. All of • Whether those that quote the minimum Chief executives look to purchasing and which will encourage security providers to price can deliver on all aspects of the supply management to control costs and become superb suppliers and build contract. manage risks by removing vulnerabilities in unconditional trust with the client • The veracity of tender documents. the value chain.These are no less important organisation. The client organisation • Setting meaningful communication. when buying security. should be adaptable and should bring no • What you can get from a good supplier surprises. that you will not from a bad one. One of the important messages is that • Why an overarching security strategy is procurement is not an isolated activity within • Contract negotiation important. the organisation and when it comes to When negotiating a contract for a security • How to get behind the sales pitch. security many representatives should be provision, careful consideration will need brought together to help inform the buying to be given as to the types of clauses used. This business briefing on purchasing from the decision. For example, facilities management For example, many clauses used in service security services sector has been developed to are often linked to the provision of security, so contracts are generally termed boilerplate alert both security services and purchasing & taking account of their requirements is clauses, however, attention needs to be supply management (P&SM) professionals of crucial. given to more substantive clauses that will the common aspects of good practice. need to be embedded into the contract. The key to good security is to develop a 1. Introduction robust risk profile that considers the impact • Contract management Globalisation has brought about a rapid and of all the security risks upon all aspects of the - Service Level Agreements (SLAs) are extensive change in the way organisations business, ensuring that the security provision critical to the success in defining the operate. This change will increase has an appropriate balance between relationship between the client opportunities for wealth and well-being but technological and human resources. Clearly, organisation and its security provider. It also create new channels for risk and security services need to be cost effective and is becoming an increasingly important insecurity. proportionate to the risk.The following must document as it defines the basic be taken into account: - functional parameters such as service Business leaders are looking at ways to and quality. improve their own organisational readiness • Project definition - Key Performance Indicators (KPIs) are and responsiveness to address the above Defining the security requirements is one critical in all security agreements. It which are further complicated by issues such of the vital elements of the procurement ensures that the client organisations as pandemics, terrorism, natural disasters and process. The proposed specification needs expectations are not only defined, but even cyber threats. to be treated as a serious communication KPIs also serve to explain to the device that allows the security provider to security provider how their Ensuring organisations have the right balance gain a good understanding of what is performance will be appraised. between the ability to mitigate threats and the required. ability to respond to them is crucial for doing In conclusion, it is important that all parties business in the 21st century. Organisations • Prequalification involved in the procurement of security who maintain this fine balance will have the Prequalification criteria need to be broad services understand: - ability to weather the increasingly complex and cover at least the following: Details of • The nature of security risks and the precise business environment. the security provider’s organisation, the impact that security measures can make. commercial aspects of the offering and • The benefit of using accredited suppliers.

