SS-029 Ver 1.0 (May 23)
The use and misuse of keys or access cards constitute a major risk to CBRE and our Clients. Specific standards apply to CBRE and the Security service provider for the use, control, and security of keys and access cards. The Security service provider is required to implement and adhere to CBRE best practices for the management and Security of keys and access cards. If keys or access cards are lost or stolen due to any act, negligence, or non-performance by the Security service provider’s personnel, CBRE will hold the Service provider liable for the cost of replacement and any consequential losses, including re-suiting / keying and replacement of locks and keys and the cost of any consequential loss or damage arising out of the theft or loss up to the limits set out in the MSA.
If additional Security personnel are required to safeguard an area following the loss of keys or access cards caused by their negligence, then they are responsible to provide such replacements as directed by CBRE at their own expense.
Essential governance to ensure the safety of all is noted in the below table:
1. Overview
Confidential & Proprietary | 2024 CBRE Inc.
3. Useful Links
Site safety rules and procedures
Standards site
induction
Site Security
procedures
Conducting Site Risk Assessments
Incident Response Management
2. Minimum standards to follow for Key Management
Grand Master keys
can only be used by permission of senior management
Key audits conducted at regular intervals to ensure all keys accounted for
Key to be housed in secure locations only accessable by authorised personnel
Key register to be
maintained and keys to be signed for when obtained and signed back in on return
Keys are not permitted to be removed from site unless expressly authorised by CBRE Management
Daily checks to be completed by site Security staff on keys in place, report any discrepencies
Access card serial numbers must be recorded the same as keys and kept secure
Access cards may not be loaned out under any circumstance, the same principles as key management
Access cards used for turnstile / barrier operations are not permitted to be passed to visitors to gain entry to site
The loss of access cards must be treated in the same manner as keys and reported immediately to CBRE staff
Typical Security key used on sites
Access card and reader
Security Services
Key Management
Transition
Page 1 of 2
SS-029 Ver 1.0 (May 23)
The Security service provider may subcontract key holding services in locations where they are unable to provide services due to the absence of adequate geographical cover. Whether directly or indirectly provided, CBRE should ensure the Security service provider is responsible for the following activities:
1. Overview
Confidential & Proprietary | 2024 CBRE Inc.
2. Useful Links
Keyholding Security officers / patrols are sufficiently familiar to be able to access and enter (if required) each site safely and securely and respond appropriately to the incident or reason for the call out
An Assignment Instruction must be completed for each site or a cluster of identical sites – this may be in the form of a ‘mini-AI’ – not using all the details needed for a static site
Keys collected from CBRE or CBRE’s client must be signed for and a receipt for the key(s) – including access cards and tokens, must be provided to the key owner by the security service provider
Keys shall be returned at the end of the contract and a receipt obtained from the person to whom they are returned
Keys held in mobile vehicles must always be provided with appropriate security
There shall be periodic key audits to confirm that all issued keys are accounted for
Keys must not be tagged with the site address or post / zip code of the site to which they relate – a separate keycode shall be kept to record keys
Response times for a key holding call out must be agreed with each CBRE Site Manager and included in the site or cluster SLA. Response times shall be reasonable for the location and nature of the site
Keyholding patrols having visited a site must never leave the site insecure or unsafe. If there are safety or security risks found on site then the Security service provider’s control room must be contacted, who must, in turn, contact the relevant CBRE Site Manager or Helpdesk
A site risk assessment must be conducted by the Security service provider to ensure their personnel are aware of and trained on any site risks or hazards and how to work on-site safely and leave the site safe for others
Keys, access cards, alarm codes, etc. must be kept secure and not given to any unauthorised person or used for any purpose other than the conduct of contracted patrols and emergency responses
Any key or card loss or compromise of codes, etc. must be reported immediately to CBRE. The Security service provider is responsible for securing the site at their own expense
A record log must be maintained at the control centre for each key holding call out. If a call out is initiated for any reason, either in response to an incident / alarm or as a Client request, CBRE must be notified in writing (e-mail) of the call out
All safety equipment, PPE or additional clothing must be provided by the security service provider