7:45am. Board Meeting at 9am.
The property manager is at their desk. The board packet needs to go out by 8:15. The security brief is a blank document.
They have forty-five minutes, a full inbox, and the specific anxiety that comes from knowing the board chair will ask about the incident in Unit 1204 — the one that is technically closed but will sound worse without context. They will write something. It will take longer than it should. It will be longer than it needs to be. And it will not be as clear as it could have been if they had started from a structure rather than a blank page.
This is the moment most property managers in Toronto and across the GTA know well. It is the reason security briefs get written badly, or not at all, or substituted with a verbal "update" at the meeting that leaves no record, satisfies no one, and evaporates entirely if anything goes wrong later. This post ends that problem. It gives you the structure, the section logic, and the exact framing your vendor owes you before you write a single word.
The Distinction That Matters
The security brief is not an incident report. What a board-ready incident report actually looks like is a separate document — the vendor's output. The brief is yours. Its job is to synthesise what the data means for this building, this month, from the perspective of the person responsible for the property's day-to-day management.
Here is the distinction worth holding onto: the vendor produces logs. The property manager produces interpretation. The brief is the property manager's professional filter on the vendor's raw data — what matters, what can be set aside, what the board needs to know, and what the building should do next.
If the property manager is producing logs — assembling tables, sorting timestamps, chasing down incident numbers from handwritten shift records — the vendor has failed to deliver their obligation and transferred their workload upward. That is not a formatting problem. That is a scope failure dressed up as an administrative inconvenience. The brief should take fifteen minutes because the heavy lifting arrived in your inbox on the fifth. If it did not, more on that below.
A brief is also not a verbal update. The written brief travels. It reaches the board member who dialled into the meeting from Oakville and missed the verbal summary. It becomes the governance record if a claim arises in month four. It protects the property manager professionally by showing that they reviewed the data, made a judgment, and documented it. A verbal update does none of that. It evaporates when the meeting ends.
The Five Sections
1. Reporting Period Summary
Two sentences. No more.
What happened and how active the period was — written as if for a board member who has not been in the building in three weeks and needs to know immediately whether to lean in or lean back.
A clean month looks like this:
The reporting period (June 1–30) was low-activity. Three minor incidents were recorded; no Tier 3 or Tier 4 events, and the building remained on standard coverage throughout.
A difficult month looks like this:
The reporting period (October 1–31) was elevated — two Tier 2 incidents, one requiring property manager notification, and a pattern of late-night access attempts warranting a protocol review (see Forward Indicators).
Two sentences. The board knows immediately how to read what follows. If they need more detail, Sections 2 and 3 contain it. The summary's only job is to calibrate their attention before they get there.
2. Incidents at a Glance
Not the full incident log. A severity-weighted summary — five to eight rows, maximum.
Four columns: Date, Category, Severity, Status. Representative entries might read: June 4, noise complaint Unit 804, Severity 1, Closed. June 12, unauthorized elevator use by contractor, Severity 1, Closed. June 19, mailroom package theft, Severity 2, Under review.
The severity system is doing real work here. A month with twelve Tier 1 entries is a completely different story from a month with two Tier 3 entries — even if the raw count is similar. Property managers who can communicate severity rather than just quantity are telling the board something useful: not just how busy the month was, but how serious it was. Those are different things, and conflating them is how boards end up either over-alarmed about routine activity or under-prepared for genuine risk patterns. For a detailed walkthrough of what a Tier 1 versus Tier 3 entry looks like in practice, that post covers the format in full.
If the period produced nothing above Severity 2, say so explicitly: No Tier 3 or Tier 4 events were recorded during this period. A clean month deserves documentation as much as a troubled one — it tells the board the standard is holding, and it creates a baseline you can point to if something changes next quarter.
3. Forward Indicators
One to three bullets. What the data suggests about next month. Patterns worth noting before they become incidents.
This is the section most property managers skip. It is also the section that separates a brief that protects the building from one that merely records what already happened.
Let us be specific about what skipping this section actually costs. A courier company used to service a mid-rise building in Etobicoke was signing for packages at the desk without unit verification — whoever was on shift accepted the delivery, wrote a name, and moved on. Package-related complaints appeared in October, November, and December. None were flagged as forward indicators. None triggered a protocol review. In January, a high-value package went missing. The trail was cold, the footage was inconclusive, and the building spent two months managing resident relations damage it could not undo.
If December's brief had contained: Package handling complaints: 3 this month (up from 1 in October). Recommend reviewing delivery verification protocol before year-end, the board would have had the opportunity to act before the incident. They did not, because nobody flagged the pattern when the pattern was still a pattern.
A forward indicator does not need to be alarming. It can be neutral: The June mailroom event marks the second package-related incident this quarter. A third occurrence would warrant a review of the delivery access window. One line. The board reads it, notes it, and returns to it only if the pattern holds. The cost of writing it is thirty seconds. The cost of not writing it is potentially months of damage control.
4. Coverage Targets vs. Actuals
Three to five KPIs. More than five is noise.
