Scope and Priority

The benefits of scope clarity are:

Commercially we can properly recover the true costs of providing the service
When rebid time comes up – it ensures the client includes the full scope and provides commercial advantage as competitors will then have to price the full scope, while we know we can deliver it within cost
The probability of service failures are reduced and can be managed
We can change, reduce costs and grow the account
Risks to our staff, clients, Supplier partners and public are reduced
Relevant laws and regulations can be complied with
he client is aware of the true scope. We may not be able to change this or recover the costs in mature accounts – but we can manage the scope more effectively, reduce our risks and improve customer satisfaction – while reminding them of the extent of the services provided by CBRE and our Value Add
By completing the Standard Scope of Work this enables the scope to be recorded easily and consistently
The SOW is aligned with BOMA codes – which enables the cost of Security services and activities to be allocated at commencement of a contract – readily and consistently accounting for all security costs as the basis of good commercial management in the future

Commercial – It is possible that service levels are being delivered to a higher standard and cost that was priced for in the bid and specified by the client e.g. the bid has priced for a ‘bronze’ service level, we find a legacy ‘gold’ service level and are paying the supplier to continue to provide ‘gold’ – whereas we are paid by the client for bronze. Services we are providing are not paid for – as we discover legacy services or out of scope services being provided that we were identified or priced for in the bid – this is especially a risk for accounts where ‘Security is Out of Scope’ – what this usually means is that guard services are out of scope – but FMs still manage aspects of security in the absence of any other resource and other services have Security elements to them e.g. mail room and reception. True cost of services cannot be identified and managed consistently or accurately – this results in poor financial management and difficulty in reducing costs in the future. A service failure in a service that contains Security that is not properly controlled and managed as it is unknown could result in financial penalties. Imagine being penalized for failing to provide a service that isn’t even in scope!
Risk – Not knowing we are responsible for security or a service with security in it means we are carrying safety, Security and commercial risks that is not quantified or understood – which in turn means we cannot manage or mitigate it, or insure it and this leaves our people, suppliers and client at risk. Additionally, some elements of security may be subject to statutory and regulatory controls that we may not meet - this leaves us at risk of prosecution, in some cases this is a criminal prosecution
Change - If we do not know we are providing a service or how we are managing it, we cannot change it or manage it consistently and meet both client and GWS standards – this then has a commercial, risk and quality impact
Service Quality and Customer Satisfaction - An unknown, unquantified, uninsured service or service level means we cannot formally manage it, the consequent risk or service failure and poor quality then leaves us at risk of security incidents, service quality failures and ultimately client dissatisfaction

All accounts, new and mature, whether ‘Security’ is specifically in scope or not, must:

Appoint a Scope Champion for the account
Review scope with the Client
Agree the true scope (the scope that is actually delivered – not the scope in the MSA)
Record and define the scope – by service, activity and location
Ensure the Scope does not bring regulatory and statutory non-compliances
Align scope with the sold solution (the MSA/specification etc.) that the client used to define the services. (Scope Gap Analysis) Or –
Agree the revised scope and use the opportunity to adjust costs
Monitor scope for changes and record these in the account and site scope matrices

Many client contracts will use the term ‘Security’ to mean Guard Services. When a contract says ‘Security’ is Out-Of-Scope it may only mean it is Out-Of-Scope for all aspects of Guard Services.

Other FM services may have Security processes applicable to them and the actual management of Security officers may be required where there is no Client representative to do this work. This is ‘hidden scope’ and needs to be understood as there will be associated costs and risks. Where ‘Security’ is specifically In-Scope, understanding, agreeing with the Client and documenting the Scope of CBRE's security responsibilities and services is an essential core standard for all Security activities. Security scope can also increase as new countries, sites and services are added to the account.

Scope should be agreed during the sales process but there is often insufficient time to do this. The second opportunity to define and agree Scope is during the Transition process, before the Due Diligence and data gathering phases and at a detailed level after Due Diligence when any gaps between client specification and actual service levels should have been identified. Scope must be agreed before Due Diligence or time may be wasted on activities not In-Scope / Scope missed or inaccurately recorded. Scope should then again reviewed with the client after Due Diligence.

Agreeing on Scope at Account level must involve a competent security SME (Subject Matter Expert) who will understand the implications of the Scope and the terms used.

Standard Security SOW (Scope of Work)

The Security SOW should be used as part of the sales process to clarify for clients what services are in scope as standard, in scope at extra cost or not provided by CBRE.
The SOW can be completed for the whole account, site by site, by cluster, business or country
The SOW is used to define whether a service is provided or not. It does not cover quality, volume or frequency requirements or outputs

Standard Service Level Templates

A standard template for defining service levels is available for use in the Template section
Service levels define quality, frequency, volume and outputs. These are usually completed for each site as sites vary, however for multiple smaller or identical sites (in terms of Security) or for similar sites in clusters, one SL can be completed for each group. These may be small offices and retail sites for example.
It is essential that Service Levels are completed as they define local operational responsibilities and help identify service level variances between the actual service levels and those that were specified in the client’s tender documents.

Different clients use different terms for Service Levels, the nearest equivalent should be obtained
Some Clients may not have Service Level documents, provided we have asked for them and advised they do not exist CBRE must record that they do not exist
It is important to clarify CBRE security responsibilities within sites where the Client confirms we are not responsible for Security – to understand for example how security personnel are managed and security tasks carried out where the client has no security management presence.

