SS-044 Ver 1.0 (May 23)
Confidential & Proprietary | 2024 CBRE Inc.
1. Overview
The purpose of Security standards is to help CBRE achieve several essential objectives:
- Ensure there is consistent delivery and management of Security across all accounts
- Ensure CBRE staff are aware of their responsibilities to our clients
- To provide an effective governance framework for the management of Security to reinforce and ensure our ethical management of Security services
- To help manage and avoid risk to clients and CBRE
- To help Accounts, Sourcing and Business development understand our services, our Value Proposition, Scope, and how we deliver the security services
- To set minimum Standards for the business development solutioning and pricing process ensuring we propose the most cost-effective and competitive solutions to our Clients
2. How Security Minimum Standards Work
CBRE Security Standards comprise two (2) areas of standards – these are:
Operating Standards – These define the minimum standards for managing and operating security and managing specialist Supplier partners at account level and the governance and audit standards. Operating standards comprise three areas:
Security Management Standards – the responsibility of CBRE AM and SD
Security Service Standards – the responsibility to CBRE SD to ensure they are implemented – the responsibility of suppliers to ensure they are complied with
Security Services Operating Standards – The output based standards agreed with our key Supplier partners to direct and manage the output of the relationship
Business Development Bid Standards – These define standard Security levels that contribute to the tools used to develop generic Security prices and proposals. These are minimum levels of Security relevant to building types, purposes and their country locations.
5. Useful Links
3. Why have Minimum standards ?
Minimum standards are set because as a business we need to identify and set the standards below in which we will not operate. These minimum standards are consistent with best practices and intended to be cost-competitive. Where clients wish to have higher standards, this can be priced into our bid proposals. All responsibly managed companies set security policies and standards ensuring appropriate levels of protection for staff, assets, finances, operations, and reputation.
‘Higher’ Standards – means greater in frequency, volume, quantity, and quality – this is the Client’s choice and based upon their risk mitigation requirements, business culture as well as local and unforeseeable (to the bid team) service levels when tendering. Higher standards will be at a greater cost to the Client.
There is a default process for providing services below the minimum standard (although technically the lowest standard is no security provided).
There are some areas where CBRE will not fall below the minimum:
- Where it would cause any legal, regulatory, or other statutory non-compliance
- Where there would be a contractual non-compliance with the client’s MSA or standards
- Where it would require a service to fall below-recognised industry standards, unless with written client instruction to do so and with written indemnity
- Where doing so would contravene and risk any CBRE quality standards or accreditations
- Where doing so compromises the safety of clients, CBRE people, members of the public, and suppliers
- Where our Supplier partners would be required to fall below their own industry standards and regulatory standards
- Where doing so would be unethical
4. Security Standards and FM Services
CBRE provides FM services, soft and hard, these services which are not specifically security – will have some security elements to them, requiring FM people (e.g. Service Delivery) and service providers to carry out security tasks either because they are incidental to their roles e.g. mail room staff scanning mail or because they are the only available resource to carry out a security task, especially if there are no dedicated security officers for a site. (See Self Performed Security).
Typical FM services functions that will often have security procedures and tasks within the wider service include:
- Reception - Control of Access, issuing passes etc.,
- Mail Room - Scanning mail, secure storage of deliveries
- Food Services - Security and integrity of food and cash handling
- Reprographics - Handling confidential and sensitive material
- Waste - Confidential waste handling
- Key Management - Control of keys and access to secure areas
- Technical services - Control of plant space, security of sensitive materials and areas
- FM staff - - Locking and opening of premises, setting alarms and issuing passes etc.,
Security Services
Security Standards Explained
Transition
Page 1 of 5
SS-044 Ver 1.0 (May 23)
Confidential & Proprietary | 2024 CBRE Inc.
1. Applying the right approach to management of Security services
Management of Security operations across a site or multiple sites can be onerous and tricky leading to potential issues if not set up correctly. It is imperative that when setting up your site to manage Security you document all of the required activities and responsibilities to be carried out. This should encompass both those carried out by the Supplier partner as well as CBRE and any requirements by the Client especially if they operate technology or high risk sites such as Data Centres.