A sensible baseline: lobby coverage hours (target 168, actual 168, on target); patrol rounds completed (target 120, actual 117, minus three — see note); average incident response time (target under 3 minutes, actual 2 minutes 14 seconds, on target).
If there is a variance, the note field explains it in one sentence. Not a paragraph — one sentence: Three rounds missed during June 14 medical response; lobby coverage maintained by second officer throughout. Done.
Here is the section most property managers skip for the wrong reason: they do not want to create a paper trail of shortfalls. That logic is backwards. A vendor shortfall that is documented and explained is a manageable operational record. It shows the property manager is monitoring performance, understands the context, and is in control of the vendor relationship. A vendor shortfall that is undocumented is a liability gap — because when something goes wrong during a coverage period the building cannot show it was aware of, the exposure is entirely different. Document the variance. Explain it. Move on. That is governance, not accusation.
5. Recommendation or Action Required
One item. If there is nothing to recommend, write: No action required at this time.
That last line matters more than it appears. "No action required at this time" is not a placeholder — it is a governance record. It tells the board that the property manager actively reviewed the data and made a professional judgment that no intervention is warranted. That is not a small thing. It is evidence of an informed decision, which protects both the property manager and the board if that judgment is ever questioned later.
If there is a recommendation, three elements: what you are recommending, why, and what approval looks like. Recommend upgrading rear parkade camera to HD resolution. Current unit produces no legible footage after dark. Estimated cost: $400 installed. Below the $500 threshold requiring board approval. That is a complete recommendation. The board can act on it in thirty seconds or table it with a reason. Either way, the record is clean.
Why Fifteen Minutes Is Accurate
Section 1 takes two minutes if you have been in the building. Sections 2 and 4 pull directly from the vendor's monthly reporting package — the incident index, patrol records, and coverage actuals. The forward indicators come from the vendor's own summary, or from your review of the Section 2 entries if you are working with a vendor who does not provide them yet. The recommendation either exists or it does not.
The reason security briefs in Ontario take ninety minutes is not that they are complex. It is that most property managers write them from a blank page, and a blank page produces an essay. An essay requires editing. Editing requires time. A template produces a brief. A brief requires only judgment — which a property manager already has.
The fifteen-minute timeline assumes the vendor has done their job. If they have not, the brief still takes fifteen minutes. It is the conversation with the vendor that comes after it that takes longer — and that is an appropriate use of time, because it is the conversation that fixes the structural problem rather than working around it every month.
What Your Security Vendor Owes You Before You Write a Single Word
If the property manager is assembling raw data themselves — sorting timestamps, compiling incident tables, chasing shift supervisors for numbers — the vendor has transferred their work. This is not a minor inconvenience. It is a scope failure, and it repeats every month until someone names it.
By the fifth of each month, your security vendor should deliver, without being asked:
- A timestamped incident index with severity ratings attached to each entry
- Patrol records with specific area checkpoints and completion times
- Coverage hours versus contracted hours, broken out by week
- A written forward-indicators summary — patterns they observed, anomalies worth flagging, anything that warrants attention before the next reporting period
That package is what makes a fifteen-minute brief possible. It is also what distinguishes a security vendor from a security staffing agency — one produces intelligence, the other produces bodies.
If this package does not arrive by the fifth, call your vendor on the fifth. Not the fifteenth. Not the morning of the board meeting, when you are already forty-five minutes out from 9am. The fifth. That is when the expectation is set and held. A vendor who consistently fails to deliver structured monthly reporting by the fifth is telling you something about how they operate, and that information is worth having before a board meeting rather than during one.
For more on what a board-ready security report looks like from the vendor side, and for the legal documentation obligations behind these records in Ontario, both posts are worth reading alongside this one. Reach us directly if you want to understand what Chromium Guard's monthly reporting package includes and how it feeds into the brief template above.
The Return on a Well-Formatted Brief
A board that trusts the security function asks fewer questions at meetings. One that does not asks many. The brief is the fastest mechanism available for building that trust systematically — month after month, without requiring anything exceptional to happen. When the month is clean, the brief confirms it. When the month is difficult, the brief contextualises it. Either way, the board leaves the meeting with a complete picture rather than a partial one.
The work is: fill five sections. The return is: a board chair who taps the page twice and says "looks thorough" and moves on. That reaction — quiet, unquestioning, efficient — is what functional governance looks like at the security agenda item. It is also the property manager's clearest signal that the brief is working.
If your current vendor does not supply the data to make that possible, that is not a brief problem. It is a vendor problem. And it is the conversation to have before the next meeting is scheduled, not the morning of.
Further reading from The Chromium Journal:
Chromium Guard provides every client site with a structured monthly reporting package — timestamped incident index with severity ratings, patrol records, coverage actuals, and a written forward-indicators section — formatted to feed directly into your board brief. We serve properties across Toronto, Mississauga, Etobicoke, Vaughan, Oakville, and the broader GTA. Request a Confidential Property Assessment →