Integrated Site Security Operations and Risk Support
This sample Statement of Work is structured as a non-personal services requirement for multi-site site security operations, threat monitoring, site assessments, executive movement support, and crisis response coordination. It is intended to show document shape, cadence, and deliverable logic rather than serve as a final contracting instrument.
Background and Objectives
The client operates people, sites, travel, events, and continuity-critical functions in environments where disruption may arise from criminal activity, targeted threats, protest activity, insider issues, natural hazards, or fast-moving regional incidents. The client requires a single contractor-managed program that improves situational awareness, reduces vulnerability, and supports coordinated action before, during, and after disruptive events.
The objective of this effort is to provide integrated site security operations, site assessment support, intelligence reporting, and crisis coordination in a manner that is measurable, well-documented, and scalable across locations. Services shall be performed to defined standards and delivered through a program structure that supports leadership visibility, operational readiness, and disciplined reporting.
Program Objectives
- Identify vulnerabilities early and recommend practical mitigation measures.
- Provide timely, decision-ready threat and incident information to designated stakeholders.
- Support secure operations for people, sites, travel, and special activities.
- Improve readiness for crisis, disaster, and continuity events through planning and review.
Illustrative Operating Environment
- Multi-site corporate or public-sector footprint with varying access-control maturity.
- Executive travel, leadership visibility, and periodic high-profile events.
- Routine need for ad hoc risk review, rapid notifications, and post-incident reporting.
- Requirement for clear separation between contractor management and client direction.
Scope of Services
The contractor shall furnish all personnel, supervision, management, tools, systems, communications, and other resources required to perform the services identified below, except those expressly listed as client-furnished. Work shall be coordinated through a designated program manager and executed in accordance with approved plans, reporting protocols, and escalation procedures.
2.1 Program Management and Mobilization
Provide startup planning, staffing coordination, communication trees, escalation matrices, and a quality control approach. Conduct kickoff meetings, establish reporting routines, and maintain a current roster of program points of contact.
2.2 Threat Monitoring and Intelligence Support
Monitor relevant threat developments, produce routine and ad hoc intelligence products, support travel or event-specific risk reviews, and elevate significant developments with concise recommended actions.
2.3 Site Assessments and Readiness Reviews
Conduct site surveys and physical security reviews focused on perimeter conditions, access control, post coverage, emergency procedures, and observable operational weaknesses. Deliver prioritized findings and mitigation recommendations.
2.4 Site Security Operations and Executive Support
Provide protective staffing, movement planning, advance coordination, venue reviews, route considerations, and event support as authorized. Where required by jurisdiction or scope, personnel shall maintain applicable licenses and credentials.
2.5 Crisis, Incident, and Disaster Response
Support incident coordination, notifications, accountability workflows, continuity support, disaster-response planning, and after-action review. Surge services may be activated through written authorization or task-order direction.
2.6 Documentation and Action Tracking
Maintain incident logs, assessment findings, corrective action trackers, and monthly program summaries. Document all material changes to operating posture, open risks, and status of recommended mitigations.
Staffing and Qualifications
The contractor shall provide personnel with experience appropriate to the assigned function and operating environment. Key personnel shall demonstrate professional judgment, concise written communication, and the ability to work within documented protocols and escalation requirements.
Illustrative Key Roles
- Program Manager
- Site Security Operations Lead
- Threat Intelligence Analyst or Intelligence Lead
- Assessment Lead
- Crisis Response Coordinator
Minimum Expectations
- Relevant security, intelligence, law enforcement, military, emergency-management, or corporate security background.
- Demonstrated experience with incident reporting, risk assessment, and stakeholder briefing.
- Current first aid or CPR credentials for field-facing roles when required by scope.
- Jurisdiction-specific licensing, screening, and background requirements met before deployment.
