Created by: George Campbell, Security Executive Council Emeritus Faculty member
One of the largest line items in most corporate security budgets is security operations, or guard force costs. I am often amazed at the answers I get when I ask, “What metrics do you have for these activities?”
Typical answers include hours of training, turnover rates, compliance with state certification, rates of conformance to pre-assignment standards and guard tour checks. A deeper dive may reveal hours on patrol or hours of various post assignments.
I already know I’m paying for X hours of coverage. As a security manager, shouldn’t I expect to be told what these hours have yielded for me in terms of risks found and mitigated, and how customers were served?
Far too often, the only metrics people see are activity counts like hours of patrol or tours — nothing about what results are achieved with this costly time. Similarly, the number of training hours delivered is a “how much” statistic, when the important conclusion is about competence of performance, or “with what result?”
In a Security Executive Council benchmarking survey, respondents rated “average hourly cost for contract guard services” third in a 12-item metrics poll. Since most contracts for these services tend to use a suite of typical requirements, hourly rates will only tend to vary on a geographic basis. The metric of interest in this contract space is the now-popular service-level agreement or SLA.
SLAs often focus on cycle times, because
they are easy to measure. Cycle times do critically impact response, but fundamental guard force performance is more about service competence and proactive hazard mitigation. In addition to your typical SLA measures of training, turnover and invoice accuracy, consider the following:
- Adequacy of supervision (use a 1-5 ranking scale) derived from inspection, report review and customer feedback;
- SLA performance — penalties and additives to fee;
- Percent of random post/site inspections finding all required security tasks being performed to specified standards;
- Percent of priority (define) calls for service with response to established standard of performance;
- Percent of dispatched incidents for which a response time goal was specified that met or exceeded that goal;
- Number of hazards, security defects, etc., identified and resolved per 24-hour period (focus of prevention and risk mitigation activities); and
- If you are a regulated entity with security standards, the identification and elimination of sanctionable defects.
“Far too often, the only ‘metrics’ people see are activity counts like hours of patrol or tours — nothing about what results are achieved with this costly time.”
Communication center activity is another critical area that too often falls out of the measurement focus. Accuracy of call-taking and caller prompting, dispatch and logging accuracy and responsiveness, and CommCenter staff knowledge of both routine and non-routine procedures are all measurable and reportable.
Logging and labeling every alarm event received as valid or invalid is essential. Across U.S. businesses, billions of alarm events are logged and responded to with no simple indication of cause. The result is multi-millions of dollars of wasted response time that could be better directed to real risk identification and management. If you depend on police response and have lots of invalid alarms, plan on discussions with the CFO who wants to bill your department for municipal false alarm fines.
Security operations, and officer performance measures in particular, are incredibly important indicators that must be on the CSO’s dashboard. Whether we are talking about a proprietary organization or one totally staffed by vendors, these are our customer-facing first responders. Their performance can define the competence of the total security organization. That guard may be the only contact the average employee or visitor will have with your company.
You can have the best security technology money can buy, but if you put it in the hands of untrained, unprepared responders, then so much for that investment. Be thinking about what defines results for this part of your security program.