4. Enhance protocols for managing and documenting dynamic security plans (design effectiveness)

Overall rating: Low

Impact:

Low

Likelihood:

Likely

Observation:

When reviewing the resource/security planning processes we noted that:

  • Standard procedure and record of common recurring service disruptions is not maintained to document security needs, to handle ad hoc situations (e.g., protests, elections, postal strike, temporary displacement, construction/decommissioning, special ceremonies etc), and to inform annual security planning and resource allocation.

  • A security services contingency plan is not documented as part of vendor risk analysis.

Implication:

The City may not be able to carry out necessary security arrangements in an event when a security service provider under-performs or is unable to deliver for any reason.

Recommendation:

Management should formalize the the security planning process by considering the following:

  1. A template “request form” or “security needs analysis” for assigning/deploying temporary security measures (e.g. when the workplace is displaced) should be established. This may include options for selection of services (e.g. on-site guard service, alarm response, mobile patrol need, pre-planned temporary guard service, emergency callout, crossing guard needs, etc.) available within the contract. The template may also include: approval, department requesting, nature of event, number of venues, frequency, timings, nature and number of occupations impacted. City may allow exemption to this form if event characteristics have already been logged. Special events log for recurring events should also be maintained.

  2. Develop security contingency plans to address unforeseen security needs in the event of vendor substandard performance or contract termination. Such a plan may include prioritized high ranking expectations and assigning certified/trained guards employed by the city or deploy certified security trainers to build temporary capacity or an alternate service provider or solution. The contingency plan could be an extension of the previous recommendation as to responding to areas which may need security without delay or lapse.

    Continued from finding 1 regarding a Corporate Security Message Center (CSMC) usage procedure, we recommend the contingency plans or temporary/ad hoc changes be communicated using the CSMC for purposes of maintaining a repository for security requests placed to central.

Management action plan

a) A report to the council dealing with security is forthcoming. Administration will be seeking council direction, including the option to establish a centralized corporate security division. Although management agrees with the principle of the recommendation, the responsible party for corporate security is still to be determined.

Subsequent to the Council direction the remaining action plans or risk acceptance will be determined.

Responsible party:

Senior Manager, Facilities

Due date:

December 31, 2020

b) In the event that the contracted security vendor was unable, or unwilling to provide services, the Corporation would use emergency and sole source procedures, outlined in the Purchasing By-Law, to hire another security guard service until a permanent solution can be implemented.

Responsible party:

Senior Manager, Facilities

Due date:

Complete