Delivering security to specifications

Residential Security Handbook 2021: Smart Estate Living Editor's Choice

When security fails, someone gets the blame. Most often it is a guard or control room operator, or perhaps it’s a technical fault in which case there are more potential people to blame. But who is responsible for failed cameras or access control systems? Who is responsible when a guard is not where he/she should be or doesn’t do what he/she is supposed to do?

Most often, the fault can be traced back to the planning and strategy stage where the estate decides what they need, and where and what it needs to do (because all estates go through this process, of course). Even then, however, there is still the blame game in which someone or some people on the estate are blamed, and then there are also service providers (guarding companies, system integrators and installers) who can also feel the brunt of their client’s anger.

So where does the buck stop when it comes to estate security? The Home-Owners Association (HOA) or Body Corporate (BC) really bears the ultimate responsibility, but they are not experts and must therefore delegate the responsibility in the hopes of ensuring the same errors don’t happen again.

Lesley-Anne Kleyn, director of Kleyn Consulting, believes the buck stops with the combined team of the HOA and its chosen estate (security) manager. However, it is not as simple as this.

“This team might have inherited disparate physical security systems from the developer,” she explains, “yet it must effectively manage the service providers, which must offer guidance, maintain and improve what has been inherited.

“Furthermore, the individual members of the HOA and even the estate manager may have little risk, safety and physical security expertise, but are ultimately responsible for the safety of every resident.

The HOA and its chosen security manager is the pivot around which has gone before and what will come revolves.

“That pivot needs to get its ducks in a row. It needs to understand what it (really) currently has in place, and it must know where it is headed. But then, what does it do next?”

The importance of SLAs and SOPs

The Residential Estate Security Handbook, in its various editions, has often spoken of the importance of service-level agreements (SLAs) and standard operating procedures (SOPs). These, as noted in another article in this section, are critical for a successful security operation. The question is, however, are they really adhered to by service providers?

Lesley-Anne Kleyn.

In her experience, Kleyn says they are generally not adhered to, “but I find that in most instances, clients and providers are under the impression that SLAs are being adhered to. That is, until there is a crisis, at which point a different perspective emerges.”

She says the SLA must be specific about certain aspects of the service, providing clear guidelines as to how the service must be delivered. However, in practice, SLAs tend to lean toward being reasonably generic. There are various reasons for this, but Kleyn breaks in down into the following primary culprits:

• Clients and providers agree to service levels before taking the time to really understand the current state of the specific property’s physical security. Every estate is unique and so without an audit it will be difficult to apply a broad SLA to the specific challenges that are inevitably going to crop up on that estate.

• Similarly, when a start-up audit does take place, there is a tendency to leave that audit to the service provider. It makes financial sense to have the provider do a general survey as a value added service, rather than pay a consultant, but the service provider will typically lack the resources to be able to be thorough enough.

• More importantly, the ownership and understanding of the initial audit should really lie with the HOA and the estate (security) manager, if the intention is to be able to effectively manage service provision.

• It’s worth noting that, even after a good audit, and with a thorough SLA in place, the detail of the SLA can become lost in translation over the busy weeks, months and years of the contract itself. It is important to revisit SLAs regularly.

• Contracts and SLAs tend to be negotiated with the client by the senior sales representatives of the service provider, yet it is the middle operational management (such as guarding area managers and technicians) who are responsible for the actual outworking of those SLAs on the estate.

Nine times out of ten it will emerge that although copies of the SLA have been distributed by the provider to its various divisions, and even after start-up meetings have been held, a lot of the embedded knowledge about the client site (which provides context to every written point on that SLA) is held by the sales division and has not been communicated to operations.

• Then the biggest sin of estates and service-providers alike is that many generic SLAs are regurgitated by operations to be used from one estate to the next.

Measuring performance

As with almost any service, performance must be measured in a standard fashion if the results are to be reliably used in determining the efficacy of a security service. In reality, the buck does tend to stop at the estate (and/or security) manager’s door, which means these individuals need to be the ones measuring and managing their SLAs.

In Kleyn’s opinion, this should be handled in the following way. The estate manger should undertake a thorough audit of the physical security measures already in place and fully understand the results. Furthermore, it is imperative that his/her HOA has also completely understood where things stand.

“From that audit a clear, written security roadmap can be developed, which includes a continual improvement plan,” she explains. “That roadmap will become the estate’s compass, and it is from this the estate will be able to establish specific performance measures.”

By way of example

Kleyn offers a real-world example of how to avoid the blame game and get your security operation up to speed.

“I was asked to attend at an estate which had been expressing some frustration with the performance of its control room operators. Yet the team that I discovered onsite was a good calibre team and professionally managed. Here is what that audit revealed:

• The CCTV system itself had been re-setting regularly, due to an overloaded alarm stack. This re-set would cause the entire system to crash, creating anxiety for the controllers.