Deliverables and Reporting Cadence
Deliverables shall be submitted electronically unless otherwise directed. Dates below are illustrative and should be adjusted to the actual contract structure, mobilization timeline, and operating tempo.
| Deliverable | Illustrative Due or Frequency | Minimum Content Standard |
|---|---|---|
| Transition and Mobilization Plan | Within 10 business days of award | Staffing approach, points of contact, escalation paths, mobilization milestones, credentialing assumptions. |
| Program or Site Security Plan | Within 30 calendar days of mobilization | Post concept, coverage assumptions, emergency actions, reporting workflow, communication protocols. |
| Weekly Intelligence Summary | Weekly, by agreed reporting day | Notable incidents, developing threats, near-term outlook, recommended posture adjustments. |
| Ad Hoc Threat Bulletin | As required for validated incidents or emerging risk | Concise incident synopsis, likely impact, affected geography or population, recommended immediate actions. |
| Assessment Report | Within 10 business days of each site visit | Executive summary, prioritized findings, supporting observations, photographs if authorized, mitigation roadmap. |
| Incident Report | Initial report within 4 hours; final within 24 hours unless otherwise approved | Timeline, persons involved, actions taken, notifications made, open issues, immediate next steps. |
| Monthly Program Review | Monthly, by 5th business day | Staffing status, incident trends, KPI summary, open actions, requested decisions or approvals. |
| After-Action Review | Within 10 business days following incident or exercise | What occurred, what worked, what failed, corrective actions, ownership, and follow-up dates. |
Performance Standards and Quality Assurance
The contractor shall maintain an internal quality control process sufficient to ensure services are delivered on time, to standard, and in a format suitable for client action. Performance may be monitored through report review, random sampling, post checks, stakeholder feedback, meeting minutes, and acceptance of deliverables.
| Service Area | Illustrative Standard | Validation Method |
|---|---|---|
| Staffing Coverage | 100% of approved posts or shifts filled, or alternate coverage approved in advance. | Roster review, supervisor checks, shift records. |
| Critical Incident Escalation | Notify designated point of contact within 15 minutes of awareness of a critical incident. | Incident logs, notification timestamps, client confirmation. |
| Routine Intelligence Reporting | Weekly summary delivered on agreed schedule and in decision-ready format. | Deliverable acceptance and periodic stakeholder review. |
| Assessment Delivery | Final report issued within 10 business days of site review unless extended in writing. | Submission dates, acceptance tracking. |
| Corrective Action Tracking | Open actions updated within 5 business days of any status change. | Action tracker audit and monthly review. |
| After-Action Documentation | After-action review completed within 10 business days following event or exercise. | Deliverable review and closure confirmation. |
Roles, Responsibilities, and Furnished Items
Client or Agency Responsibilities
- Provide designated points of contact for operational, administrative, and emergency coordination.
- Provide access to approved sites, floor plans, current post orders, and relevant SOPs as available.
- Review and accept deliverables, provide timely feedback, and approve material scope changes.
- Identify any government- or client-furnished systems, workspace, credentials, or communications tools.
Contractor Responsibilities
- Provide all personnel, supervision, equipment, communications, documentation tools, and management support required to perform the work.
- Maintain applicable licenses, insurance, screening, and training for deployed personnel.
- Manage schedules, substitutions, escalation procedures, and quality control without direct day-to-day supervision by the client.
- Safeguard client information and maintain records sufficient to support audits, invoicing, and performance review.
Period and Place of Performance
Period of Performance
- Illustrative base period: 12 months.
- Illustrative option periods: up to four 12-month options.
- Transition period may be required at contract start or follow-on turnover.
- Surge or incident-specific support may be ordered separately in writing.
Place of Performance
- Client sites as identified in tasking or post schedules.
- Remote support from contractor operations or intelligence functions as authorized.
- Temporary travel in support of assessments, executive movement, events, or incident response.
- Hours of support vary by location, mission requirement, and approved operating posture.
Compliance, Assumptions, and Exclusions
- This example assumes a non-personal services arrangement in which the contractor manages its own workforce and supervision.
- Operations shall be conducted in accordance with applicable federal, state, and local laws, site policies, and client-approved procedures.
- Any armed coverage, specialized equipment, or jurisdiction-specific credentialing shall be separately authorized and priced if not included in the base scope.
- Contractor personnel do not possess law-enforcement authority unless separately commissioned by the proper jurisdiction.
- Privacy, confidentiality, and evidence-handling requirements shall be defined in the final contract package and supporting attachments.
- FAR-aligned recordkeeping, invoicing support, and audit-ready documentation may be required for public-sector buyers.
Acceptance and Approval
Final acceptance criteria, invoicing terms, and authorized ordering procedures shall be defined in the executed contract, task order, or purchase instrument. The lines below are included only to complete the document mockup.