3 Introduction to Purchasing Security

There is a growing need to ensure that an 2. Security & the changing UK difficult to find the right security provider. In organisation’s security provision adopts a landscape fact, organisations have been owned by proactive approach to the protection of The security services sector in the UK is a people with serious criminal records; it is tangible and intangible assets not only within growth industry. It covers a range of services anticipated as a consequence of PSIA 2001 your own organisation but also the supply from the application of physical hardware to licensing will bring about an end to this type chain you operate in.As organisations business wide electronic security systems that of malpractice. continue to outsource services or even require administration level operation and establish physical assets in this more complex management.As well as manned guarding and In the Information Technology sector, some business environment the protection of both wheel clamping. engineering standards have been developed tangible and intangible assets will require a through the efforts of the BSIA and other more strategic approach to buying security Until recently security services and security industry inspectorates to establish some base services. systems provision have been seen as tactical line requirements for security systems.These and operational and little thought has been standards are concentrated mainly in the area The UK security market now has an given to its strategic intent. For some time key of Intruder Detection and Remote Monitoring approximate net worth of £3 billion - £4 players within the security sector have been by using graded systems to meet a certain billion per annum, and this looks set to rise working hard to ensure a more professional level of security threat such as in the Banking according to Professor Martin Gill of provision of security services and this is now and Financial Sectors versus low level systems Perpetuity Research & Consultancy Ltd becoming a reality. for Domestic or Small Retail Systems.These (PRCI). Professor Gill argues that 43 per cent security systems standards have mainly been of organisations involved in buying security In January 2001 the Private Security Industry put in place due to the high number of police had seen a visible increase in security spend Act (PSIA) 2001 was published and the call-outs to false alarms or unverified requests as opposed to just 8 per cent who had seen a purpose of this legislation was to set up a to attend a situation reported through decline. He also states that 25 per cent of regulatory body, now known as the Security unqualified security systems that have not met organisations involved in the research were Industry Authority (SIA).The SIA was set up in these stringent standards. Relevant British planning to further increase their security April 2003, but the full impact for manned Standards are BS8418 for alarm verification spend, outnumbering those organisations security services did not come about until and BSI PD6662 for installation of intruder planning to reduce it. March 2006.This new legislation dictates that systems incorporating BS4737 requiring the anyone who provides unlicensed contracted use of graded equipment under EN50131 In response The Chartered Institute of security personnel is operating illegally and parts 1 to 6. Purchasing & Supply (CIPS) are partnering committing a criminal offence; the penalties with Perpetuity Research & Consultancy for which range from fines to 5 years Understanding the technology and setting up International (PRCI) who are spearheading the imprisonment.The effect on the market place the equipment requires a trained technician or Security Research Initiative (SRI).This of this legislation is difficult to anticipate at programmer with a logical understanding of initiative is supported by The Security this stage. However, it is not inconceivable to the organisation the system is effectively Institute (TSI),The British Security Industry expect higher prices and a reduced skilled controlling.Trained & qualified staff should be Association (BSIA) and ASIS International.The workforce from which to select manned audited to ensure the provider is able to meet SRI members include, Case Security, CMP, security providers as a consequence of this the specification or design.The use of HSBC, Initial Security, Johnson Controls, uncertainty. Organisations may just disappear consulting engineers is commonplace in KPMG, Norbain, OCS-Resolution, Securiplan, off the landscape because of associated costs security systems but it is difficult to qualify Spinnaker International,The Corps,Wilson of licensing or through mergers and experience in this field of expertise. James and Wyeth Pharmaceuticals acquisitions.This could result in a Membership of an institute or industry consolidation of the remaining suppliers, association may not be the only Together we have produced this business creating a serious vulnerability in supply recommendation one should seek. For briefing on purchasing from the security chains within this sector. example references from former clients may services sector to alert both security services be a preferred way of qualifying the provider. and P&SM professionals of the common Despite the important role security plays, aspects of good practice when it comes to there has been no regulation to control those Research conducted by PRCI has shown that buying security services. In the wake of recent who work in the security industry and there there is sometimes a gulf between the views legislative changes there has never been a has only been voluntary standards to which of security professionals on the one hand and better time for such a document. organisations worked.This has made it procurement professionals on the other.The

