Press esc to head back

SS-048 Ver 1.0 (May 23)

Confidential & Proprietary | 2024 CBRE Inc.

1. Introduction

To effectively manage Security operations the right Governance and Management principles must be adopted and applied to the site and / or sites.  It is necessary to understand, define and document the key elements that encompass these activities. These are:

  • CBRE's contractual obligations to the client within the Client’s MSA
  • The roles and responsibilities of CBRE management
  • The full scope of the services CBRE is to provide. (See section on Scope Management)
  • The Service Levels to be applied to the operations (qualitative and quantitative)
  • The applicable CBRE and Client Security standards

This section explains the principle Governance and operational requirements to be adopted within the services being performed and the accompanying responsibilities for implementing these. 

2. Understanding Security Roles and Responsibilities

3. Useful Links

Back to Top

An effective Management and Governance structure ensures and provides:

  • Strategic direction and risk ownership. This is a Client corporate security function and provides the Client security strategy, policy, standards and governance structure. The roles are structured around leadership and direction
  • Security Management. This is the specialist management function at regional or cluster level, responsible for operational oversight and management of security processes in compliance with corporate policy. At this level CBRE will be involved with CBRE account dedicated security management and / or senior account FMs.
  • Premises Security Management – This is tactical day to day operational management of Security operations and is performed over all service lines by site security managers and / or facilities managers and includes operational level compliance and the management of Supplier partners
  • Operational Delivery – The actual performance of operational security tasks and may be the role of the guard services provider, but can also be a CBRE FM staff member or other Supplier partner

The following diagram demonstrates the different levels in the typical security management structure. 

  • Client Corporate Security
  • Client FM Leadership
  • CBRE Account Manager

Strategic

Direction

Tactical Direction

Quality & Performance

Operational Management

Compliance & Reporting

Services Operational Delivery

Compliance & Reporting

  • Client Regional Security
  • Client Country FM 
  • Security Specialists
  • Country Service Delivery
  • Services Contract Management
  • Site and country Management
  • Site Level Security  Management

DIRECTION

MANAGEMENT

MANAGEMENT

DELIVERY

DIRECTION, STRATEGY

GOVERNANCE, OWNERSHIP

OPERATIONS, COMPLIANCE

REPORTING & DELIVERY

Security Services

Governance and Management

Transition

Page 1 of  3

Security Operating Standards Compliance Checklist
Security Operating Standards-Complete Guide
Mandatory Controls by Site
Page 2 - CBRE Roles / Responsibilities
Page 3 - Self Perform Security
Page 1 - Governance and Management

SS-048 Ver 1.0 (May 23)

Confidential & Proprietary | 2024 CBRE Inc.

1. CBRE Roles & Responsibilities

2. Useful Links

Back to Top

Security roles and responsibilities can vary between Clients. It is the duty of all accounts to establish what are the specifics related to the operation of the services that CBRE will be involved in (refer to Scope section).

To be consistent across all Client accounts in the delivery of services by CBRE and our service providers we must be are of the Clients specifications and how it engages CBRE and our accompanying responsibilities.

Things to be understand at the bid stage can include:

  • The completeness of the Clients’ specification
  • The Service Levels expected to be delivered
  • Are any services to be performed by the Client and / or CBRE ?
  • Are there any services requested that may be "Prohibited" from being performed, such as armed guarding?

At a high level, account security management responsibilities are covered by the Account Security Management Standards. These define the high level account responsibilities that must be complied with to ensure efficient and effective security management. The table below illustrates the typical structure of security and where / who should / can deliver the main security roles and tasks. 

Note: – ‘Security Tasks’ can be carried out by either or both of the specialist providers or by CBRE and other suppliers – depending on the criteria described below. 

Direction of Security

Strategy, Policy, Standards, Governance, Risk, Corporate & Board Advice

Centres of Excellence

Specialists, Support, Standards, Process, Advice, Best Practice, Audit and Review

Integrated Facility & Security Management

 Supplier Management, compliance, local process and procedures, reporting and performance

SECURITY TASKS

SITE GUARD SERVICES

REMOTE

GUARD SERVICES

MOBILE & REACTIVE

SERVICES

  • Patrols
  • Response
  • Ad Hoc cover
  • Monitoring
  • Remote Operations
  • Alarm Management
  • Enable / Support technology
  • Site guarding
  • Access Control
  • Patrols
  • On-site response
  • Control rooms
  • Enable / support technology

TECHNOLOGY &

HARDWARE

  • Access Control
  • ID Management
  • Alarms
  • CCTV operations
  • Remote systems
  • Visitor control systems
  • Non-Security systems
  • Locks & Keys
  • Fences, gates and perimeter

MAINTENANCE

  • Reactive & Planned
  • Renewals
  • Lifecycle Management
  • Visitor Management
  • Mail & Logistics
  • Access Control & Management
  • Card & Key issue
  • Lock & Unlock
  • Alarm setting & control
  • Building integrity
  • Security Procedures
  • Systems operation
  • Emergency Procedures

Normally provided by:

Corporate Security

Security Specialists 

FM & Site Security Mgr

FM & / or Security staff

Specialist

Service Provider

Security Services

CBRE Roles & Responsibilities

Transition

Page 2 of  3

Mandatory Controls by Site
Page 1 - Governance and Management
Page 3 - Self Perform Security
Page 2 - CBRE Roles / Responsibilities

SS-048 Ver 1.0 (May 23)

Confidential & Proprietary | 2024 CBRE Inc.

