SLAs - Read the fine print

July 2018 Editor's Choice, Security Services & Risk Management

Consumers are wising up to the importance of a watertight contract that protects their investment and ensures uptime. A Service Level Agreement (SLA) or maintenance contract can either be an informal contract between parties or a legally binding contract. It is therefore a case of buyer beware. Hi-Tech Security Solutions takes a look at some of the questions around what an SLA should offer.

Rob Anderson
Rob Anderson

Rob Anderson of Adamastor says that the SLA is a loose term used to define a form of contract between the two parties. His approach is that the SLA should have the following information or sections to properly delineate the contract:

• The financial section that defines the amount of money that is paid for the service.

• The technical section that defines the equipment or systems that have to be maintained.

• The performance section that defines ‘What/When/Why/Where/How’ the maintenance is to take place.

• The section that defines what the client supplies and what the service provider provides. This will also cover the response times to attend to a problem.

• The contractual section that defines all the commercial and legal requirements of the contract.

Kevin Monk
Kevin Monk

Kevin Monk of Stallion Security adds that an SLA should always be driven by the client. It is the duty of the service provider or supplier to discuss the terms and conditions of the SLA to provide clarity on any ambiguous sections. In essence, the contents of the SLA will be determined by the client’s functional requirements. Some clients engage with consultants to acquire sound advice. Often, consultants will add penalties into the SLA in terms of its stated deliverables.

Monk continues that the SLA market, similar to the IT market, has evolved and the uptime of systems is measured, with penalties instituted when time periods, within certain reasonable parameters, are exceeded.

Massimo Carelle
Massimo Carelle

Massimo Carelle of KMR Group & Associates believes it is important to ensure that that liability is outlined in the SLA. If employees of the service provider are involved in criminal collusion then there must be liability in terms of this and fidelity insurance should therefore be a given.

Clients should know exactly what they are getting under the terms of the SLA. “Unfortunately clients are often romanced with sales jargon, which proves to be worth less than the paper it is written on. In some instances, providers claim after the fact they are unable to provide certain services discussed in initial meetings. Before a quote is issued, all elements and services to be provided to the client should be noted. In addition, the delivery times and time of response need to be included in the SLA,” says Carelle.

Other elements that need to be outlined include how the service provider or supplier intends to fulfil the needs of the client in terms of the means used and relevant timeframes. Furthermore, any guarantees and warranties should be detailed in the SLA.

It is acceptable to use the services of third parties or associates to undertake some of the functions outlined in the SLA, but this should be stipulated in the SLA and a separate SLA between the primary and secondary service providers should also be compiled.

“We have heard of instances where the security provider claimed to be able to do everything and when their third-party provider failed in their duties, the security company was held responsible by the client. It is therefore critical to ensure that the client is aware of where responsibilities lie and what liability is attached to all players,” says Carelle.

Pants on fire…

There is always the risk that service providers are replacing technology before its true life expectancy, thereby incurring unnecessary costs for the client. Monk says that the different disciplines of technology in security evolve at different paces, with some reputable alarm systems still functioning very well after 10 years of service. Typically, he says, in terms of surveillance equipment, one could expect to depreciate IP-based technology head end after three years since IT equipment such as servers and PCs follow the same depreciation trend. If one chooses to rent equipment, then a service contract for maintenance over the rental period would be appropriate.

Integrity, says Carelle, is the key factor here. Anderson agrees, adding that the market place is driven by the salesman in most cases. “We find that they tell the client that the equipment has a five-year lifetime and should be replaced every five years. We also find that there is often a drive to keep replacing equipment with the latest technology, even though the old equipment is still performing.

“The bottom line is that if the system is still working and there are only small failures, then maintenance will generally suffice. When the systems are not performing the task required or the risk profile demands new equipment, those are the indicators to upgrade. It should all come down to keeping the cost of ownership as low as possible to achieve the desired outcome.”

On guard

How does one ensure that the service provider’s guards are actually guarding and not just pretending to look busy? Carelle believes that the answer lies in using the right technology to monitor performance levels and duties performed according to schedules. Traditional systems do not work effectively, he points out, but a system like GuardTools allows users to set up inspections, patrols, audits and other security and safety processes that will provide them with real-time intelligence.

Every prescribed action a guard performs is stored on the cloud and he is forced to answer specific questions at each point and possibly take pictures. The key element here is that the guard is required to interact with the system, not simply tap his baton on a touchpoint on a wall or fence. He will therefore receive a very specific instruction, for instance to provide numerical values or report his GPS position.