4 Introduction to Purchasing Security

security professional’s view of procurement Roy Ayliffe, FCIPS, Director of Professional highly unlikely. professionals is that due to a lack of Practice at CIPS says: In financial terms, membership of ACS is understanding of either the legislation or “Procurement professionals will welcome the only marginally more expensive than practice in the security world they are advancements the security sector has made. achieving ISO 9001 and the relevant British ignoring good quality security provision in Whilst security providers may be ACS Standards, perhaps one or two pence per search for the lowest price. On the other hand accredited and a level playing field is hour on top of this cost.This is a fraction of the procurement professionals view security achieved within the market, procurement the more significant costs of licensing, professionals as unimaginative and all too professionals will need to satisfy themselves namely the extra process costs (recruitment, willing to work for low wages. Clearly this that the validity, scope and relevance of the training, licensing processing, licence fee) creates an impasse.An objective in producing ACS is rigorous.This also applies to and of course wage inflation. ” this guide is to bring the security profession assurances of any examination to achieve and the procurement profession closer, thus ACS accreditation is a rigorous one.At the 4. What does good procurement reducing the gulf in opinions, it is hoped that end of the day, it is the procurement practice look like? when security providers meet procurement professional's organisation at risk if Procurement is not an activity undertaken in professionals in a commercial situation a unapproved security providers are found isolation.Within business, procurement has meeting of minds will occur as opposed to supplying services. ” become a cross functional activity involving the most common adversarial type approach. many people. Those people will be engaged Stuart Lowden, Managing Director, Wilson and influential at different stages within the 3. The Approved Contractor Scheme James says: procurement process. (ACS) “The Approved Contractor Scheme has been Professionals who work within and alongside advertised as the new benchmark of quality However, before any procurement activity the security industry have for sometime been for the security industry. However, there are commences it is important that all the people calling for regulation within the security some who would argue that the NSI Gold involved in the process know and understand sector.As a result of such calls which included qualification and BSIA entry criteria are just the current risk profile for their organisation a public consultation period we have now as important if one is seeking a reliable and adopt a strategic approach to buying seen the introduction of the Approved security provider.In fairness, it is still too security. Contractor Scheme (ACS).According to the early to assess the relative merits of each set SIA the ACS is seen as a hallmark of quality of qualifications.The ACS is still in its By adopting a strategic approach it will move that will enable buyers of security services to infancy so some caution should be exercised security away from merely reactive responses distinguish between potential suppliers before accepting this stamp as a guarantee towards the proactive protection and quickly, accurately and objectively. of quality. However, once the inspection enhancement of tangible and intangible assets. regime is in force (anticipated to start in This will elevate security to become an To date the ACS has received positive acclaim September 2006) the stamp will become an essential component of a robust risk from both security and procurement increasingly meaningful one. management system that is fully integrated professions; both professions must continue to It should be recognised that none of the and aligned with the organisations overall work together to encourage success and qualifications, whether ACS, NSI Gold or mission and strategy. remove from the market any potential rogue BSIA membership, are set at the ‘best traders. In addition some indirect benefits to practice’ level, this would be commercially be derived from such licensing include for and operationally unrealistic.They instead example security providers being able to represent practice at a recommended create innovative services built around the minimum level, one that may be acceptable needs of clients and technology, and this to some buyers but not to others.Those collaboration will help enhance relationships buyers seeking a higher quality service between both professions. would be advised to use current standards, including ACS, as a base point only. Below are some comments from professionals This position may change if the SIA in both camps on the introduction of the ACS. decides to raise standards within the ACS in the future. However, given the Government’s current move towards reduced regulation, an immediate raising of the bar seems

5 Introduction to Purchasing Security

Fig 1 Kraljic Matrix (1983) Exploit Balance Diversify • Strategic items; further analysis will be required in this area and recommendations would be to plot the buying strengths against the strengths in the security market where three basic power positions will be identified and then associated with three different supplier strategies: balance, Leverage Strategic exploit and diversify.

The idea behind the Kraljic matrix is to Profit Impact High Profit minimise supply risk and maximise buying power.A security provision could feature in any of the four dimensions highlighted above. It is the analysis that emerges from this diagnostic tool that will define what approach is taken when looking at the purchase of a security provision.

Acquisition Bottleneck 4.2. Defining the requirements Once you have a detailed understanding of

Profit Impact Low Profit your organisations risk profile and before you approach a security provider it is important that you define your particular requirements Low Supply Risk High Supply Risk and the objectives for the security service or system you need to acquire. Defining the 4.1. Building a risk profile (See Fig 1).This matrix remains the foundation requirements is one of the most important All of the people involved in the buying of to procurement strategy for many elements of the procurement process and security need to identify key security risks and organisations in many sectors. should be undertaken carefully and with the assess their own organisations ability to absorb support of a cross functional team. If your and manage such risks.The first step forward, This particular matrix will enable procurement organisation has many buildings and sites it is taken by them or by engaging specialist help, professionals to understand security services highly likely they will all have different is to build a risk profile of the specific threats across two dimensions: profit impact and security needs. and risks faced by the organisation. Some of supply risk (‘low’ and ‘high’).The result is a the key factors that should be considered and 2x2 matrix and a classification in four The specification plays an important role in perceived as good practice in risk analysis are: categories: bottleneck, non-critical, leverage communicating your requirements to security • The level of security risks one can afford to and strategic items. Depending upon where providers. When this specification is prepared assume in an expanding market security services may fit within this portfolio it there will be a natural tendency to relate it to • The level of security needed to control the will require a distinct approach: current security measures and staffing levels, risks encountered • Acquisition items; will require efficient this is a common error amongst procurement • The appropriate measures to monitor risks processing, product standardisation, order professionals.The result is that the in relation to the level of risk exposure that volumes and inventory optimisation. specification becomes too prescriptive and is considered appropriate and acceptable • Leverage items; allow the buying subsequently a lack of innovation is • A risk mitigation and recovery strategy that organisation to exploit its full purchasing introduced into any future proposal submitted is cost effective. power, for instance through tendering, as a result of an Invitation To Tender (ITT). target pricing and product substitution. The building of the security risk profile is just • Bottleneck items; can cause significant This particular stage should be seen as an one element of the overall risk profile. problems and risks which can be handled opportunity to start your review with a blank Procurement professionals at this stage should in numerous ways, volume insurance being sheet of paper and work out the appropriate now be considering the use of a number of just one, vendor control and back up plans level of security for your organisation, diagnostic tools, such as the Kraljic Matrix are others. irrelevant of the nature of the business.There

