Security out- sourcing: anything to learn from the G4S experience?
Advent IM in Outsource magazine 20.07.12
Spreading the risk – a more secure alternative?
Recent events with G4S and LOCOG/the Government’s procurement of security for the Olympics, will clearly not be leaving the headlines anytime soon. Indeed you could be forgiven for thinking this was a security event, not a sporting one. Is there anything to be learnt from the Olympic Security out-sourcing? A good place to start would be to understand how organisations source physical security.
We have always done it this way
Let’s be clear, out-sourcing security can work and work very well for end users. The impetus for out-sourcing any service should have a solid base in the desire for the best possible service from people who are experts in their field. If the motivation is always cost cutting rather than sourcing excellence to improve end user experience, then nine times out of ten you will simply get what you pay for.
Physical Security has a long standing relationship with out-sourcing. That does not mean however, that because it has been out-sourced for so long that it is done well in all cases. Frequently, we see providers specifying to clients what they can have based on their portfolio of services, rather than the client understanding what they need based on Threat and Risk Assessments and specifying this to the provider. This is a bit like visiting a car showroom and saying, “sell me the car I need.” You may find yourself returning a short time later asking why you can’t fit your six kids into your Aston Martin but if you didn’t specify your needs from the outset the car sales person will see you what he wants … One size never fits all, it may fit some but everyone prefers something that meets their needs when they can get it. So, how can something as important as security not be bespoke?
Facility Management and Security
In business, Physical Security has been moving for many years into the Facility Management arena. It is a natural place in many ways, especially if this is not simply managing the manned guarding aspect but also equipment contracts such as CCTV and door entry systems, PIR’s etc.
In-house FM may manage an out-sourced contract for Physical Security provision. An FM provider may manage a contract for a client, or an in-house FM may manage a contract with an FM provider who manages a Physical Security Contract with a provider. There may be a separate contract for management of equipment contracts, that could be managed by the in-house FM, the out-sourced FM provider, the security provider it has been out-sourced to or possibly even further along the chain (still with me?) …That is a lot of moving parts in a chain that requires clear areas of accountability at all stages, not to mention governance (who is guardian of CCTV image management for instance, and is everyone clear on that along with Data Protection Act requirements?). Governance also includes relationship management and compliance checks. Remember it is only the function that is being out-sourced, not the responsibility … or the accountability.
Proactive or Reactive Procurement?
“Understanding the risks involved can save money and reputational damage. Keeping your supplier close and having an open, honest relationship ensures any danger of things going wrong is reduced, or at least spotted early and corrected,”
– CIPS CEO David Noble
Chartered Institute of Purchasing & Supply (CIPS) state that it is the job of the buyer to ensure that:
- Materials of the right quality
- Are delivered in the right quantity
- To the right place
- At the right time
- For the right price
- And the sixth right: from the right source
Reactive Procurement is taking only one or his heavily biased toward one of these ‘rights’. Proactive procurement is based on strategic decisions of all the six ‘rights’, then the supplier will not have been selected on price alone, for instance.
When we examine how Physical Security is sourced the issues and potential pitfalls, start to emerge. If we go back to our example of G4S and the Olympics, Government Procurement decided not to split security provision, and thereby risk, across several smaller providers, but to go with one large provider. So the focus appears to have been on procurement ie. cost. Whilst we want our Government (and in this case LOCOG also) to be cost sensitive with our hard earned taxes, we also want the job done correctly. This option appears to have introduced a ‘single point of failure’ because only one supplier was procured.
This is the difference between sourcing the service you want, need and are specifying with expert knowledge and procuring the cheapest or ‘most economically advantageous’ as Government procurement tender documents read. Let’s be clear, to a supplier, procurement is there to hard bargain on cost, they are not there to provide any level of expertise or the associated judgment call, on the service being requested.
For a regular organisation understanding that all stages of the chain have to be carefully managed, is key. KPIs based upon the threat and risk landscape should be in place to ensure performance is being measured against the correct metrics. They also need to make sure that their bespoke needs are the ones being answered and not what the provider is telling them they can have. The threat and risk landscape will change, will a client be penalised for changes to reflect mitigation of these changing risks?
One final thought on proactive vs. reactive, G4S are shouldering 100% of the responsibility for this debacle, not Government procurement. On a realistic business level for organisations considering their options for out-sourcing security, when things go wrong it is rarely the procurement team who get an unhappy phone call from the end user, it is normally the Facility Manager.
Many Facility Managers and providers welcome the idea of system integration – Security Systems can easily be included in this model and can provide very valuable data back to an organisation across disciplines when part of a wider integrated function. For this to be realistically achieved, and the associated service and cost improvements to be reaped, the whole chain of supply and accountability needs to be resilient and transparent. There are real benefits to be had from out-sourcing Security and even more to be had by bringing everything together to provide a holistic management view.
- See it as an investment in an organisation’s excellence – for that is what it is. If you view it purely as a cost saving exercise, you may come unstuck.
- Take expert advice on your real threats and risks and specify accordingly.
- Get the bespoke solution you need not the solution the out-sourcing provider wants you to buy.
- For larger out-sourcing projects think about spreading the risk of a single point of failure – more than one provider may be the answer.
- Ensure clear, accountability, resilience and due diligence throughout the chain and wherever possible limit multiple ‘moving parts’.
Originally published in Outsource Magazine 23.07.12, reproduced here with the kind permission of the Editor.
0121 559 6699