When using the Playbook it is important to understand the terms as they are related to the content thus ensuring you have the best experience and understanding of the relevance and meanings in which the terms are used. Please read below:
SS-065 Ver 1.0 (May 23)
Confidential & Proprietary | 2024 CBRE Inc.
Overview
Definitions
Activity
Definition
Security
As a process – ‘Security’ is defined as being in a state of being free from fear and harm i.e. ‘being secure’. As a service – ‘Security’ is a combination of people, processes, assets, physical, virtual and electronic resources, combined with training, awareness and behaviours that, when combined correctly help achieve the state of Security.
Security Management
The management of security activities, processes, people, systems and suppliers
Security Services
Specialised security providers - usually used to mean the more advanced guarding companies and the services they provide.
Security Guarding
Provision of trained, vetted and uniformed (usually) personnel to carry out more specialised security tasks. Usually used where there are requirements for specialist training, licenced personnel, volume, consistency of cover i.e. guaranteed availability and shift patterns etc. Includes on site guarding, key holding, mobile patrols, reactive responses and alarm monitoring
Corporate Security
The senior security leadership and directing security function within a business. Not normally involved in delivery of physical/site security but would provide the strategy, policy, advice, standards, governance, risk advice etc. to help a business make decisions about and govern its security activities.
Security Standards
Normally minimum standards. In corporate security terms they would provide the minimum acceptable level of security for a particular site – enhanced by risk assessment and could include technology as well as people and services etc. In CBRE terms these are the minimum mandated ways of providing and managing security and security services within and IFM context.
Security Operating Standards
An agreed set of output standards that forms the technical part of the contract with the Service providers. As output standards, these leave the means of delivery to the Service providers to achieve but in agreement with CBRE at the appropriate levels.
Best Practice
The accepted or recommended way of doing something efficiently and effectively – achieves fitness for purpose – not necessarily the ‘best’ way, irrespective of cost.
Security Processes
The end to end method of achieving a particular security activity – may consist of several security procedures and other activities.
Security Procedures
A defined and accepted way of carrying out a security activity.
Physical Security
The term normally used to mean everything to do with the security of premises and everything therein. It would include not just guarding, but also the provision of electronic (e.g. CCTV etc.) and physical measures (e.g. secure doors, fences, lights, barriers etc.). It will also include the procedures and behaviours etc. required of people.
Premises Security
The term ‘Premises Security’ is used here to distinguish the role played by CBRE and its partners in Physical Security as this role does not normally include providing the physical measures such as doors and gates etc. – but is limited to maintaining them.
Threat
The terms ‘Threat’ and ‘Risk’ are often confused – people often say risk when they mean threat – the difference is simple – ‘Threat’ is the means by which something or someone can be attacked. It is a component of Risk.
Risk
Risk is the state created by a combination of factors – Target (what might be attacked/stolen etc.); Threat (the existence of something or someone who might attack the premises, person, asset or process); Probability (how likely it is that the threat might become reality) and Mitigation (the means by which the threat might be defeated or avoided). Therefore – Risk = target X threat x probability x mitigation. There are many complex models for analysing risk – it is a very subjective activity.
Service Level
The description of how a service is carried out / provided with the necessary qualitative and quantitative measures and outcomes required.
Service Level Agreement (SLA)
A standard format SLA to be used to define the exact service outputs and inputs at each site and facility for the delivery of security services (guarding and systems maintenance).
Remote Monitoring
A specialised centre equipped with the hardware and staff to monitor and manage security systems and procedures from a remote (i.e. off-site) location. Will usually monitor and manage alarms, CCTV, access controls, vehicle and people tracking etc. Used where the quality of the management and intervention in alarms etc. and management security procedures and systems needs to be more bespoke than alarm monitoring – and costs more.
Alarm Monitoring (Centre)
A specialist facility for monitoring alarms only. Usually a basic process-driven alarm receiving and response initiating centre based upon volume of alarm terminals monitored – typically used for volume alarm monitoring e.g. bank branches.
Standard Operating Procedures (SOP)
A security term for standardised security procedures – can be applied at any level of the end to end security process.
Assignment Instructions
Specific instructions, procedures and administration for security personnel. These may include all the site security procedures for small sites and facilities but rarely for the larger ones – these are procedures for security personnel only. It is the guard service provider’s responsibility to develop and maintain these. They must be specific to each site or facility – except where these form a cluster of identical facilities e.g. bank branches. SD’s role is to work with suppliers to develop them, sign them off once complete and check them regularly.
Post Instructions
These are instructions for individual guards or posts (fixed guard roles – e.g. control room operator). They are specific job instructions. It is the guard service provider’s responsibility to provide these.
Access Control
The means of securing and monitoring access to and egress from a building.
Key Management and Control
The procedures used to manage the issue, receipt, recording and management of hard ‘brass’ keys – also mechanical PIN pads.
Confidential Waste
The secure collection and destruction of waste that may be sensitive, confidential, valuable (for unauthorised re-use).
Scope
Services, products, people, activities, processes and procedures to be provided by CBRE to the client.
Scope Of Work
A standard format list of security services and management actions provided by CBRE and / or our partners and suppliers. The Scope range provided by CBRE as standard is detailed in the Scope Of Work matrix document. These scope activities etc. all link directly with a corresponding BOMA code.
Scope Gap
The difference between the clients’ MSA / specification and the actual service levels provided at the sites. This may be due to lack of detail, too high level a MSA or inaccuracy.
Scope Gap analysis
An analysis of the difference between the clients’ MSA etc. and the actual service levels, activities etc. provided at a site. These differences may be significant and has a consequently significant impact on the profitability of the account.
Sold Solution
The solution provided to the client based upon the client’s MSA and other information used to develop a solution. The solution is likely to be based upon limited information and may be benchmarked – therefore it is also very likely NOT to accurately reflect actual service levels and therefore costs.
Legacy (Service Levels)
The existing services and service levels, qualitative and quantitative, that exist at clients’ sites when starting a new account. The reason for the Scope Gap Analysis is to identify the difference between legacy services and service levels and the service levels etc. provided by the client in their MSA – and therefore the basis of the CBRE price. Where the legacy SL is different to the Sold Solution – there is a risk of loss of revenue to CBRE is the legacy SL is higher than the sold SL e.g. a Gold service level is the legacy, while the client’s MSA either states bronze or no level stated – a bronze level may have been priced in the Sold Solution – and charged to the client, but the supplier providing the legacy SL is being paid for a gold service level. For some services the cost difference could be in hundreds of %.