Why security contractor performance requires its own framework
Security contractors occupy a unique position in the facility vendor landscape. Unlike cleaning or maintenance vendors, the consequences of underperformance aren't limited to a dirty building or a delayed repair, they include safety incidents, regulatory violations, and in high-profile environments like airports and schools, significant public liability.
At the same time, security contractor performance is often evaluated less rigorously than other facility services. The work is harder to inspect visually, the metrics are less intuitive, and the relationship with the contractor is often managed separately from the broader facility management function.
The result is a systematic gap: organisations that have sophisticated performance frameworks for their cleaning and maintenance vendors are often managing security contractors on a largely informal basis.
This article covers how to build a structured performance evaluation framework for security contractors, with specific considerations for the three sectors where accountability matters most, airports, schools, and public facilities.
What security contractor performance actually covers
Security contractor performance spans several distinct dimensions, each requiring a different measurement approach.
Operational presence and coverage. Are contracted posts being filled at all times? Are response times within the building or campus meeting the agreed standard? Coverage gaps, shifts not filled, posts left unstaffed, are the most basic form of security contractor underperformance and one of the most common.
Incident response quality. When incidents occur, is the response appropriate, proportionate, and well-documented? Response quality is harder to measure than coverage but ultimately more important. Poor incident response can create liability even when the contractor was physically present.
Documentation and reporting. Are daily occurrence reports being submitted? Are incident reports complete, accurate, and submitted within the required timeframe? The quality of security documentation is itself a performance indicator, and in a dispute or regulatory inquiry, it's often the most important one.
Compliance. Are all officers licensed as required under applicable security regulations? Are background check requirements being met? Are training and certification records current? Security contractor compliance requirements are typically more stringent than for other facility services, and the exposure for non-compliance is more direct. For a practical system to track vendor compliance across your portfolio, the principles apply regardless of vendor type.
Professionalism and conduct. Are officers presenting appropriately, interacting professionally with building occupants, and maintaining required standards of conduct? This is particularly important in public-facing environments like airports and schools, where the contractor's staff are often the most visible security presence occupants encounter.
Sector-specific considerations
Airports
Airport security contractors operate in a heavily regulated environment, with performance standards set not just by the contract but by aviation security regulations and in many cases by civil aviation authorities.
Key performance areas specific to airports include:
Access control compliance. Are all access points secured according to the airport security plan? Are exceptions documented and authorized? Access control failures can trigger regulatory penalties that fall on the airport operator, not the contractor.
Screening performance. Where security contractors are involved in passenger or staff screening, screening accuracy and compliance with standard operating procedures need to be tracked separately from general security performance.
Regulatory audit readiness. Aviation security is subject to regular inspection by regulatory authorities. Is the contractor maintaining documentation to the standard required for these audits?
Airside/landside protocol compliance. Are officers following required procedures for airside access? Even minor protocol violations in an airside environment have significant regulatory implications.
Schools and education facilities
Security contractors in educational settings have a distinct profile of responsibilities and risks. Performance evaluation in schools needs to account for:
Visitor management compliance. Are visitor check-in and identification requirements being consistently enforced? Are protocols for unrecognised individuals being followed?
Student safeguarding protocols. Do officers understand and follow safeguarding obligations? In educational settings, the interaction between security staff and students requires specific training and clear behavioural guidelines.
Emergency response readiness. Are officers trained in and familiar with the school's emergency response procedures? Regular drills and documented participation are essential performance evidence.
Communication protocols. Are officers communicating promptly with school administration about incidents and concerns? The speed and quality of communication to school leadership is as important as the physical response.
Public facilities
Public facilities, government buildings, transit hubs, cultural venues, often involve a mix of access control, crowd management, and emergency response responsibilities. Performance evaluation should include:
Access control effectiveness. Are prohibited persons being identified and appropriately managed? Are access denial decisions being documented?
Crowd management capability. During high-traffic periods or events, is the contractor managing crowd flow safely and in accordance with agreed procedures?
Public interaction standards. In public-facing environments, the manner of officer interaction with members of the public is a performance metric in its own right. Complaints from the public about security staff conduct are a direct performance indicator.
Coordination with statutory authorities. How effectively does the contractor coordinate with police, fire, and emergency services? Documented examples of effective (and ineffective) coordination are valuable performance data.
Building a performance evaluation framework
A practical security contractor evaluation framework combines quantitative metrics with qualitative assessment.
Quantitative metrics to track monthly:
- Post fill rate (contracted hours filled / contracted hours)
- Incident report submission compliance (submitted on time / total incidents)
- Response time to incidents (from notification to officer arrival, by priority level)
- Compliance deficiencies identified per audit cycle
- Complaint rate (complaints per month or per 1,000 occupant-days)
Qualitative assessment quarterly:
- Professionalism and conduct of officers (observed and reported)
- Quality of incident reports (completeness, accuracy, timeliness)
- Account manager responsiveness and proactivity
- Emergency response readiness (based on drill participation and debrief quality)
Scoring both dimensions and tracking them over time creates a performance picture that is both comprehensive and objective.
The compliance dimension: non-negotiable requirements
Unlike many other facility service categories, security contractor compliance isn't just good practice, it's legally and operationally non-negotiable. Specific requirements vary by jurisdiction, but typically include:
- Individual officer licensing (renewed as required by regulation)
- Background screening at hire and periodically thereafter
- Security training certifications appropriate to the work
- Sector-specific training (aviation security, working with minors, etc. as applicable)
- Industry-standard documentation practices
Maintain a compliance record for each officer assigned to your facility, not just for the contracting company as a whole. Compliance at the company level doesn't guarantee compliance for the individuals working on your site.
Making performance evaluation part of the relationship
Security contractors that are evaluated rigorously and transparently generally perform better over time than those that are managed informally. Sharing performance data with your contractor consistently, and in the context of a structured review, creates a shared accountability framework that most professional security companies respond to positively.
Where performance issues arise, having documented evidence of the issue, the conversation, and the agreed corrective action is essential, both for managing the contractor and for protecting your organisation's position if the situation escalates. Running regular vendor site audits is one of the most effective ways to generate that documentation proactively.
Evalystar gives facility and security teams a single platform to track contractor performance, document compliance, and manage reviews across multiple sites, so that security contractor accountability is integrated into your broader vendor management approach. See how it works.