The purpose of having Security standards within our operations is to help CBRE achieve several essential objectives:
- Ensure there is consistent delivery and management of Security across all accounts
- Ensure our people are aware of their responsibilities to our clients and to GWS
- To provide an effective governance framework for the management of Security to reinforce and ensure our ethical management of Security services
- To help manage and avoid risk to clients and CBRE
- To help Accounts, Sourcing and Business development understand our services, our Value Proposition, Scope and how we deliver the security services
- To set minimum Standards for the business development solutioning and pricing process ensuring we propose the most cost effective and competitive solutions to our Clients
2. Required actions
You have a new account to commence Security services or an existing account is undergoing a transition to CBRE
5. Useful Links
Refer to Section 1: Establish New Contract - page 2
Then review Sections 2 through to Section 5
You are an existing account or have completed a transition to CBRE
Commence at Section 2 and through to Section 5
3. Key Points
- Each ‘Standard actions Required’ represents an essential action if the service is in scope
- Every Standard Action is governed by a corresponding Security Standard
- Every Security Standard is supported by either a Best Practice, Guide or other tool
- Use the ‘Mandatory Security Controls by Site Type’ to check mandatory control documents and roles required for each site, facility or cluster type
- Use the sections noted to determine required actions for all accounts and corresponding security standards and supporting best practices, guides and tools
4. Section Links
Section 1:
Establish new site contract
Section 2:
Transform Security operations
Click HERE
Section 3:
Operate and Manage Security
Click HERE
Section 4:
Audit and Review Security
Click HERE
Section 5:
Incident Response / Emergencies
Click HERE
The following guidelines represent the minimum standards that should be followed to ensure site operations are within the prescribed limits and responsibilities.
Click HERE
Security Services
Security Operations Standards
Transition
Page 2 of 5
SS-044 Ver 1.0 (May 23)
Confidential & Proprietary | 2024 CBRE Inc.
Section 1:
3. Useful Links
Establish New Site Contract
Standard Actions Required
Relevant Standards to Apply
Understand, agree and record the complete security scope of works (Account Scope). – Develop the scope with the client
Security Management
Operating Standards
Transition Standards
Conduct Due Diligence on existing (legacy) services. This will be part of the due diligence transition process
Security Management
Conduct Gap Analysis between specification, bid proposal and actual on-site situations
Operating Standards
Transition Standards
Security Management
Appoint Security Owners for each Account and site or cluster, usually Account Leadership; the site owner is usually Operations (site management
Security Management
Appoint an account security SME if the value of security and / or regulatory and risk requirements reach the threshold levels.
Security Management
Section 2:
Transform Security Operations
Understand, agree and record the complete security scope of works. (Site Scope)
Standard Actions Required
Relevant Standards to Apply
Appoint Security champions for each account and Scope owners, usually Account Leadership, the site owner is usually Operations
Develop Account Security Operating Strategy
Operating Standards
Develop Service Level Agreements (SLA) for each site
Security Management
Security Management
Develop Account Security Operating Manual
Operating Standards
Operating Standards
Carry out Audits / Reviews as required and support client presentations on security actions / issues
Operating Standards
Carry out training and awareness ensuring that all HSE matters are incorporated into training programs
Operating Standards
Security Services
Security Operations Standards
Transition
Page 3 of 5
SS-044 Ver 1.0 (May 23)
Confidential & Proprietary | 2024 CBRE Inc.
3. Useful Links
Section 3:
Operate and Manage Security Services
Managing Service Provider
Implement Guard Services Provider Standards
Standard Actions Required
Relevant Standards to Apply
Ensure a suitable Guard Services Specification in place
Managing Service Provider
Develop and implement Security Management Procedures
Security Management
Support and ensure development and Implementation of Security Procedures
Operating Standards
Security Management
Security Systems Maintenance
Scope alignment / SLAs / Asset lists / Operating Procedures
Security Management
Key Management and controls
Security Management
Access controls and management
Security Management
Confidential Waste Management
Security Management
Loading bays, access, mail handling and screening
Security Management
Training and awareness and induction
Section 4:
Audit and Review Security
Standard Actions Required
Relevant Standards to Apply
Security Management
Security Metrics and Performance Management
Security Management
Contract reviews and Supplier partner reviews
Operating Standards
Security Management
Compliance checks and audits including HSE audits
Operating Standards
Section 5:
Incidence Response / Emergencies
Standard Actions Required
Relevant Standards to Apply
Security Management
Incidence response and escalation procedures covering - theft / loss / burglary / violence / first aid / alarms and fires
Security Management
Incident Management and reporting procedures
Security Management
Emergency Procedure training covering Fire / Bomb Threat / Others (as required)
EHS Standards and Policy
Security Services
Security Operations Standards
Transition
Page 4 of 5
SS-044 Ver 1.0 (Apr 23)
Confidential & Proprietary | 2024 CBRE Inc.
Appoint Account Security Leads and Champions
Conduct Scope and GAP Analysis
Develop Local Account Security Manual
Issue Manual and operations document
to Site Leads
Identify and log Site Cluster Scope
Create Site cluster security Manuals
Identify and document Site Security Controls
Identify and document the applicable Security standards
Identify and implement Best Practices
Transform and
Improve operations
Operate and Manage
Audit, Review and Update
Site Manager
Account Manager