6 Introduction to Purchasing Security

is a need to balance conflicting factors such as ii. We have already identified the importance b. The Commercial offering potential risks to your business, site of cross functional teams and it is • Supplier’s profitability accessibility and achieving value for money. important to remember that facilities • Expectations versus requirements For example, if your organisation is in the management personnel often administer • Quality of service and product financial services sector, it would be the security provision for their organisation • Knowledge transfer reasonable to expect security staff to go and it is becoming increasingly important • Terms & conditions through the most rigorous security checks and that the prequalification and supplier • Price it may be necessary for the organisation to selection is undertaken with this fact in • Continuous improvement consider a comprehensive security assessment. mind.As with most functional areas within • Level of risk. Cross functional teams, given the the organisation, facilities management will responsibility for the security provision need often have an overarching strategy that will c. Contract management to understand potential vulnerabilities that at the very least need to be taken account • Contract structure and skills of the can arise in specifying a security provision for of. management team their organisation.These typically will include: • Technical knowledge • Inflated costs iii. There are legal aspects which also need to • Management information • Increased staff costs be considered.A propos the legislative • Supplier development • Risk or exposure to the organisation changes within this sector procurement • Resource availability • Not incorporating the cost of professionals will not only need to trawl • Technical support. maintenance/management the marketplace but also seek advice from • Inaccessibility to Police and Emergency organisations such as BSIA and TSI who are In essence, procurement professionals should External Agencies. the principle agencies within the UK able be trawling the marketplace ‘desperately to offer advice regarding the credentials of seeking SUSAN’ Moreover, it is essential that in considering a security provider. • Superb supplier their options, cross functional teams consider • Unconditional trust a variety of security measures that will deliver iv. As mentioned above many security • Security of supply your key objectives as well as understanding if providers feel that procurement • Adaptable and flexible suppliers the planned security provision conflicts with professionals purchase security based on • No surprises!! any other security measure already in place. cost alone.This may be an appropriate methodology if the buying organisations 4.3. Prequalification and supplier selection strategic intent is cost leadership and the There are many issues to be considered in the market conditions suit and the only prequalification and supplier selection phase. differentiator being offered by the The most critical are detailed below. competition is cost. However, supplier selection and prequalification should be i. Supplier selection is difficult when an extended beyond the parameters of cost organisation is purchasing services such as and should feature some of the following: security provision. Procurement professionals may attempt to quantify the a. The security provider’s company differentiators of a potential supplier that • Their strategy, vision and objectives makes them different from the herd. And • Their culture, philosophy and policies before any progression is made in this • Financial profile phase procurement professionals need to • Range of services establish what objectives are to be • Track record achieved by acquiring the security • Capacity planning. services. Do they want an ‘Entente Cordial’ or an ‘Unholy Alliance’? Whichever is decided upon the procurement process needs to be approached with this in mind.

