SLAs - Read the fine print

July 2018 Editor's Choice, Security Services & Risk Management

Consumers are wising up to the importance of a watertight contract that protects their investment and ensures uptime. A Service Level Agreement (SLA) or maintenance contract can either be an informal contract between parties or a legally binding contract. It is therefore a case of buyer beware. Hi-Tech Security Solutions takes a look at some of the questions around what an SLA should offer.

Rob Anderson
Rob Anderson

Rob Anderson of Adamastor says that the SLA is a loose term used to define a form of contract between the two parties. His approach is that the SLA should have the following information or sections to properly delineate the contract:

• The financial section that defines the amount of money that is paid for the service.

• The technical section that defines the equipment or systems that have to be maintained.

• The performance section that defines ‘What/When/Why/Where/How’ the maintenance is to take place.

• The section that defines what the client supplies and what the service provider provides. This will also cover the response times to attend to a problem.

• The contractual section that defines all the commercial and legal requirements of the contract.

Kevin Monk
Kevin Monk

Kevin Monk of Stallion Security adds that an SLA should always be driven by the client. It is the duty of the service provider or supplier to discuss the terms and conditions of the SLA to provide clarity on any ambiguous sections. In essence, the contents of the SLA will be determined by the client’s functional requirements. Some clients engage with consultants to acquire sound advice. Often, consultants will add penalties into the SLA in terms of its stated deliverables.

Monk continues that the SLA market, similar to the IT market, has evolved and the uptime of systems is measured, with penalties instituted when time periods, within certain reasonable parameters, are exceeded.

Massimo Carelle
Massimo Carelle

Massimo Carelle of KMR Group & Associates believes it is important to ensure that that liability is outlined in the SLA. If employees of the service provider are involved in criminal collusion then there must be liability in terms of this and fidelity insurance should therefore be a given.

Clients should know exactly what they are getting under the terms of the SLA. “Unfortunately clients are often romanced with sales jargon, which proves to be worth less than the paper it is written on. In some instances, providers claim after the fact they are unable to provide certain services discussed in initial meetings. Before a quote is issued, all elements and services to be provided to the client should be noted. In addition, the delivery times and time of response need to be included in the SLA,” says Carelle.

Other elements that need to be outlined include how the service provider or supplier intends to fulfil the needs of the client in terms of the means used and relevant timeframes. Furthermore, any guarantees and warranties should be detailed in the SLA.

It is acceptable to use the services of third parties or associates to undertake some of the functions outlined in the SLA, but this should be stipulated in the SLA and a separate SLA between the primary and secondary service providers should also be compiled.

“We have heard of instances where the security provider claimed to be able to do everything and when their third-party provider failed in their duties, the security company was held responsible by the client. It is therefore critical to ensure that the client is aware of where responsibilities lie and what liability is attached to all players,” says Carelle.

Pants on fire…

There is always the risk that service providers are replacing technology before its true life expectancy, thereby incurring unnecessary costs for the client. Monk says that the different disciplines of technology in security evolve at different paces, with some reputable alarm systems still functioning very well after 10 years of service. Typically, he says, in terms of surveillance equipment, one could expect to depreciate IP-based technology head end after three years since IT equipment such as servers and PCs follow the same depreciation trend. If one chooses to rent equipment, then a service contract for maintenance over the rental period would be appropriate.

Integrity, says Carelle, is the key factor here. Anderson agrees, adding that the market place is driven by the salesman in most cases. “We find that they tell the client that the equipment has a five-year lifetime and should be replaced every five years. We also find that there is often a drive to keep replacing equipment with the latest technology, even though the old equipment is still performing.

“The bottom line is that if the system is still working and there are only small failures, then maintenance will generally suffice. When the systems are not performing the task required or the risk profile demands new equipment, those are the indicators to upgrade. It should all come down to keeping the cost of ownership as low as possible to achieve the desired outcome.”

On guard

How does one ensure that the service provider’s guards are actually guarding and not just pretending to look busy? Carelle believes that the answer lies in using the right technology to monitor performance levels and duties performed according to schedules. Traditional systems do not work effectively, he points out, but a system like GuardTools allows users to set up inspections, patrols, audits and other security and safety processes that will provide them with real-time intelligence.

Every prescribed action a guard performs is stored on the cloud and he is forced to answer specific questions at each point and possibly take pictures. The key element here is that the guard is required to interact with the system, not simply tap his baton on a touchpoint on a wall or fence. He will therefore receive a very specific instruction, for instance to provide numerical values or report his GPS position.

