Take Control of Your Security

Service Level Agreements (SLAs), Key Performance Indicators (KPIs) and Liability:

Accountability: Hold your service providers accountable for delivering on their promises. Implement service level agreements and define key performance indicators with your providers – this establishes clear expectations, measures effectiveness and holds the service providers to account.? ?

Something to think about when drafting SLAs and defining KPIs.

Sub-100% targets: If you set KPI targets below 100% for various security functions, you are ultimately acknowledging a certain level of failure.

Potential for insurance claims disputes: The insurer might contest claims if your service provider consistently fails to meet KPIs. The insurer could argue that such underperformance contributed to the security breach/incident, potentially leading to reducing or denying the claim.

Evidence of negligence: While consistently failing to meet KPIs might not prove "gross negligence," it may serve as evidence of a breach of duty of care and potentially contribute to a finding of negligence. This might strengthen your (the client) position in legal action against the service provider.

Examples of possible situations which might be deemed “gross negligence”. ?

·???????? Failing to address known non-conformances, which negatively impact security system performance,

·???????? Misrepresenting incident details and omission of facts (performance data) to conceal failure to meet obligations,

·???????? Inadequate staff competency and/or training which leads to increased risk exposure.

In conclusion, as the client, you are ultimately responsible for the protection and security of your premises. A consistent failure by your service provider to meet agreed-upon KPIs and to take corrective action to remedy non-conformances could be considered negligence on your part, thereby increasing your liability.

Don't let the bad guys win!