5. Useful Links

1. Can CBRE Self Perform Security Services ?

Back to Top

In Simple terms the answer is NO.  CBRE does not self-perform Security guarding services. These are outsourced to specialist service providers.  However, there are other aspects of Security operations that may be permitted.

CBRE FM personnel however and other service providers do have some Security responsibilities that are either aspects of their primary roles (e.g. receptionists managing access controls) or are a part of their role in that they have defined security tasks e.g. facilities coordinator locking a premises and setting the alarms. These tasks may be carried out by FM staff under the following conditions:

  • It is more cost-effective to self-deliver than be outsourced and they are not licensed roles or activities and / or legally require a licensed security officer to carry them out
  • The risks do not require trained Security personnel
  • The role does not require the use of specialist Security equipment or facilities (e.g. a control room-this does not prevent CBRE or other staff from operating ‘simple’ security equipment such as alarms and basic CCTV)
  • The role is not one of a team where consistent presence is required such as a 24/7 shift pattern
  •  Where the GWS-managed site is small or lower risk and/or where there is no need for the dedicated site / based Security officers, these lower level Security tasks can be carried out by FM staff and other service providers as this is cost-effective and efficient

2. Permitted Security based tasks allowed as Self Perform

Management:

  • Develop premises operational Security procedures (but not guarding AIs / SOPs - guarding role)
  • Implement and carry out relevant (non-guarding) security procedures.
  • Direct and manage the activities of Security officers/personnel and providers of security services (guarding, confidential waste, systems maintenance etc.)
  • Produce and provide Security metrics (with supplier input)
  • Conduct compliance reviews
  • Conduct supplier performance reviews
  • Procure and provide Security consumables (e.g. passes)

Actions / procedures:

  • Setting / un-setting alarms where based
  • Lock and unlock premises where based
  • Access controls to sites, as part of reception function (but not guarding entrances)
  • Visitor management
  • Issuing / managing keys
  • Issuing access control cards and tokens
  • Manage access data base
  • Basic site security walkabout e.g. on close down to check a building is secure - (not formal patrolling)
  • Key holding - act as key holder - but not a formal guarding key holding service
  • Respond to Security incidents on site - but not as a formal response service
  • Provide Security information as part of inductions
  • Monitor Security systems such as CCTV where this is incidental to the role (e.g. reception) - but not as a full time or major part of the role
  • Confidential waste handling and destruction
  • Security activities that can be accommodated within an individual's role, provided it is a smaller part of the role i.e. <45%

3. Non Allowable Self Perform Tasks

  • Control room operations and staffing
  • Alarm system monitoring
  • Remote systems monitoring
  • Formal Security patrols (mobile or foot)
  • Provide a formal or informal Security guard service
  • Mobile patrols
  • Multi-site key holding
  • Security escorts
  • Cash and valuables guarding (e.g. CVIT-Never self-performed)
  • Tackling intruders / criminals (within limits)
  • Any combination of security tasks that amounts to more than 45% of any individual's role
  • Any Security activity that requires a specialist regulatory licence (other than where GWS must hold a licence even to manage 3rd parties)
  • Any Security activities where there is a high level of risk to the individual carrying out the activity
  • Any Security activities that require specialist security training (i.e. formal training, more than a brief or following instructions or procedures)
  • Any Security activities that are dependent upon the guaranteed presence of a person or persons - e.g. fulfilment of a shift or providing a presence for the purpose of providing Security

4. Minimum Standard to apply

 All new accounts must include dedicated CBRE Security management roles if they meet the criteria detailed above. Roles must be appointed at a grade suitable for the role. Accounts that should employ a dedicated CBRE Security manager are those that:

  • Have a high volume of spend – typically around $5m in any one country
  • Are in a regulated industry where high levels of governance and compliance are normal e.g. finance
  • Have high risk sites, activities, processes and countries e.g. technology, oil and gas and life sciences

Existing accounts falling into the above criteria should consider employing dedicated Security management to achieve these objectives. 

Security Services

Self Performing Security Services

Transition

Page 3 of  3

Mandatory Controls by Site
Page 2 - CBRE Roles / Responsibilities
Page 1 - Governance and Management
Page 3 - Self Perform Security