Press esc to head back

SS-054 Ver 1.1 (May 23)

Confidential & Proprietary | 2024 CBRE Inc.

3. Useful Links

CBRE with the Security service provider will develop the Operating Strategy for the account based on the Client specifications and Master Service Agreements (MSA) and aligned to CBRE Security standards. The strategy should be account specific and designed to achieve the commercial, risk and service objectives embedded in the contract. 

1. Overview

2. Understanding Risks and Risk Strategies

When developing the Operating Strategy it is vital to ensure that all Risk factors are taken into consideration and appropriately, conduct Risk assessments as part of the plans before commencement of operations on site.

Once an assessment has been conducted there are a number of approaches to managing the perceived risk, the following are industry approaches:
▪ Accept – This is referred to as risk acceptance, or the risk appetite. The level of risk that we are prepared to accept. Remember, it is the owner of the risk e.g. the Executive Board that determines the levels of acceptance
▪ Avoid – We can avoid the risk by perhaps not carrying out the expected operations. Maybe we won’t open a new shop in an area that has high levels of crime, and the risk of our shop being attacked is far too great.
▪ Transfer – The risk can be transferred to a third party that will take responsibility for it e.g. an insurance broker.
▪ Reduce – We can treat the risk by means of physical and procedural controls, such as Training and Awareness / Policies / Adopting a Risk Awareness culture

Physical

Security

DETECT

(Electronic)

RESPOND

(Personnel)

DELAY

(Physical Measures)

Follow the Risk process guide on the following page to ensure full assessment

You may also use the Risk Assessment form from the below link to assist in completing a site Full Risk Assessment

Conducting the Site Risk Assessment (SRA) will involve visits to numerous areas and possible examination of a number of security measures. All should be considered from an adversary’s perspective. Below are some of the areas that the SRA should cover; but remember that you must examine all systems to investigate their suitability to the security situation.


The following areas should be assessed as a minimum:

  • Topography
  • CPTED - Is it possible to implement?
  • Perimeter protection
  • Access control
  • Building protection
  • Electronic security
  • Security policies, plans and procedures
  • Security training
  • Personal protection

 

(CPTED) - Crime prevention through environmental design

Crime prevention through environmental design is an agenda for manipulating the built environment to create safer neighborhoods. It originated in America around 1960, when urban renewal strategies were felt to be destroying the social framework needed for self-policing.

Security Services

Conducting Risk Assessments

Transition

Page 1 of  3

CBRE Security Awareness
Bomb Threat Checklist
Site Survey and Risk Assessment
Develop Emergency Procedures
link to CBRE QHSE Site
link to CBRE BCP Portal
Page 2 - Risk Process Guide
Page 3 - Business Continuity Planning
Page 1 - Conducting Risk Assessments

SS-054 Ver 1.1 (May 23)

Confidential & Proprietary | 2024 CBRE Inc.

CBRE with the Security service provider will develop the Operating Strategy for the account based on the Client specifications and Master Service Agreements (MSA) and aligned to CBRE Security standards. The strategy should be account specific and designed to achieve the commercial, risk and service objectives embedded in the contract. 

1. Risk Process Guide

Follow the Risk process guide to ensure full assessment

Identify Assets

Identify and

Assess Threats

Identify and

Assess Vulnerability

Assess Risk

and Value

Identify suitable

Cost Effective

countermeasures

Re-Assess the 

Risk

Select and Implement

response

Review Risks

  1. People
  2. Property
  3. Information

Risk Assessment

Process

Security Services

Risk Process Guide

Transition

Page 2 of  3

Back to Top
Page 1 - Conducting Risk Assessments
Page 3 - Business Continuity Planning
Page 2 - Risk Process Guide

An Account / Site specific Security Services business continuity plan (BCP) should be developed and agreed upon with the Supplier partner during the transition phase. 

Key Points to consider are:

  • Supplier partner to create and maintain an appropriate BCP to mitigate risk and ensure the planned continuity of all Security operated Services delivered in accordance with the SOW
  • The supplier partner is to provide the CBRE Account / Site Teams with a soft copy of the BCP
  • A minimum of an annual review after updating plans to meet Account / Site specific CBRE / Client requirements and frequencies 
  • Specific reviews shall be conducted ahead of known or anticipated events such as the enhanced risk of terrorism, flood or hurricane alerts
  • BCP shall cover all reasonable potential incident eventualities in relation to incidents and events impacting the supplier, CBRE, the Client, or the site that may prevent the performance of the services
  • Supplier partner shall use all reasonable endeavors to provide continuity of service to meet the SOW 

It is important to document and agree on what the revised or additional Security Services SOW and SLA requirements are for each individual instance and event, as these will vary by the incident and by the level of severity. 

Costs agreed upon in advance with providing BCP at the time of an incident / event may often become a lesser consideration, leading to potential unplanned additional cost post-event.

 
In the event of an extraordinary unforeseen incident or event, specific alternative or additional Security Services may be required by CBRE / the Client. These shall be identified, documented and agreed upon by CBRE / the Client as soon as is practical during BCP mobilisation and shall be subsequently provisioned by the Supplier partner at the agreed cost.

 

Provide the Supplier partner with a copy of the Account / Site Specific BCP requirements and ensure that the supplier aligns their BCP to these requirements.

SS-054 Ver 1.1 (May 23)

1. Security Services BCP specific concerns

When considering your Business Continuity Planning and the impacts of any disaster that may affect the operations of the business.

A few key areas to note when considering the development of the BCP follows:

  1. Site perimeter security fencing and systems
  2. Backup systems for online and remote monitoring
  3. Labour resources to cover additional work areas (guarding and patrols)
  4. Backup generators / batteries for systems maintenance
  5. Ability to run simulations without impacting business operations
  6. Potential for Cyber hacking and management process in the even of systems being down
  7. The Clients  perception and understanding of potential delays

2. BCP Planning Process

Prevention

Risk

Management 

Plan

Preparedness

Business

Impact 

Review

Response

Incident

Response 

Plan

Recovery

Recovery

Plan

Confidential & Proprietary | 2024 CBRE Inc.

3. Useful Links

Overview

Security Services

Risk and Business Continuity Planning

Transition

Page 3 of  3

Back to Top
CBRE Security Awareness
Bomb Threat Checklist
Site Survey and Risk Assessment
Develop Emergency Procedures
link to CBRE BCP Portal
CBRE Security Awareness
Bomb Threat Checklist
Site Survey and Risk Assessment
Develop Emergency Procedures
link to CBRE QHSE Site
link to CBRE BCP Portal
Page 1 - Conducting Risk Assessments
Page 2 - Risk Process Guide
Page 3 - Business Continuity Planning