Corporate security isn't a guard at a desk — it's a layered program of access control, reception, monitoring, and officers. Here's how to build one, whether to outsource, and what it actually costs.
For an office tower, a corporate campus, or a multi-site company, security isn't a single guard at a desk — it's an integrated program that layers electronic access control, professional reception, camera monitoring, and a guard force into one coherent posture. Done well, it protects people, property, and information while staying nearly invisible to the employees and visitors who move through the building every day. Corporate security also carries a legal weight that a parking-lot patrol does not: an employer has a duty to provide a workplace free of recognized hazards, and a poorly run program is not just a loss risk but a liability exposure. This guide covers what a corporate security program actually includes, how to size it to your building and risk, the build-or-buy decision, the workplace-violence obligations behind it, and what it all costs.
A corporate program combines access control and reception, CCTV monitoring, a guard force (fixed posts plus patrol), and — at larger organizations — a security operations center that ties it together, usually priced as a managed monthly program. Unarmed guard bill rates run about $22–$40/hr and armed or executive-floor posts higher; a single 24/7 post costs roughly $130,000–$438,000 a year depending on the rate, and a full building needs several posts. Outsourcing bundles labor, insurance, and management into one rate; in-house gives more control but adds overhead; many large firms run a hybrid. Underneath it all sits a legal duty of care — OSHA's General Duty Clause, and in California a specific workplace-violence-prevention mandate under SB 553.
What corporate and office security actually covers
The phrase "corporate security" hides a lot of distinct functions. In a real program each of these is a defined post or responsibility, not a vague expectation of the guard on shift:
- Lobby reception and concierge-security — the front-desk officer is the face of the building. This post blends hospitality and security: greeting employees and guests, directing traffic, watching the entrance, and enforcing the badge and visitor policy without making the lobby feel like a checkpoint. In Class A office buildings this role is often explicitly staffed as "concierge security," and officer presentation, communication, and judgment matter as much as vigilance.
- Access control and badging — issuing, provisioning, and de-provisioning credentials; managing the badge database; and enforcing which credential opens which door. When an employee is terminated, the badge is killed the same day; when a badge is lost, it's deactivated and reissued with a clean audit trail.
- Visitor management — pre-registering guests, verifying identity, issuing temporary passes, notifying hosts, and logging every arrival and departure. Done well it's both a security control and a good first impression.
- After-hours and multi-tenant coverage — nights, weekends, and holidays, when the building is nearly empty and a single officer may be the only person on site. In a multi-tenant tower the security program often serves the landlord and common areas, while individual tenants layer their own suite-level coverage on top — a coordination problem that has to be settled in the contract.
- Loading dock, mailroom, and threat screening — the back of the house is where most unscreened people and packages enter. Dock officers control vendor and delivery access, and mailroom screening (visual inspection, and at higher-risk organizations X-ray or a dedicated screening protocol) intercepts suspicious packages before they reach an executive floor.
- Executive-floor and principal protection — C-suite floors, boardrooms, and executive residences or travel may warrant tighter access, dedicated officers, or coordination with an executive-protection detail. This is where corporate security shades into personal protection and where armed posture is most often justified.
- Emergency and incident response — documented procedures for medical events, evacuation, active-threat and workplace-violence situations, severe weather, and bomb threats, with officers trained and drilled to execute them.
The best programs integrate these so the officer at the lobby, the access-control system, and the camera network operate as one — not three disconnected pieces staffed by people who don't talk to each other.
The GSOC: the brain of a larger program
Once an organization runs more than a handful of sites, the coordinating layer becomes a Global (or Security) Operations Center — a GSOC. A GSOC is a staffed room (or a virtual, remotely-staffed equivalent) that monitors alarms, camera feeds, and access-control events across the enterprise; watches travel-risk and threat intelligence for employees and facilities; dispatches officers and coordinates with local law enforcement; and serves as the single point of contact during an incident. For a single office, a GSOC is overkill — the lobby officer and a modest camera system suffice. For a multi-building campus or a company with dozens of sites, the GSOC is what turns scattered posts into one program: it standardizes response, keeps a centralized record, and means an alarm at 3 a.m. reaches a trained operator instead of ringing into an empty room. Many mid-size companies buy GSOC-style monitoring as a service from their guard provider rather than building one in-house, which keeps 24/7 coverage affordable without staffing a room around the clock.
Workplace-violence prevention and the duty of care
Corporate security is not only a loss-prevention function — it's how an employer meets a legal obligation to keep its workforce safe. Under the federal Occupational Safety and Health Act, the General Duty Clause (Section 5(a)(1)) requires employers to provide a workplace "free from recognized hazards that are causing or are likely to cause death or serious physical harm." OSHA has repeatedly applied this clause to workplace violence: where the hazard is recognized and feasible controls exist, an employer that fails to act can be cited. There is no single federal workplace-violence standard, so OSHA leans on the General Duty Clause plus published guidance, which points employers toward a written prevention program, threat assessment, reporting channels, training, and physical-security controls — exactly the things a corporate security program provides.
