SLAs - Read the fine print
July 2018, This Week's Editor's Pick, Security Services & Risk Management
Consumers are wising up to the importance of a watertight contract that protects their investment and ensures uptime. A Service Level Agreement (SLA) or maintenance contract can either be an informal contract between parties or a legally binding contract. It is therefore a case of buyer beware. Hi-Tech Security Solutions takes a look at some of the questions around what an SLA should offer.
Rob Anderson of Adamastor says that the SLA is a loose term used to define a form of contract between the two parties. His approach is that the SLA should have the following information or sections to properly delineate the contract:
• The financial section that defines the amount of money that is paid for the service.
• The technical section that defines the equipment or systems that have to be maintained.
• The performance section that defines ‘What/When/Why/Where/How’ the maintenance is to take place.
• The section that defines what the client supplies and what the service provider provides. This will also cover the response times to attend to a problem.
• The contractual section that defines all the commercial and legal requirements of the contract.
Kevin Monk of Stallion Security adds that an SLA should always be driven by the client. It is the duty of the service provider or supplier to discuss the terms and conditions of the SLA to provide clarity on any ambiguous sections. In essence, the contents of the SLA will be determined by the client’s functional requirements. Some clients engage with consultants to acquire sound advice. Often, consultants will add penalties into the SLA in terms of its stated deliverables.
Monk continues that the SLA market, similar to the IT market, has evolved and the uptime of systems is measured, with penalties instituted when time periods, within certain reasonable parameters, are exceeded.
Massimo Carelle of KMR Group & Associates believes it is important to ensure that that liability is outlined in the SLA. If employees of the service provider are involved in criminal collusion then there must be liability in terms of this and fidelity insurance should therefore be a given.
Clients should know exactly what they are getting under the terms of the SLA. “Unfortunately clients are often romanced with sales jargon, which proves to be worth less than the paper it is written on. In some instances, providers claim after the fact they are unable to provide certain services discussed in initial meetings. Before a quote is issued, all elements and services to be provided to the client should be noted. In addition, the delivery times and time of response need to be included in the SLA,” says Carelle.
Other elements that need to be outlined include how the service provider or supplier intends to fulfil the needs of the client in terms of the means used and relevant timeframes. Furthermore, any guarantees and warranties should be detailed in the SLA.
It is acceptable to use the services of third parties or associates to undertake some of the functions outlined in the SLA, but this should be stipulated in the SLA and a separate SLA between the primary and secondary service providers should also be compiled.
“We have heard of instances where the security provider claimed to be able to do everything and when their third-party provider failed in their duties, the security company was held responsible by the client. It is therefore critical to ensure that the client is aware of where responsibilities lie and what liability is attached to all players,” says Carelle.
Pants on fire…
There is always the risk that service providers are replacing technology before its true life expectancy, thereby incurring unnecessary costs for the client. Monk says that the different disciplines of technology in security evolve at different paces, with some reputable alarm systems still functioning very well after 10 years of service. Typically, he says, in terms of surveillance equipment, one could expect to depreciate IP-based technology head end after three years since IT equipment such as servers and PCs follow the same depreciation trend. If one chooses to rent equipment, then a service contract for maintenance over the rental period would be appropriate.
Integrity, says Carelle, is the key factor here. Anderson agrees, adding that the market place is driven by the salesman in most cases. “We find that they tell the client that the equipment has a five-year lifetime and should be replaced every five years. We also find that there is often a drive to keep replacing equipment with the latest technology, even though the old equipment is still performing.
“The bottom line is that if the system is still working and there are only small failures, then maintenance will generally suffice. When the systems are not performing the task required or the risk profile demands new equipment, those are the indicators to upgrade. It should all come down to keeping the cost of ownership as low as possible to achieve the desired outcome.”
How does one ensure that the service provider’s guards are actually guarding and not just pretending to look busy? Carelle believes that the answer lies in using the right technology to monitor performance levels and duties performed according to schedules. Traditional systems do not work effectively, he points out, but a system like GuardTools allows users to set up inspections, patrols, audits and other security and safety processes that will provide them with real-time intelligence.
Every prescribed action a guard performs is stored on the cloud and he is forced to answer specific questions at each point and possibly take pictures. The key element here is that the guard is required to interact with the system, not simply tap his baton on a touchpoint on a wall or fence. He will therefore receive a very specific instruction, for instance to provide numerical values or report his GPS position.
Anderson says that it is critical that guards have very clear job descriptions for each post filled. Each post must also have clear tasks for the day and there has to be a regular supervision check on the performance of the tasks. “Many of the tasks given to the guards are twofold. To keep them vigilant and to get other tasks done, such as reporting on faulty lights, cleaners not arriving, plants not watered, and so on. These need to be clearly outlined to the guard.”
A two-tier philosophy is sometimes applicable, says Monk. Companies often implement this strategy and one should have the controllers in the control room employed by one service provider and the guarding service employed by another provider. By writing this into the SLA, there will be accountability from the two parties. Since there are different operational procedures involved for guards and technology, SLAs should also be different.
The compilation of an SLA from the moment of engagement with a service provider right through to the selection of a technology partner will provide the client with confidence that the technology partner is delivering the required service. Clients have become more discerning in terms of the duties performed and the level of reporting provided by service providers. It is not uncommon for clients to expect a monthly discussion on whether a provider is meeting the terms of the SLA, rather than waiting until the end of the contract to measure success.
Carelle advises end users to conduct due diligence on service providers rather than taking what the salesman says at face value. It is proven that cheap can often equate to unreliable so it is a good idea to ensure that the technology specified in the SLA is up to spec. With regard to security guards, PSiRA registration should be a given and regular criminal background checks should form part of the overall process. Ultimately, an end user should apply the same logic they use when buying a car or a house – consider all the features and ensure that the necessary certification is in place.
Anderson sums it all up by saying that there are two things that should be deemed non-negotiable:
• A high-quality, well-specified system.
• A well-defined and managed maintenance contract. By insisting on an appropriate maintenance contract, technology can be used to the full extent of its possible life.
For more information, contact:
• Adamastor Consulting, email@example.com, www.adamastor.co.za
• KMR Group & Associates, firstname.lastname@example.org, www.kmrgroup.co.za
• Stallion Security, email@example.com, www.stallion.co.za