Anderson says that it is critical that guards have very clear job descriptions for each post filled. Each post must also have clear tasks for the day and there has to be a regular supervision check on the performance of the tasks. “Many of the tasks given to the guards are twofold. To keep them vigilant and to get other tasks done, such as reporting on faulty lights, cleaners not arriving, plants not watered, and so on. These need to be clearly outlined to the guard.”

A two-tier philosophy is sometimes applicable, says Monk. Companies often implement this strategy and one should have the controllers in the control room employed by one service provider and the guarding service employed by another provider. By writing this into the SLA, there will be accountability from the two parties. Since there are different operational procedures involved for guards and technology, SLAs should also be different.

Conclusion

The compilation of an SLA from the moment of engagement with a service provider right through to the selection of a technology partner will provide the client with confidence that the technology partner is delivering the required service. Clients have become more discerning in terms of the duties performed and the level of reporting provided by service providers. It is not uncommon for clients to expect a monthly discussion on whether a provider is meeting the terms of the SLA, rather than waiting until the end of the contract to measure success.

Carelle advises end users to conduct due diligence on service providers rather than taking what the salesman says at face value. It is proven that cheap can often equate to unreliable so it is a good idea to ensure that the technology specified in the SLA is up to spec. With regard to security guards, PSiRA registration should be a given and regular criminal background checks should form part of the overall process. Ultimately, an end user should apply the same logic they use when buying a car or a house – consider all the features and ensure that the necessary certification is in place.

Anderson sums it all up by saying that there are two things that should be deemed non-negotiable:

• A high-quality, well-specified system.

• A well-defined and managed maintenance contract. By insisting on an appropriate maintenance contract, technology can be used to the full extent of its possible life.

For more information, contact:

• Adamastor Consulting, rob@adamastor.co.za, www.adamastor.co.za

• KMR Group & Associates, massimo@kmrgroup.co.za, www.kmrgroup.co.za

• Stallion Security, kevinm@stallion.co.za, www.stallion.co.za



Credit(s)




Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

Sustainability School opens for enrolment
Education (Industry) News Security Services & Risk Management
Three-part programme, first developed for Schneider Electric employees, is now available for free for companies worldwide. Attendees learn how to future-proof their businesses and accelerate their decarbonisation journeys.

Read more...
From the editor's desk: Get Smart
Technews Publishing News
      Welcome to the fourth issue of Hi-Tech Security Solutions for 2023, which is also the first issue of Smart Security Solutions. As noted in previous issues, Hi-Tech Security Solutions has been rebranded ...

Read more...
Accenture Technology Vision 2023
Editor's Choice News
New report states that generative AI is expected to usher in a ‘bold new future’ for business, merging physical and digital worlds, transforming the way people work and live.

Read more...
Economists divided on global economic recovery
Editor's Choice News
Growth outlook has strengthened in all regions, but chief economists are divided on the likelihood of a global recession in 2023; experts are concerned about trade-off between managing inflation and maintaining financial stability, with 76% anticipating central banks to struggle to bring down inflation.

Read more...
Success in business process best practices
Technews Publishing Kleyn Change Management Editor's Choice Integrated Solutions Security Services & Risk Management
This month we commandeer time with the woman who is spearheading our national conversation on Women in Security, Lesley-Anne Kleyn, to get to know the lady herself a little better.

Read more...
Security awareness training
Training & Education Security Services & Risk Management
It is critically important to have a security awareness solution that uses the limited time available to train effectively, and one that provides targeted education that is relevant to users.

Read more...
Technology to thwart solar panel thieves
Asset Management, EAS, RFID Security Services & Risk Management Products
A highly efficient industrial network is coming to the rescue of the solar industry, as solar panels, inverters and batteries are being targeted by thieves and threaten to destabilise the industry.

Read more...
Banking the unbanked comes with security risks
Financial (Industry) Security Services & Risk Management
As grim as it was, the pandemic of recent years and its resultant global economic crisis were a prime catalyst for record number of first-time bank users, the previously unbanked.

Read more...
Vulnerabilities in industrial cellular routers’ cloud management platforms
Industrial (Industry) Cyber Security Security Services & Risk Management
Research from OTORIO, a provider of operational technology cyber and digital risk management solutions, unveils cyber risks in M2M protocols and asset registration that expose hundreds of thousands of devices and OT networks to attack

Read more...
Smart Security Solutions
Technews Publishing Products
Stop by the Smart Security Solutions stand at Securex and discover the new rebranded Hi-Tech Security Solutions. Given the realities in the market we face today, effective security is no longer a silo ...

Read more...