California has gone further. Senate Bill 553, effective July 1, 2024, requires most California employers to establish, implement, and maintain a written Workplace Violence Prevention Plan, keep a violent-incident log, train employees, and record and investigate incidents — enforced by Cal/OSHA. If you operate in California, corporate security is now tied directly to a specific statutory mandate, and your program and your guard provider's incident documentation should be built to support it. Even outside California, aligning to that structure is defensible practice, because it maps cleanly onto the General Duty Clause expectation. A guard provider experienced in corporate work should be able to speak fluently to how its post orders, reporting, and training feed your workplace-violence-prevention obligations rather than treating them as your problem alone.
Layered, tiered coverage by building size and risk
There is no single "corporate security package." The right program scales with the building's size, tenancy, and risk profile. The table below sketches how coverage typically tiers up:
| Site profile | Typical coverage model | Guard footprint |
|---|---|---|
| Small single-tenant office (<100 staff, low risk) | Business-hours lobby officer + access control + basic CCTV | 1 unarmed post, ~40–50 hrs/week |
| Mid-size office / low-rise (100–500 staff) | Extended-hours lobby + roving patrol + visitor management + monitored CCTV | 2–3 unarmed posts, some after-hours coverage |
| Class A tower / multi-tenant | 24/7 lobby concierge-security + dock officer + patrol + integrated access & camera monitoring | Several posts across shifts, supervisor |
| Corporate campus / HQ | Layered posts, roving vehicle patrol, GSOC-style monitoring, emergency-response team | Multi-post 24/7 with on-site management |
| High-threat / high-value (data, executives, targeted) | All of the above plus screening, executive-floor control, and selective armed posts | Armed + unarmed mix, dedicated leadership |
The organizing principle is defense in depth: a public lobby, then badged employee floors, then hardened sensitive areas (data centers, executive suites, R&D), each a layer an intruder would have to defeat in turn. You spend the most protection where the loss would hurt the most, not uniformly across the whole footprint.
Tailgating: the free attack that beats a $50,000 access system
The most common breach of a corporate building isn't a hacked badge reader — it's tailgating: someone simply following an authorized employee through a door held open out of politeness. No technology stops it, because the door opened legitimately; the intruder just walked in behind. This is why access control and a human presence are complementary, not redundant. Defeating tailgating takes design and behavior a card reader can't provide: a staffed reception or turnstile at the main entrance, anti-tailgating hardware (mantraps or optical turnstiles) at sensitive points, a visible-badge policy so strangers stand out, and — most importantly — officers and employees trained not to hold secure doors for people they don't recognize. The lesson generalizes: expensive access technology only works when a security culture and, at key points, a guard back it up. A reader with no one watching the door it protects is half a control.
Technology and guard-force convergence
For most corporate sites, access control is the backbone the rest of the program hangs on, and cameras are its memory — but neither is self-executing. A modern access system uses badges or mobile credentials to govern who can enter which areas and when, logging every event so a lost badge is killed instantly and an investigation has a clear trail. Video surveillance, increasingly with AI analytics that flag a forced door, a loitering figure, or a person in a restricted zone, covers entrances, common areas, and sensitive spaces. The trend in corporate security is convergence: the guard force, the access-control system, and the camera network operating as a single, integrated posture rather than three silos. A camera that flags an event is only useful if an officer sees the alert and responds; a forced-door alarm means nothing if no one is watching the panel it lights up. The officer's real job in a mature program is to operate and enforce the technology — staffing reception, handling exceptions, responding to alarms and credential misuse — which is exactly why the ability of a provider to integrate its people with your systems is a top selection criterion. A badge reader with no one watching the alarm it raises is only half a control.
Unarmed vs. armed in a corporate setting
The overwhelming majority of corporate posts are unarmed, and that's usually the right call. In a lobby or an office environment the security value is presence, access enforcement, customer-facing judgment, and calm response — none of which requires a firearm, and a weapon in a crowded corporate lobby introduces liability and escalation risk that most companies don't want. Armed posts are justified in narrower cases: sites handling cash or high-value goods, facilities that have received credible threats, executive-protection contexts, or locations in genuinely high-crime settings. Armed officers carry higher bill rates, stricter training and licensing requirements, and greater liability, so the decision should be a deliberate risk judgment, not a default. Many corporate programs settle on a mix: unarmed officers across most posts, with armed coverage reserved for the loading dock, cash handling, or an executive floor. Our guide to armed vs. unarmed security guards works through the deterrence, liability, cost, and training tradeoffs in detail.
What corporate security costs: bill rate vs. pay rate
Corporate programs are usually quoted as a managed monthly program, but the real number underneath is the bill rate — the hourly amount you pay the provider — and it's built from a pay rate, the wage the officer actually receives. The gap between them, typically a 35–55% markup, is not pure profit: it covers the employer's payroll taxes, workers' compensation (a meaningfully higher-hazard class for security), general and professional liability insurance, uniforms and equipment, recruiting and training, supervision, scheduling, billing, and the provider's margin. When a competitor's bill rate looks suspiciously low, the pay rate underneath is usually being squeezed — which shows up later as turnover, unfilled shifts, and officers who don't know your building.
