One of the largest line items in most corporate security budgets is expense for what I call "Security Operations" and what others may refer to as "guard force" costs. I am often amazed at the answers I get when I ask, "What metrics do you have for these activities?"
Typical answers include hours of training, turnover rates, compliance with state certification, rates of conformance to pre-assignment standards and guard tour checks. A deeper dive may reveal hours on patrol or hours of various post assignments.
I already know I’m paying for X hours of coverage. As a security manager, shouldn’t I expect to be told what these hours have yielded for me in terms of risks found and mitigated, and how customers were served?
Far too often, the only "metrics" people see are activity counts like hours of patrol or tours — nothing about what results are achieved with this costly time. Similarly, the number of training hours delivered is a "how much" statistic, when the important conclusion is about competence of performance, or "with what result?"
In a recent benchmarking survey, respondents rated "average hourly cost for contract guard services" third in a 12-item metrics poll. Since most contracts for these services tend to use a suite of typical requirements, hourly rates will only tend to vary on a geographic basis. The metric of interest in this contract space is the now-popular service-level agreement or SLA.
SLAs often focus on cycle times, because they are easy to measure. While critical in response times, fundamental guard force performance is more about service competence and proactive hazard mitigation. In addition to your typical SLA measures of training, turnover and invoice accuracy, consider the following:
• Adequacy of supervision (use a 1-5 ranking scale) derived from inspection, report review and customer feedback;
• SLA Performance — penalties and additives to fee;
• Percent of random post/site inspections finding all required security tasks being performed to specified standard;
• Percent of priority (define) calls for service with response to established standard of performance;
• Percent of dispatched incidents for which a response time goal was specified that met or exceeded that goal;
• Number of hazards, security defects, etc., identified and resolved per 24-hour period (focus of prevention and risk mitigation activities); and
• If you are a regulated entity with security standards, the identification and elimination of sanctionable defects is a key performance indicator worthy of consideration.
Communication center activities too often fall out of the measurement focus, and they perform a variety of critical functions. Accuracy around call-taking and caller prompting, dispatch and logging accuracy and responsiveness, and CommCenter staff knowledge of both routine and non-routine procedures are all measurable and reportable.
I have recently discussed my concerns about nuisance alarms in this space, but to repeat, logging and labeling every alarm event received as valid or invalid is essential. Across U.S. businesses, billions of alarm events are logged and responded to with no simple indication of cause. The result is multi-millions of dollars of wasted response time that should be better directed to real risk identification and management. If you depend on police response and have lots of invalid alarms, plan on discussions with the CFO who wants to bill your department for municipal false alarm fines.
Security operations, and officer performance measures in particular, are incredibly important indicators that must be on the CSO’s dashboard. I don’t care if we are talking about a proprietary organization or one totally staffed by vendors — these are our customer-facing first responders. Their performance can define the competence of the total security organization. That “guard” may be the only contact the average employee or visitor will have with your company.
You can have the best security technology money can buy, but if you put it in the hands of untrained, unprepared responders, then so much for that investment. You better be thinking about what defines results for this part of your security program.
George Campbell is emeritus faculty of the Security Executive Council (SEC) and former CSO of Fidelity Investments. His book, "Measures and Metrics in Corporate Security," may be purchased through the SEC Website. The SEC is an innovative problem-solving research and services organization that works with Tier 1 Security Leaders to reduce risk and add to corporate profitability in the process. A faculty of more than 100 experienced security executives provides strategy, insight and proven practices that cannot be found anywhere else. Through its pioneering approach of Collective Knowledge, the Council serves all aspects of the security community. To learn about becoming involved, e-mail email@example.com or visit www.securityexecutivecouncil.com/?sc=std. The information in this article is copyrighted by the Security Executive Council and reprinted with permission. All rights reserved.