The Decision That Outlasts the Award
In secure facility operations, the self-perform versus subcontract decision is not a philosophical debate. It is a risk-allocation choice. It determines response time, technical depth, compliance exposure, and how defensible the commercial model looks in a year-three audit.
It is also the decision that quietly outlasts the contract award. A sourcing model chosen on labor-rate math alone is the model the buyer inherits when readiness slips, when an incident report needs a single owner, and when the next renewal arrives.
What the Evidence Actually Says
The published evidence does not endorse an absolute answer. It endorses a capability-based one.
McKinsey’s facilities-management sourcing research identifies a consistent pattern: in manufacturing environments, soft services such as landscaping and janitorial are commonly outsourced, while hard services such as utility-equipment maintenance are typically kept in-house. McKinsey also documents an indirect-procurement function that was outsourced, missed savings, and was insourced again — after which the company achieved additional cost reductions of more than 10 percent in just over a year.
GAO’s 2023 F-35 sustainment review reaches a parallel conclusion from the defense side. The program relied heavily on the contractor to lead sustainment, technical data and training gaps degraded readiness, and fleet mission-capable rates sat near 55 percent in March 2023. GAO concluded that DoD needed to reassess the future mix of government and contractor roles. The lesson translates directly to secure-facility operations: when the mission depends on technical knowledge, documentation access, and real-time decision authority, overreliance on external control degrades responsiveness.
The principle is consistent: keep control where failure is expensive. Buy flexibility where capacity is volatile. Govern the interface with measurable outcomes.
Three Models, One Decision
Self-performed is strongest when services are mission-critical, technically sensitive, or dependent on retained site knowledge and direct response authority. Cleared, trained technicians produce the response time and audit defensibility that secure portfolios require. McKinsey explicitly notes that utility-equipment maintenance is usually retained in-house in manufacturing. In secure spaces, the same logic applies to most hard services.
Subcontracted is the right commercial choice for standardized, lower-criticality, or variable-demand services where specialist scale and supplier competition outweigh the value of retained internal labor. McKinsey’s documented savings cases — a 15 percent reduction at a retailer, more than $150 million over three years at a global financial institution — came from category clarity, supplier consolidation, and sourcing discipline. Not from subcontracting alone.
Hybrid is usually the safest model in secure manufacturing and defense industrial-base portfolios. Critical hard services and incident response stay under direct control. Soft services and overflow flex through an integrated partner. Vendor consolidation in FM produces compounding benefit only when the integration runs through one governed operating model — not when it produces administrative consolidation without operational control.
Three Disciplines That Make Any Model Hold Up
The model is only half of a defensible decision. The other half is how the solicitation is written.
Classify work by mission consequence, not by trade name. If downtime affects production continuity, life safety, controlled environments, or classified operations, the presumption should favor self-performance or hybrid with direct retained control.
Write outcome-based requirements. FAR 37.601 and 37.602 require measurable standards and methods for assessing performance. That means response-time bands, preventive-compliance targets, rework thresholds, audit documentation requirements, and escalation protocols — all defined before competition. A vague statement of work pushes risk into execution, where it costs more.
Build trust through transparency. McKinsey’s collaboration research consistently links open cost information and supplier-health visibility to durable supplier performance. CBRE’s 2024 procurement research finds that supplier-health visibility is now the leading response to financial-stability risk. Trust is operationalized through evidence, not sentiment.
How IH Services Sees It
R³ Secure FacilityOPS™ is a self-performed, Lean-disciplined, integrated operating system for secure spaces. The model exists because the F-35 lesson is the secure-facility lesson: when readiness depends on retained know-how and documentation, control cannot drift to a vendor stack.
That does not mean every scope is self-performed. It means the scope that matters is.
Finally — A Defensible Decision Is a Documented One
A buyer who can explain, in plain language, why each scope is self-performed, subcontracted, or hybridized — and tie each choice to an outcome the contract measures — survives audit, survives renewal, and survives leadership change.
That is the only field guide secure-facility procurement actually needs.
Get the full research brief. The Secure Facility Buyer’s Field Guide: Self-Performed, Lean, Integrated synthesizes McKinsey, GAO, DOE, IFMA, CBRE, and Deloitte evidence on the three decisions defining secure facility-management sourcing today.
Q&A
Q: When should a secure facility self-perform facility services? A: When the work is mission-critical, technically sensitive, or dependent on retained site knowledge and direct response authority. McKinsey notes utility-equipment maintenance is typically kept in-house; GAO’s F-35 review shows that gaps in technical data and control can undermine readiness when sustainment is overly contractor-led.
Q: When is subcontracting the better commercial choice? A: For standardized, lower-criticality, or variable-demand services where specialist scale and supplier competition outweigh the value of retained internal labor. McKinsey’s documented savings cases came from category clarity and supplier consolidation — not from outsourcing alone.
Q: Is a hybrid model usually the safest choice for secure manufacturing? A: Often yes. Hybrid models keep critical hard services and incident response under direct control while outsourcing soft services, overflow, or specialty tasks. McKinsey also notes that external integrators can be useful temporarily when spend data are poor or suppliers are fragmented.
Q: What should be in the solicitation regardless of model? A: A defensible solicitation defines required outcomes, measurable standards, assessment methods, and incentives. FAR 37.601 and 37.602 are explicit on these elements. Federal buyers should also require reporting transparency, governance cadence, and savings-validation mechanisms to preserve discipline after award.