Written by Michael Magee, Director of Service Development at Intelligent Buildings
Are you getting the most from your operational technology (OT) vendor service contracts or are your vendors doing the same work year after year? Renewing service contracts can often feel like a routine task, yet it potentially influences the operational efficiency and security of your properties. Are the tasks and responsibilities in the current renewal changing to meet current goals and updated policy alignment, or is the vendor just presenting the previous contract at a higher rate? As your tenants’ expectations grow and operating budgets shrink, it is crucial to maximize every dollar spent. This includes making sure your service contracts keep pace with current best practices and adapt to meet the unique conditions of your property.
At Intelligent Buildings, we’ve seen checklists prove effective in keeping your property management systems efficient, secure, and tailored to your requirements. These checklists facilitate negotiations by aligning goals across vendors and systems, enabling swift evaluation of their ability to support critical property operations safely and securely. Your property may already have a checklist that includes established key performance indicators (KPIs) and service-level agreements (SLAs). This existing format can be extended to encompass proactive service measures, operational resilience support, and adherence to the property’s cybersecurity policies.
The outsourcing of OT services requires a vigilant assessment process to ensure that contracted firms align with your property’s operational objectives and security mandates. Every property manager should approach service contracts with a goal-driven mindset, seeking not just to fulfill immediate operational needs but to secure long-term asset value. This article gives examples of key considerations that can be added to any service contract to help support operational efficiency and promote operational efficiency.
General Topics: From site visits to equipment lists, ensure you have a comprehensive understanding of what is covered, how the service provider handles sensitive data, as well as procedures that impact service delivery. Some examples are:
- A device inventory or detailing maintained equipment, noting any exclusions or restricted services.
- Schedule for replacing computers, server, and network equipment and a clear protocol for destruction of devices and data.
- Requirement to return all property-related information upon request.
- Reveal any electronic account-related data on servers, cloud, or portable media.
Service Delivery: Define clear service-level standards and expectations to avoid confusion and ensure your vendors know exactly what is expected of them. Some examples are
- Response times by issue type: Two hours for major issues, four hours for after-hour issues, and next business day for minor issues, etc.
- Response times by issue type: Two hours for major issues, four hours for after-hour issues, and next business day for minor issues, etc.
- Rate sheet in the contract detailing costs for weekend, after-hours, and non-contract work.
- Requirement for service providers to schedule required maintenance visits to prevent coverage lapses.
- List of tasks that are meaningful to property operations. Annual obsolescence reports for devices, controllers, or software that may become obsolete, discontinued, or unsupported.
Cybersecurity: With the increasing interconnectivity of building management systems (BMS’s), securing your OT systems is not negotiable. Your checklist should include rigorous standards for cybersecurity to safeguard against vulnerabilities. Some examples are:
- Maintain and periodically audit a user list and level of access.
- Securely back up, maintain, patch, and update all software, firmware, and operating systems, clearly noting any exceptions.
- Provide annual end-of-life reports for any devices, controllers, or software that may become obsolete or unsupported.
- Notify the owner in writing immediately upon discovery of any cybersecurity breach affecting system confidentiality, integrity, or availability.
Contracting Workflow: Implement best practices that integrate the vendor’s work into your team’s current operations, ensuring every contracting process supports your strategic objectives. Some examples include.
- List of team members that will be working on the project and escalation paths.
- Property Managers, supported by their company’s cybersecurity program or lead IT administrator, should determine the most relevant elements for their needs and discuss these with the service provider.
- All new and renewal OT system service contracts must be reviewed by the company’s IT department or an approved cybersecurity partner to ensure compliance and security.
A structured OT Vendor Checklist not only guides property teams in making informed vendor selections but also empowers them to assertively challenge and negotiate service contracts. This proactive involvement is essential in managing a variety of service contractors, each with their unique delivery methods and service standards, to mitigate operational risks effectively.
In conclusion, a well-implemented OT Vendor Checklist is more than just a procedural requirement; it is a strategic asset that enhances operational efficiencies and fortifies the security posture of your properties. By taking control of your service contracts, you’re not just managing properties—you’re enhancing value and securing peace of mind.
Since 2004, Intelligent Buildings has been supporting commercial building portfolios. Please reach out directly to talk about developing your own OT vendor checklist or any other challenges you may be having with your properties. We will meet you wherever you are on your smart building journey.