7 Introduction to Purchasing Security

4.4. The Contract Fig 2 Table of Boilerplate Clauses The challenge faced by the parties who are Insolvency & Bankruptcy Force Majeure trying to formulate a contract is due to the Confidentiality Intellectual Property constant changes that take place within Data Protection Publicity legislation in the UK the EU and further a Waiver Termination for Breach field.This puts pressure on both procurement Terms of Payment Time of the Essence and security providers to contribute to their Notices Entire Agreement organisation’s commercial standing, or in Dispute Resolution Assignment and Subcontracting some cases survival. In turn this brings an Statutory Regulations Health & Safety ever increasing requirement to understand Law No Third Part Rights and negotiate terms and conditions of Severance Agency contract that will protect their own Environment Conflicts of Interest organisation’s interests and objectives. Fraud Competition Law Discrimination Transfer of Undertakings When both parties engage in negotiating a (Protection of Employment) TUPE contract for security provision careful consideration will need to be given to the clauses used in the contract.The clauses and bankruptcy of the defaulting party since “A well dressed buyer goes into a care dealer recommendations shown below can be used damages could be unlimited. to order a new car.He gives the car as standards known as ‘boiler plate’clauses salesman an enormous sum of money and which are embedded in many forms of Therefore, it is in the interest of both the says, “Select the best car you have and commercial contract such as distribution procurement and the security professional to deliver it to me next week”.The buyer agreements and contracts for the supply of establish at the very least some basic quickly signs a blanket purchase goods and services. protection in the eventuality of an un- authorisation and leaves, confident that he resolvable dispute or justifiable claim for impressed to the sales person that he expects These are the additional provisions which damages. Ultimately resolution is best the best car money can buy.The following usually appear at the end of an agreement. achieved when both parties can discuss the week the buyer returns to pick up his car. They are not the substantive clauses in a problems face to face. The salesman greets him and escorts him to contract such as A sells goods or services to B his new car.It is a shiny red, factory fresh or the warranties and obligations of the 4.5. The Service Level Agreement (SLA) mini.Aghast, the buyer exclaims, “This is not parties. It is important to ensure boiler plate Service Level Agreements (SLAs) are integral in what I ordered. I paid for the best car money clauses are compatible with the remainder of making relationships with suppliers work, can buy!”The salesperson calmly says, “That the contract. Additionally specific legal advice especially outsourcing arrangements such as a is exactly what you have, sir.The mini is should be taken for individual circumstances. security provision.The purpose of the SLA is fuel efficient, can fit in any parking space, is to define the scope of the security provision, nimble, and peppy to drive and will get you Generally business is conducted on a goodwill identify performance objectives for the to your destination as quickly as you could basis, as the provider will be looking for future delivery of the security provision, and in a larger car, assuming you stay within the business and the procurement professional document the business units and individuals speed limit.” will expect their security requirements to be within those business units who are executed in a prompt and effective manner. responsible for meeting SLA conditions. In Buying security services works in much the As disputes can arise in all manner of ways effect, the SLA clarifies the interpersonal and same way as in the analogy above. It is the strict adherence to the contract forms the operational working relationships between obligation of the procurement professional to ground rules with which such disputes can be the client organisation and its security specify the exact delivery requirements and discussed and resolved. If both parties have provider. It would be a serious risk to both the SLA is the right tool for doing this as it failed to establish and agree the terms of the parties entering into a security provision avoids ambiguity. Because all relationships are contract that will deal with the resolution of agreement to not develop an SLA. unique, SLA’s will differ.The following are disputes the business transaction for the recommendations of what should be covered security provision would be conducted under in the SLA: common law. In a worst cases scenario, default could result in the insolvency or

8 Introduction to Purchasing Security

• Business objectives and objectives of the a. Documentation e. Service quality SLA • Management information support, • To ensure that key, access control and • Procedures for updating the SLA including the monitoring of external data CCTV procedures are monitored in • Responsibilities of the supplier on regional threats and advising on an accordance with the guidelines laid down • Responsibilities of the client organisation appropriate course of mitigating actions in your organisation, including all relevant • Performance reviews: systems, frequency of • To ensure that compliance information is legislative requirements reviews provided in accordance with your • All buildings are opened and locked down • Problem management organisations risk management process in accordance with assignment instructions • Security management • All documentation related to the operation • Uniforms must be worn correctly in • Setting priority or severity levels of security at your organisation is correct accordance with assignment instructions • Service level incentives and penalties and up to date at all times eg key register, • Faults are attended to appropriately within • Key Performance Indicators or swipe cards operating instructions for time limits specified. performance metrics. systems, image management control. f. Commercial management 4.6. Key Performance Indicators (KPIs) b. Customer interfaces • All costs are in budget Detailing the correct KPI levels are critical to • To ensure that assignment instructions are • Does the security provider proactively the success of ensuring that the client reviewed with the client organisation on a liaise with the procurement professional to organisations expectations are clearly defined monthly basis reduce costs and ensure all cost and and that the security provider understands the • Contract manager or deputy is fully efficiency savings targets are either standards by which their performance will be empowered to make decisions relating to achieved or exceeded before the target appraised. KPIs are unique to each the operation of the security services dates? organisation, but should be subject to change including recruiting and removal of staff • Can the security provider process claims in during the life of the contract. • Do all security personnel remain customer a timely manner? focussed at all times? • Are systems designed to remove Procurement professionals should develop unnecessary running costs or maintenance? organisation specific KPIs that help enhance c. Innovation & improvement the value that a security provision offers. • Submissions of proposals for future There are more areas that security can be Above all procurement professionals should security innovation benchmarked, eg health & safety, installation, avoid adopting standard KPIs already • Culture, does the security provider drive an commissioning and decommissioning of developed by other organisations. improvement culture? security equipment, project management and Procurement professionals can use standard • Remedial actions, does the security so on.The list is endless; however, it is KPIs as a way of benchmarking or base lining provider demonstrate effective remedial important to choose those which fit with the not only a current security offering but action processes, or are there frequent objective of the purchase. another organisations security provision. repetition of problems. Below are some KPIs that have been used by a variety of organisations to measure or d. Skills, competencies & training benchmark the performance of a security • Daily scheduling and reconciliation provider: • All officers including support officers are correctly trained to perform their duties and are courteous at all times • Officers including support officers are fully aware of and compliant with procedures within assignment instructions • Service engineers are trained and qualified to maintain and recommission systems.