• The system integrator had not yet manged to find the underlying cause of the problem and had also not continually communicated between its technical division, its maintenance division and its manpower division charged with overseeing the controllers. Confusion reigned.

• Further investigation revealed that the overloaded alarm stack was being caused by a ridiculous number of nuisance alarms which had crept into the mix over time, due to poor CCTV change control procedures. So the control room operators figured out a way to ‘manage’ this problem by batch-clearing the alarm stack, and bypassing the normal workflow.

• I worked together with the system integrator – with its technical, maintenance and manpower divisions - to resolve the problem collectively. We started by re-calibrating the thermal cameras, implementing task settings correctly, stabilising some of the camera brackets and clearing vegetation. This reduced the nuisance alarms significantly, quietening down the chaos in the control room, reducing the alarm stack, solving the system re-set, and finally, enabling the control room operators to return to the good processes already in place, and get on with their jobs.

In this instance, the estate had been measuring the performance of its operators via the manpower division, based on the perception that manpower was at fault, where it should have been measuring the performance of the technical division which supports those operators, and measuring the performance of the system itself via the maintenance team. Only a thorough audit unearthed the real issues.

Back to basics

Hi-Tech Security Solutions asked Kleyn to summarise her advice for estates about to sign new security contracts or embark on technology and/or service upgrades. What are the critical steps in the preparation phase to ensure they can demand certain levels of service and performance – and get them? She summarised her answer in three steps:

1. A thorough audit of the security infrastructure, manpower, processes, Command and Control, and technology already in place. (Command and Control refers to the requirement of having a planned, structured and proactively administered and managed function in place that assumes overall accountability for the effective provision and maintenance of an estate’s security from an onsite control room. Command and Control is a presence, which enables the estate manager to fulfil his/her role.)

2. A formal risk determination.

3. The development of a written three- to five-year security strategy based on the results of the first two steps.</b>

“Most importantly, all three steps must be owned and driven by the HOA and the estate (security) manager,” Kleyn concludes. “Ownership should not be placed into the hands of any manufacturer, distributor, system integrator, guarding provider, IT provider or general installer within the security industry value chain.

“The written strategy then informs both the service standards and the measures which will be implemented to evaluate adherence.”

Kleyn Consulting is an independent risk, safety and physical security consultancy with experience in a range of verticals. Based in the Western Cape Winelands, Lesley-Anne travels across South Africa. Contact her on +27 64 410 8563 or at

Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

FortiGuard labs reports disruptive shift of cyber threats
Editor's Choice
Threat intelligence from the second half of 2020 demonstrates an unprecedented cyber-threat landscape where cyber adversaries maximised the constantly expanding attack surface to scale threat efforts around the world. Adversaries proved to be highly adaptable, creating waves of disruptive and sophisticated attacks.

The worst of times
Technews Publishing Editor's Choice
Cyber resilience in terms of people, processes and technology is where it’s at when it comes to prevailing in a world beset with cybercriminals.

Cyber trends for 2022
Editor's Choice
In the last six months, an organisation in South Africa was attacked on average 1737 times per week. This is more than double the global average (819) of attacks per organisation per week.

Cybersecurity for the board of directors
Editor's Choice
Bike-shedding is a common distraction in boardrooms, especially when discussing issues board members are responsible for, but don’t understand – like cybersecurity.

Cybersecurity is now a digital transformation imperative
Editor's Choice
New research from the IDC reveals cloud security is the number one priority for investment, 50 percent of South African business leaders are concerned with the consequences of security breaches.

Providing real-time visibility
Technews Publishing Editor's Choice
Comprehensive visibility is critical, but not always attainable without the support of a managed service provider dedicated to monitoring and securing your cyber environment around the clock.

Getting the basics right
Technews Publishing Editor's Choice
Cybersecurity is like any other discipline, you can’t start at the top, you need to get the basics right. Hi-Tech Security Solutions asks how to best do this.

Partnering to make South Africa more cyber secure
Editor's Choice
Cybersecurity professionals from the public and private sectors as well as academia have joined forces to establish the Cybersecurity Digital Alliance.

Turnstar ramps up countermeasures
Turnstar Systems Editor's Choice Access Control & Identity Management News Products
Turnstar has developed and patented an early warning and deterrent system which will alert security, and anyone nearby, of any attempt to place ramps over the raised spikes.

The state of the distribution market
ESDA (Electronic Security Distributors Association Bosch Building Technologies Dark Horse Distribution Elvey Security Technologies Regal Distributors SA G4S Secure Solutions SA Editor's Choice Security Services & Risk Management
The distribution industry has evolved over the years and its current challenges simply mean another change is in the wind, for those who can take the next step.