At account level, the Scope Champion should be an account leadership (senior manager) role
The client’s definition of security requirements as input, outputs or a conventional specification
The client’s MSA etc. may not be detailed or clear enough to enable the Scope Champion to define the scope using the GWS tool, therefore it may be necessary to ask the client to clarify the scope
See embedded Scope Matrix Document
The service scope will vary between sites and facilities while the account scope can only be generic covering all security activities. The SAME scope matrix is to be used for account scope and site scope.

The success of the Scope Management Process is in the effective deployment and implementation of the process at the individual account level and especially during Due Diligence after winning new business if the client’s scope (MSA) is not totally clear. It is recommended to follow the below guideline to identify, agree and record the Scope. This process applies to ALL ACCOUNTS – whether ‘Security’ is formally in scope or not (i.e. technically not included in the client’s MSA) and whether or not the account is new or mature.

Whenever developing a Scope document it will always be subject to a number of potential conflicts or issues that are derived from either a lack of understanding by the Client or even an overstatement of services based on interaction with the service provider whom will always look to gain from additional work being performed on a site.

It is therefore important to have an understanding on the drivers that can cause these issues when developing the right Scope for the required services to be performed.

The client’s MSA / specification etc. is too high level, contains insufficient information to develop the scope matrix without more client consultation. This will very often be the case. Scope should be agreed with the client during the bid phase – this is not always possible. The second chance is during Due Diligence and Transition – it is essential then to hold a scope workshop/meeting with the client to populate the scope matrix. This is especially useful after Due Diligence when the scope is clear – to go back to the client and demonstrate that the scope is bigger than the price due to the lack of detail in the MSA
CBRE is unable to agree the scope with the client. Unlikely – but if the actual scope is bigger than the MSA scope, then consider reducing the scope to the MSA scope – or we may have to carry unrecovered costs. Demonstrate to the client how the scope gap will affect services and risk mitigation
The Account is a mature account, the scope was never formally agreed in detail and defined and there are legacy services and service levels and it would damage the relationship to argue about or change Scope. A very likely scenario. This demonstrates the importance of agreeing Scope before Go-Live. However, when accepting this situation it is still essential to agree and record the Scope or we risk being unable to manage and deliver effective services. It will reduce our ability to reduce costs and achieve savings. If the client wants savings – suggest stopping the Out-Of-Scope activities, at least. Ensure the client is aware of the Scope gap and that this can be demonstrated as value add. When it is time to re-bid, make sure the client is aware of the Scope gaps. We can then either reduce our re-bid price by omitting of Out-Of-Scope work (to be included at the right cost later) – or the Client must make sure the competition is aware of the full Scope
The Scope has changed since we first won the business. It is important for the Scope Champion to monitor and manage scope and to maintain accurate scope records. Liaison with SD is important so that SD ensures the Scope Champion is consulted over proposed scope change – this can then be properly priced if necessary. When this has occurred without proper records or controls it is essential to revisit the Scope with the client – see Question 3

CBRE is prevented from supplying and occasionally from managing some or all security services because of legal, compliance and risk issues. These services will always be Out-Of-Scope.

Typical prohibited security services are:

All Security services and their management within High Risk and embargoed countries
Where the country or local Security and / or labour regulations prevent CBRE from acting as Principal or from providing them at all. It is the responsibility of CBRE Legal to identify these countries. CBRE may be able to manage the services as MA (Managing Agent only)
Armed Security on site (where site based Security officers would be required to carry lethal weapons). Non-lethal weapons are not normally in scope. They can only be provided in properly controlled and managed environments with agreement from Legal and the Security Global Lead (to ensure appropriate controls are in place)
Body guarding, VIP protection. This is not a facility service. VIPs can be protected on site as part of the Security function (possibly special events), but a dedicated VIP escort and protection service is not provided by CBRE

As part of the Due Diligence phase of mobilisation, Due Diligence teams must obtain (where they exist) copies of Client Security policies, standards and processes to ensure CBRE is compliant with these and importantly, to help define the Scope.

The Transition Team is responsible for obtaining the Policies and any other relevant material during Due Diligence with the Client.

The Account Security Scope Champion is responsible for maintaining and keeping copies of the policy documents and any other relevant documents obtained with copies of the governing contract between the Client and CBRE, copies of the specification, SLAs and any other contract documents provided by the Client. The Client Security and risk documents that must be obtained (if they exist) are:

1. Applying Scope to Security services

2. Scope and extent of Security services

Security Priority

3. Applying the Security Priority

Priority

Security Services

Understanding Scope & Priority

BID

Page 1 of 7

4. Useful Links

1. Benefits of a clear Scope of Works

2. Consequences of an improper Scope of Works

3. Applying the minimum Standard

4. Defining and Recording Scope

Security Services

Defining Scope

BID

Page 2 of 7

1. How to Document Scope

2. Key Points

Security Services

Documenting Scope

BID

Page 3 of 7

1. Introduction

2. Scope Management Development Process

3. Process Notes

Security Services

Responsibilities - Scope Development

BID

Page 4 of 7

1. Introduction

Security Services

Scope Deployment Planning

BID

Page 5 of 7

1. Introduction

2. Common Problems when identifying and agreeing Scope

3. Are any services Prohibited?

Security Services

Understanding Scope Problems

BID

Page 6 of 7

1. Introduction

2. Notes

Check - Check - and Re-Check

Security Services

Scope and Client Requirements

BID

Page 7 of 7