Anderson says that it is critical that guards have very clear job descriptions for each post filled. Each post must also have clear tasks for the day and there has to be a regular supervision check on the performance of the tasks. “Many of the tasks given to the guards are twofold. To keep them vigilant and to get other tasks done, such as reporting on faulty lights, cleaners not arriving, plants not watered, and so on. These need to be clearly outlined to the guard.”

A two-tier philosophy is sometimes applicable, says Monk. Companies often implement this strategy and one should have the controllers in the control room employed by one service provider and the guarding service employed by another provider. By writing this into the SLA, there will be accountability from the two parties. Since there are different operational procedures involved for guards and technology, SLAs should also be different.

Conclusion

The compilation of an SLA from the moment of engagement with a service provider right through to the selection of a technology partner will provide the client with confidence that the technology partner is delivering the required service. Clients have become more discerning in terms of the duties performed and the level of reporting provided by service providers. It is not uncommon for clients to expect a monthly discussion on whether a provider is meeting the terms of the SLA, rather than waiting until the end of the contract to measure success.

Carelle advises end users to conduct due diligence on service providers rather than taking what the salesman says at face value. It is proven that cheap can often equate to unreliable so it is a good idea to ensure that the technology specified in the SLA is up to spec. With regard to security guards, PSiRA registration should be a given and regular criminal background checks should form part of the overall process. Ultimately, an end user should apply the same logic they use when buying a car or a house – consider all the features and ensure that the necessary certification is in place.

Anderson sums it all up by saying that there are two things that should be deemed non-negotiable:

• A high-quality, well-specified system.

• A well-defined and managed maintenance contract. By insisting on an appropriate maintenance contract, technology can be used to the full extent of its possible life.

For more information, contact:

• Adamastor Consulting, [email protected], www.adamastor.co.za

• KMR Group & Associates, [email protected], www.kmrgroup.co.za

• Stallion Security, [email protected], www.stallion.co.za



Credit(s)




Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

Is AI the game-changer for streamlining anti-money laundering compliance?
Financial (Industry) Security Services & Risk Management
In the aftermath of South Africa's recent grey listing, companies are now confronted with the imperative to address eight identified strategic deficiencies, while simultaneously reducing their financial crime risk through anti-money laundering compliance processes.

Read more...
What South Africans need to know about smart devices
Technews Publishing Editor's Choice
We live in a world surrounded by smart devices, from our pockets to our driveways and living rooms.

Read more...
Client satisfaction boosted by 85% at Thungela Mine
Thorburn Security Solutions News Security Services & Risk Management Mining (Industry)
Thorburn Security, a division of Tsebo Solutions Group, has announced its recent collaboration with Kwa-Zulu Natal security company, Ithuba Protection Services, as part of its Enterprise Supplier Development (ESD) initiatives across Africa.

Read more...
Migrating to the cloud? Beware the many hurdles
IT infrastructure Security Services & Risk Management
While there are undoubtedly many benefits, there are also numerous hurdles to cloud adoption. Some of the biggest challenges revolve around managing cloud spend, understanding the cost components of cloud infrastructure, and how those costs can scale.

Read more...
Key strategies for businesses in the face of cyber threats
Cyber Security Security Services & Risk Management
Businesses face severe financial and reputational consequences due to data breaches and daily website hacks, and not all organisations are adequately prepared to combat these escalating threats.

Read more...
From overwhelm to oversight
Editor's Choice Cyber Security Products
Security automation is vital in today’s world, and Microsoft Sentinel is a widely adopted, but complex answer. ContraForce is an easy-to-use add-on that automatically processes, verifies and warns of threats round-the-clock.

Read more...
Synology enhances functions for advanced surveillance integration
Technews Publishing CCTV, Surveillance & Remote Monitoring IT infrastructure Products
With the capability to function as both an API client and server, Surveillance Station offers a versatile platform for integration, whether it's embedding video streams into other platforms or overlaying external data onto recorded video.

Read more...
Planning for the worst is key to success
Technews Publishing Security Services & Risk Management
Planning for the worst is key to success when disaster strikes. Amidst frequent load shedding and often unpredictable stages of power outages, many businesses are concerned about the possibility of a total blackout.

Read more...
Protecting South African systems through XDR cybersecurity
Cyber Security Security Services & Risk Management
Carlo Bolzonello, Country Lead for Trellix South Africa, discusses how the country can protect its valuable digital assets through the artificial intelligence-enabled Extended Detection and Response (XDR) cybersecurity approach.

Read more...
SMART Surveillance Conference 2023
Technews Publishing Editor's Choice CCTV, Surveillance & Remote Monitoring Conferences & Events
Some people think the future is all about cloud technologies, but the SMART Surveillance conference demonstrated that AI is making edge surveillance much more attractive, over distributed sites, than ever before.

Read more...