9 Introduction to Purchasing Security

5. Hints & Tips 10.Ensure that any KPIs chosen are agreed i Source:The Security Industry Authority This section of the document aims to help and are both relevant and proportionate to Corporate Update, Summer 2006 you plan buying security services for your the security provision being delivered. ii Source: Quote from Roy Ayliffe, FCIPS, organisation. Director of Professional Practice, CIPS 6. Conclusion iii Source: Quote from Stuart Lowden, 1. Develop a cross functional team.This In a recent survey Forrester Research asked Managing Director.Wilson James should be identified through undertaking 1,900 “decision makers” in North American, iv Source:Adapted from an IPSERA 2001 stakeholder analysis, and requires European, and Asian Pacific enterprises to conference research paper titled representation of all the relevant business prioritise their organisations' major ‘Advancements in the use of a purchasing functions in your organisation. technological requirements for the next portfolio approach’ authors; Kees decade. In all three regions, upgrading Gelderman,Arjan van Weele 2. Build a risk profile.This is the responsibility security, specifically its technological aspects v Source:Adapted from a research paper of the cross functional team, it is important emerged as the top priority, emphasising the titled Strategic Analysis Report by to ensure that the risk profile considers the importance business leaders are placing on S.Hawkins organisational strategy to ensure no ensuring their organisations are protected in vi Source: Forrester’s Security First Look misalignment occurs. what is becoming an increasingly problematic Newsletter dated 6th July 2006 business world (28 per cent of firms cited the 3. Procurement professionals will need to initiative as critical). undertake a risk analysis that investigates the level of supply risk in the market place Respondents from China and Germany/Austria and the profit impact within the business are the most focused on making significant (Kraljic 1983). upgrades to their security environment; 43 per cent and 40 per cent of decision-makers in 4. Define your requirements. Do not be so these countries, respectively, rank it as a prescriptive in your definition that it stifles critical priority. Interestingly, the respondents any innovation that a security supplier may least likely to see security as job one in 2006 bring. were those from the United Kingdom. Only 14 percent of UK respondents deemed upgrading 5. Try not to place too much onus on your their security environments a critical priority. current security provision. Look for a solution that best protects your This document intends to provide insight into organisation. It’s ok to change things! recent legislative changes within the private security industry and has been written with 6. Make certain that any security suppliers both the security professional and invited to tender have the ACS procurement professional in mind. Both accreditation or you have satisfied yourself parties will hopefully develop knowledge on that they meet alternative standards. what good procurement practice looks like and what considerations need to be taken 7. Ensure that any criterion used to select account of in the provision of a security suppliers extends beyond cost benefit. service for their organisation. If this product enables dialogue between the procurement 8. Make sure that all clauses reflected in the professional and security professional then it contract are relevant to the security will have achieved its objective. provision being delivered.

9. Pay particular attention to the SLA. It is integral to the success of the delivery of the security provision. Ensure that the SLA covers issues such as: objectives, responsibilities and performance reviews.