Outsourced unarmed corporate bill rates typically run $22–$40 an hour in most metros, with access-control-trained and Class A concierge-security officers toward the top of that band, and armed or executive-floor posts reaching $45–$75+ an hour. The key figure for budgeting is a single continuously staffed post: 24/7/365 coverage runs roughly $130,000–$438,000 a year across the rate spectrum (about 8,760 hours a year times the bill rate), and a full building needs several posts across shifts. Cost drivers that move your rate include the local wage market and cost of living (an officer in a high-cost metro costs more than a national average), officer skill and clearance requirements, armed vs. unarmed, shift differentials for nights and weekends, holiday premiums, contract length (one-year agreements commonly price 15–25% below short-term), and total volume across sites. Our security cost guide breaks down exactly how these rates are assembled.
In-house vs. contract vs. hybrid
Every company running an ongoing program eventually faces the build-or-buy choice:
| Contract (outsourced) | In-house (proprietary) | |
|---|---|---|
| Speed to deploy | Fast | Slow (hire, train, license) |
| Liability & insurance | Shifted to the provider | You carry it |
| Cost structure | One bill rate (wage + margin + overhead) | Lower base wage, but you absorb benefits, workers' comp, turnover |
| Control & loyalty | Less direct; officers work for the vendor | Maximum; officers are your employees |
| Management load | Provider handles HR, scheduling, compliance | You own HR, scheduling, compliance |
| Scalability | Flexes up and down easily | Rigid; every change is a hiring or layoff event |
Contract security is faster, shifts liability and HR to the provider, and scales up and down easily — the right choice for most companies. In-house (proprietary) security offers maximum control, loyalty, and continuity but adds recruiting, training, licensing, benefits (typically +20–30% over base wage), higher-hazard workers' comp, and turnover management, all of which you own. Many large organizations land on a hybrid: a small in-house security leadership team — a director of security, threat-assessment staff, a GSOC — that sets policy and owns the program, directing an outsourced guard force that supplies the labor. The hybrid captures the strategic control of proprietary security and the flexibility and lower overhead of contract labor, which is why it's common at the enterprise level.
SLAs, post orders, and KPIs
A corporate contract is only as good as what it obligates the provider to do and how you measure it. Three documents do that work. Post orders are the site-specific playbook for each position — exactly what the lobby officer does, who they call, how they handle a fire alarm or an aggressive visitor, and what gets logged; vague or missing post orders are the single most reliable sign of an amateur program. A service-level agreement (SLA) sets the standards the provider is contractually held to: shift fill rate (the percentage of scheduled hours actually staffed — 98%+ is a reasonable target), maximum unfilled-shift and response times, supervisor visit frequency, uniform and appearance standards, and reporting cadence. KPIs are how you audit performance against the SLA month over month: fill rate, officer turnover on your account, incident volume and resolution, patrol-tour completion (often verified electronically), report timeliness, and training compliance. A provider that welcomes being measured on these — and brings its own dashboard — is telling you something good; one that resists is telling you something too. The mechanics of tying this into an enforceable, well-insured contract are covered in our security guard contracts and insurance guide.
When one provider's quote comes in well below the others, the difference is rarely efficiency; it's the wage paid to the officer standing in your lobby. Underpaid officers turn over fast, so you get a revolving cast of people who don't know your building, your executives, or your emergency plan — the opposite of what corporate security is supposed to provide. Worse, an unrealistically low bill rate can signal a provider cutting corners on workers' comp, liability insurance, or licensing, which shifts risk back to you if something goes wrong on your premises. Ask any low bidder to break out the pay rate and the coverage behind the number. If they won't, that is your answer.
How to vet a corporate-experienced firm
Beyond a valid state license and adequate insurance, corporate buyers should weigh: the provider's ability to integrate its guard force with your access-control and camera systems, and to staff a GSOC or monitoring function if you need one; officer quality and training for customer-facing reception, de-escalation, and workplace-violence and emergency response; supervision and reporting you can actually audit against an SLA; officer turnover on comparable accounts (a revolving cast undermines the familiarity that makes corporate security work); demonstrated experience with your duty-of-care and workplace-violence obligations (and, in California, SB 553 specifically); and, for multi-site companies, the ability to standardize coverage, technology, and reporting across every location. Ask for corporate references in your industry and building class, request sample post orders and reporting, and confirm the firm has run programs at your scale before. Comparing several licensed providers side by side is the fastest way to see who genuinely does corporate work versus who is stretching a patrol business into a market they don't know. For a parallel look at a high-stakes specialty program, our hospital and healthcare security guide shows how far training and compliance demands can go in a regulated setting.
Ready to build or upgrade your program? Get free quotes from licensed corporate security companies, explore corporate security services, or browse vetted providers in Los Angeles and Chicago.
Frequently asked questions
What does corporate security include?+
How much does corporate security cost?+
Should we use in-house or outsourced (contract) corporate security?+
What is a GSOC in corporate security?+
Are employers legally required to provide corporate security?+
Share this guide



