SLAs - Read the fine print

July 2018 Editor's Choice, Security Services & Risk Management

Consumers are wising up to the importance of a watertight contract that protects their investment and ensures uptime. A Service Level Agreement (SLA) or maintenance contract can either be an informal contract between parties or a legally binding contract. It is therefore a case of buyer beware. Hi-Tech Security Solutions takes a look at some of the questions around what an SLA should offer.

Rob Anderson
Rob Anderson

Rob Anderson of Adamastor says that the SLA is a loose term used to define a form of contract between the two parties. His approach is that the SLA should have the following information or sections to properly delineate the contract:

• The financial section that defines the amount of money that is paid for the service.

• The technical section that defines the equipment or systems that have to be maintained.

• The performance section that defines ‘What/When/Why/Where/How’ the maintenance is to take place.

• The section that defines what the client supplies and what the service provider provides. This will also cover the response times to attend to a problem.

• The contractual section that defines all the commercial and legal requirements of the contract.

Kevin Monk
Kevin Monk

Kevin Monk of Stallion Security adds that an SLA should always be driven by the client. It is the duty of the service provider or supplier to discuss the terms and conditions of the SLA to provide clarity on any ambiguous sections. In essence, the contents of the SLA will be determined by the client’s functional requirements. Some clients engage with consultants to acquire sound advice. Often, consultants will add penalties into the SLA in terms of its stated deliverables.

Monk continues that the SLA market, similar to the IT market, has evolved and the uptime of systems is measured, with penalties instituted when time periods, within certain reasonable parameters, are exceeded.

Massimo Carelle
Massimo Carelle

Massimo Carelle of KMR Group & Associates believes it is important to ensure that that liability is outlined in the SLA. If employees of the service provider are involved in criminal collusion then there must be liability in terms of this and fidelity insurance should therefore be a given.

Clients should know exactly what they are getting under the terms of the SLA. “Unfortunately clients are often romanced with sales jargon, which proves to be worth less than the paper it is written on. In some instances, providers claim after the fact they are unable to provide certain services discussed in initial meetings. Before a quote is issued, all elements and services to be provided to the client should be noted. In addition, the delivery times and time of response need to be included in the SLA,” says Carelle.

Other elements that need to be outlined include how the service provider or supplier intends to fulfil the needs of the client in terms of the means used and relevant timeframes. Furthermore, any guarantees and warranties should be detailed in the SLA.

It is acceptable to use the services of third parties or associates to undertake some of the functions outlined in the SLA, but this should be stipulated in the SLA and a separate SLA between the primary and secondary service providers should also be compiled.

“We have heard of instances where the security provider claimed to be able to do everything and when their third-party provider failed in their duties, the security company was held responsible by the client. It is therefore critical to ensure that the client is aware of where responsibilities lie and what liability is attached to all players,” says Carelle.

Pants on fire…

There is always the risk that service providers are replacing technology before its true life expectancy, thereby incurring unnecessary costs for the client. Monk says that the different disciplines of technology in security evolve at different paces, with some reputable alarm systems still functioning very well after 10 years of service. Typically, he says, in terms of surveillance equipment, one could expect to depreciate IP-based technology head end after three years since IT equipment such as servers and PCs follow the same depreciation trend. If one chooses to rent equipment, then a service contract for maintenance over the rental period would be appropriate.

Integrity, says Carelle, is the key factor here. Anderson agrees, adding that the market place is driven by the salesman in most cases. “We find that they tell the client that the equipment has a five-year lifetime and should be replaced every five years. We also find that there is often a drive to keep replacing equipment with the latest technology, even though the old equipment is still performing.

“The bottom line is that if the system is still working and there are only small failures, then maintenance will generally suffice. When the systems are not performing the task required or the risk profile demands new equipment, those are the indicators to upgrade. It should all come down to keeping the cost of ownership as low as possible to achieve the desired outcome.”

On guard

How does one ensure that the service provider’s guards are actually guarding and not just pretending to look busy? Carelle believes that the answer lies in using the right technology to monitor performance levels and duties performed according to schedules. Traditional systems do not work effectively, he points out, but a system like GuardTools allows users to set up inspections, patrols, audits and other security and safety processes that will provide them with real-time intelligence.

Every prescribed action a guard performs is stored on the cloud and he is forced to answer specific questions at each point and possibly take pictures. The key element here is that the guard is required to interact with the system, not simply tap his baton on a touchpoint on a wall or fence. He will therefore receive a very specific instruction, for instance to provide numerical values or report his GPS position.

Anderson says that it is critical that guards have very clear job descriptions for each post filled. Each post must also have clear tasks for the day and there has to be a regular supervision check on the performance of the tasks. “Many of the tasks given to the guards are twofold. To keep them vigilant and to get other tasks done, such as reporting on faulty lights, cleaners not arriving, plants not watered, and so on. These need to be clearly outlined to the guard.”