10 Introduction to Purchasing Security

Useful websites Authors & Acknowledgements www.bsia.co.uk This publication has been co-authored by www.the-sia-org.uk Darren Ford, MCIPS & Professor Martin Gill www.cips.org www.ipsa.org.uk Darren Ford, MCIPS, is a professionally www.nsi.org.uk qualified Senior Procurement Specialist at the www.ssaib.org Chartered Institute of Purchasing & Supply. www.securedbydesign.com Darren can be contacted at www.brecertification.co.uk [email protected] www.jsic.org.uk www.locksmiths.co.uk Martin Gill, PhD, is Director of Perpetuity www.appss.org.uk Research and Consultancy International (PRCI) a spin out company from the University of Leicester where he is a Professor of Criminology. He has published widely (12 books and over 100 articles) and has recently edited the Handbook of Security. He is a Fellow of The Security Institute, a member of the Risk and Security Management Forum, the Company of Security Professionals (and therefore a Freeman of the City of London), he is Chair of the ASIS Research Council and an overseas representative on the ASIS International Academic Programs Committee. Martin can be contacted at [email protected]

Both authors would like to thank colleagues and all those who helped to produce this publication

11 Introduction to Purchasing Security

Questions & Answers What are the benefits of using accredited “We turned down the lowest quote because it suppliers? was suspiciously low. It was significantly lower How do I clearly identify and communicate There are many different types of than the rest and not sustainable. It was a my security requirements? accreditation for the security industry and good call because we later found out they were Firstly it is essential to undertake a risk sometimes it can be difficult to understand being sold and just wanted a big portfolio to assessment and an audit of current security what they all mean.. Depending on the make them an attractive acquisition.” provision to facilitate the development of a accreditation body concerned, these benefits clear security strategy. This will then aid the can consist of:- Should you check what is claimed on the development of the specific requirements Accountability, the company is answerable tender response? that will need to be communicated in the to an organisation regarding its conduct and It is always advisable to verify any claims tender document.. It is important that the standards of products and services made in a tender response document, supplier identifies key questions in the tender Quality, the company has demonstrated that especially if a supplier is unfamiliar to you,. document and discusses them with the quality products and services are central to its Non verification of claims made in tender security provider. who will welcome the ethos by complying with quality standards via responses can lead to some potential opportunities to clarify your priorities. independent inspection consequences for service levels, cost, quality Suppliers often report that some tender Standards, compliance with, and etc when the information presented is not documents include lots of questions that look contribution to, the formation of standards entirely accurate. The Security Industry like they apply to a different tender or a Viability, the company has demonstrated that Authority has recently introduced an separate piece of work; be sure to include it has adequate insurance provision and a Approved Contractor Scheme, and those only those that are relevant. If you are sound financial history, companies who are ‘approved’ are required to tendering for security products rather than Informed, the company receives timely maintain minimum standards which may help services then it is especially important to information on developments in the industry determine quality. specify exactly what you want the equipment that may affect their clients to do. Providers note that sometimes the Networked, the company has the “Now much depends on who you are up specification is loose and this enables some opportunity to interact with other members against, this is what really bugs me. If you suppliers to quote for equipment that will do and form strategic partnerships, are up against a credible company, fair the job but is not the best available. It is Assurance, the client receives peace of mind enough, but often you have people who always important to understand what outputs when using an accredited company cannot do the job but promise the earth to you want from security, some suppliers note get the contract. If price is the only issue we that they do not feel P&SM Professionals are Are those who quote the lowest price will never beat them so it is just not worth always entirely clear.The tender process capable of delivering the contract? it.Trouble is clients just will not tell you who should enable suppliers to ask questions and If a quote comes in very low, the buyer must you are up against.” offer constructive advice.As one respondent question why. Is the supplier cutting wages, noted: offering fewer benefits or less training? If so How do I manage sanctions as well as this may impact on the supplier’s ability to incentivising my supplier? “There are some (buyers that) are sloppy deliver the contact to the quality desired. It is Poor services by the supplier may require about buying security. It is not part of their because the client organisation is particularly sanctions but it is important to remember that main job, they don’t understand security. prestigious and are they prepared to lose some schemes can impact directly on security How many companies say they want CCTV profit to get this one job? Or are they simply staff.At the same time exceptional service and then go to a supplier and say can I have very efficient and cost effective? If so they deserves personal recognition and provides an CCTV please? Many don’t understand the probably are capable of the delivering the opportunity to reward accordingly. In manned benefit of what a good CCTV system can do. contract adequately. guarding, linking a bonus to exceptional staff It protects your business, your assets, your performance can motivate people and workforce, reduced staff turnover, reduced The key is, when a quote is low, ask why and generate very positive benefits. However,, insurance.” make an informed decision from there. One problems can and will occur and so it is procurer interviewed during the research important that there is a good understanding noted: between both supplier and client so that problems can be addressed speedily and to mutual satisfaction.