A two-tier philosophy is sometimes applicable, says Monk. Companies often implement this strategy and one should have the controllers in the control room employed by one service provider and the guarding service employed by another provider. By writing this into the SLA, there will be accountability from the two parties. Since there are different operational procedures involved for guards and technology, SLAs should also be different.

Conclusion

The compilation of an SLA from the moment of engagement with a service provider right through to the selection of a technology partner will provide the client with confidence that the technology partner is delivering the required service. Clients have become more discerning in terms of the duties performed and the level of reporting provided by service providers. It is not uncommon for clients to expect a monthly discussion on whether a provider is meeting the terms of the SLA, rather than waiting until the end of the contract to measure success.

Carelle advises end users to conduct due diligence on service providers rather than taking what the salesman says at face value. It is proven that cheap can often equate to unreliable so it is a good idea to ensure that the technology specified in the SLA is up to spec. With regard to security guards, PSiRA registration should be a given and regular criminal background checks should form part of the overall process. Ultimately, an end user should apply the same logic they use when buying a car or a house – consider all the features and ensure that the necessary certification is in place.

Anderson sums it all up by saying that there are two things that should be deemed non-negotiable:

• A high-quality, well-specified system.

• A well-defined and managed maintenance contract. By insisting on an appropriate maintenance contract, technology can be used to the full extent of its possible life.

For more information, contact:

• Adamastor Consulting, [email protected], www.adamastor.co.za

• KMR Group & Associates, [email protected], www.kmrgroup.co.za

• Stallion Security, [email protected], www.stallion.co.za



Credit(s)




Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

Autonomous construction site protection
Editor's Choice Perimeter Security, Alarms & Intruder Detection
Ajax provides an autonomous security solution for a German construction site that is easy and flexible to install. It provides security against intrusions and theft via a 360-degree view.

Read more...
SMART and secure estates in Cape Town
Technews Publishing Axis Communications SA Gallagher DeepAlert Nemtek Electric Fencing Products Editor's Choice
In February 2024, SMART Security Solutions emigrated to the Western Cape to host its first SMART Estate Security Conference in the region in many years. For the day, we took over the prestigious D’Aria Wine Estate.

Read more...
Integrated, mobile access control
SA Technologies Entry Pro Technews Publishing Access Control & Identity Management
SMART Security Solutions spoke to SA Technologies to learn more about what is happening in the estate access world and what the company offers the residential estate market.

Read more...
New ransomware using BitLocker to encrypt data
Technews Publishing Information Security Residential Estate (Industry)
Kaspersky has identified ransomware attacks using Microsoft’s BitLocker to attempt encryption of corporate files. It can detect specific Windows versions and enable BitLocker according to those versions.

Read more...
SMART Estate Security returns to KZN
Nemtek Electric Fencing Products Technews Publishing Axis Communications SA OneSpace Editor's Choice News & Events Integrated Solutions IoT & Automation
The second SMART Estate Security Conference of 2024 was held in May in KwaZulu-Natal at the Mount Edgecombe Estate Conference Centre, which is located on the Estate’s pristine golf course.

Read more...
Using KPIs to measure smart city progress
Axis Communications SA Residential Estate (Industry) Integrated Solutions Security Services & Risk Management
United 4 Smart Sustainable Cities is a United Nations Initiative that encourages the use of information and communication technology (including security technology) to support a smooth transition to smart cities.

Read more...
Enhancing estate security, the five-layer approach
Fang Fences & Guards Residential Estate (Industry) Integrated Solutions Security Services & Risk Management
Residential estates are designed to provide a serene and secure living environment enclosed within gated communities, offering residents peace of mind and an elevated standard of living.

Read more...
Creating employment through entrepreneurship
Technews Publishing Marathon Consulting Editor's Choice Integrated Solutions Residential Estate (Industry)
Eduardo Takacs’s journey is a testament to bona fide entrepreneurial resilience, making him stand out in a country desperate for resilient businesses in the small and medium enterprise space that can create employment opportunities.

Read more...
From the editor's desk: Just gooi a cable
Technews Publishing News & Events
      Welcome to the 2024 edition of the SMART Estate Security Handbook. We focus on a host of topics, and this year’s issue also has a larger-than-normal Product Showcase section. Perhaps the vendors are ...

Read more...
Kaspersky finds 24 vulnerabilities in biometric access systems
Technews Publishing Information Security
Customers urged to update firmware. Kaspersky has identified numerous flaws in the hybrid biometric terminal produced by international manufacturer ZKTeco, allowing a nefarious actor to bypass the verification process and gain unauthorised access.

Read more...