12 Introduction to Purchasing Security

“We don’t support penalties.We’re here to result in a patchy and inconsistent service “The specification may say I want someone make partnership work and you don’t do which can be expensive. here for this many hours is one type. If it is that by throwing around penalties. another which says keep the buildings safe Penalising doesn’t help and if it [the How can I determine the budget for from marauders. (this) enables security to partnership] is not working you just have to security operations? come up with alternative solutions, the first get rid of them.” A good risk assessment and an analysis of how one does not.” the risk can be mitigated can provide a case Suppliers have advocated always including an How do I use Key performance Indicators - for determining the necessary funding of the invitation to offer alternatives. However it is KPIs? total security operation. important to think through how you will KPIs need to be linked to the value that a make use of this information. Employing an security service can bring and how it What are the disadvantages of online independent security advisor is one mitigates the risk, hence the importance of a auctions for security? possibility. Part of the difficulty for suppliers is good risk assessment and clarity about Discussion of this issue generates some that they are thwarted from providing security strategy and objectives.Where you forthright opinions. Some providers believe innovative suggestions because P&SM know what you want, it is a good idea to online auctions offer a good way of ensuring Professionals often state they will circulate include KPIs in your tender documentation; it that the best price is obtained. On the other this information amongst all those who have can help suppliers to respond more hand, others feel that it results in people been invited to tender; no company can afford appropriately.There should be a second stage cutting costs to win the contract without to give away its secrets. of defining KPIs once the contract has been thinking through the impact on service awarded, this should evolve from joint provision. Still others pointed to the fact that The aim of this document is to help you discussion and should stretch the supplier and effective security depends on partnership and understand the complexities involved in the be based on achievable activities, that where therefore building a rapport via face to face buying of security services.There are a few possible, can be independently measured. It communication is crucial. additional points that may be helpful. should be considered whether you are using tangible or intangible KPI’s – for example; How do I see through the sales pitch? • Ensure that you provide clarity on what having a full staff complement to meet the A good tendering process can assist with this. your security needs are, what factors and performance requirements is tangible; For example in the tender documents some issues you consider the most important responding in 3 minutes to an alarm is P&SM professionals will require suppliers to and your expectations of your security tangible. Intangibles can create grey areas and go beyond merely stating what services or provider. here Service Level Agreements can be helpful products they could offer and will often to clarify what is required. Some suppliers require evidence of their ability to provide a • Some companies routinely go out to noted that P&SM Professionals could helpfully good service in the form of client references. tender, even when they are happy with a ask what factors were critical to the It is also advisable that the P&SM professional supplier; they use it as a way of successful delivery of the contract; it helps to should insist on meeting the individual that benchmarking their costs. However asking focus the minds of both parties. will become their account manager; they will other P&SM professionals may be a quick also benefit from speaking to the person in and easy way of getting good data. Why is an overarching security strategy charge of operations not just the sales staff or important? the managing director. • Consider the use of independent A security strategy, which may include many consultancies to assess the problem and aspects of risks to the bottom line, can be How detailed should a tender specification prepare the tender document and advise quite broad, but its existence is vital for be? you on it throughout.This way you can be suppliers for at least two reasons. First, There are at least two schools of thought sure that you get the proper sort of suppliers can see how they are expected to here. One is that the tighter the specification investment in security, that is proportionate contribute to the overall plan as well as the easier it is to compare the tender to your threats and your company. identify the scope for complementing other submission from different suppliers.The other services. Second, it provides the framework is that specification stifles innovation. For • It is worth noting that suppliers stated that within which the buyer can assess the value example, some companies noted that they the culture operating in your company has of the supplier’s specific contribution to the wanted to offer the client an alternative to the a major impact on the effectiveness of overall security objectives and it can help one specified but there was no opportunity, security, as security officers spend most of identify any gaps. A lack of a strategy can due to the tight specification. For example: their time at your place of work.

13 Introduction to Purchasing Security

14

Easton House, Easton on the Hill, Stamford, Lincolnshire PE9 3NZ, UK Tel: +44 (0)1780 756777 • Fax: +44 (0)1780 751610 • Email: [email protected] • Web: www.cips.org