Harbour Blanc Operational Control Layers
Open a conversation
Domains

Operator environments
we work inside.

Property operations is the centre of gravity. FM/technical and security-led environments are adjacent — the same structural problem appears wherever growth outpaces operational coherence.

01 — Primary
Property operators

Account-led, portfolio-led and service-heavy environments. Lease events, service charge, maintenance exceptions, client-ready reporting.

Open page
02 — Adjacent
FM / technical operators

Multi-site service delivery, BMS / CMMS / CAFM landscapes, exception handling, coordination drag across teams and tools.

Open page
03 — Adjacent
Security / site-security operators

Incident, alarm and field-response environments. Stronger alignment between systems, site reality and operational oversight under pressure.

Open page
Three operating environments · One structural problem Read the capability →
Team

Senior-led, senior-only
delivery.

A small, deliberate team. Solution design, core judgments and key engagement decisions stay with senior practitioners throughout — no juniorisation, no delegation theatre.

OC
Olha Chervatiuk
Managing Partner · Solution Lead

Leads client discovery, solution framing and product design. Hybrid background across product strategy, workflow design and AI adoption.

 TM
Timothy Mann
Principal Building Systems Advisor

UK-based operations advisor. Deep experience across security, fire safety and critical-systems environments — including G4S and ADT.

 MS
Mary Sotskova
Director of Product Analysis

Nine years across complex software environments. Stakeholder vision into structured requirements, actionable roadmaps, execution-ready backlogs.

 AS
Andrew Stokes
Associate Partner · Legal & Compliance Advisor

Compliance management and governance support across high-responsibility environments. Reviewable outputs, accountability logic, defensibility.
Four principals · No assigned juniors How we work →
Harbour Blanc / Capabilities

Operational Control Layers — the layer between systems and management reality.

The flagship capability. We design the working layer that sits between systems, people and decisions — making expensive management gaps visible and controllable inside already mature operating environments.

Centre of gravity

UK property operations
FM / technical and security adjacent

Strongest fit

Mature, high-friction environments
Where simplification is no longer realistic

Entry shape

One bounded pilot · 6–12 weeks
Narrow enough to be safe

Delivery

Senior-led problem framing & design
Trusted partners for engineering build

01 — Business framing

Growth exposes what systems alone cannot hold.

As the business grows — more clients, more portfolios, more reporting pressure, more exceptions — the problem is rarely lack of systems. It is that the systems no longer hold the operating model cleanly enough.

The result is a series of recognisable tensions. None of them is technical. All of them are commercial.

+

More clients, more coordination weight.

Each new account adds friction the operating model wasn't designed to absorb at this scale — without adding revenue at the same rate.

+

More reporting pressure than reporting trust.

Account growth and audit pressure exposes the gap between what reports formally say and what the operating team actually believes.

+

More exceptions than visible ownership.

Exceptions accumulate in email, spreadsheets and tribal knowledge — outside the formal system view, until they surface as escalation.

+

More manual stitching than recoverable capacity.

People absorb the gap. Capacity disappears into reconciliation, re-explanation and chasing — and the cost only shows up commercially.

02 — Mechanism

The data exchange layer.

Underneath every operational control layer is a data exchange layer: the working construction that connects systems, aligns records and creates the controlled exchange logic between fragmented environments.

But it is not middleware. It aligns meaning, timing, exceptions and ownership — not just data.

01

We connect systems.

Across the systems already in place — PMS, finance, CMMS, CAFM, access control, monitoring, spreadsheets, account packs. We do not require an idealised starting condition.

02

We align data.

Source-of-truth decisions, taxonomy and ontology normalisation, identifier mappings, relationship models — the structural work that turns parallel records into one coherent operating picture.

03

We create exchange logic.

What flows between systems, when, in what state, and with what review or sign-off attached. The logic is structured for accountability, not just transport.

04

We create a controlled layer between fragmented systems.

The result is not another system. It is a working control layer the business can rely on — between what is recorded, what is happening and what management actually needs to decide.

02b — Bounded entry

We usually enter through a tightly bounded pilot — not the end state.

Not broad transformation on day one. A narrow, high-value engagement that makes one expensive management gap visible, creates usable control, and opens the path to a larger operating-layer engagement on the strength of proven results.

Typical entry shape →

Operating environment

One portfolioor one account, one region

Source systems

Two or threeexisting systems of record

Timeframe

6–12 weeksstructured, reviewable

Outcomes

Three to fivemeasurable, business-relevant

Decision gate

Numericalscale or stop

Confidentiality

NDA standardsensitive engagements

03 — Operating model underneath

What sits underneath, when the layer is real.

A good control layer is more than a view. Underneath it is event logic, structural logic, source-of-truth decisions, meaning preservation, relationship design and working process logic — the unglamorous craft that makes the visible layer trustworthy.

Two ways of using data

Structure and signal — not one or the other.

The firm reads data both as structure (entities, events, identifiers, mappings, source-of-truth logic) and as operational signal (what protects margin, what reflects strain, what helps the business act now rather than report later).

This is the difference between a clean data model and a useful operating layer.

A

Data as structure.

Entities, events, records, identifiers, mappings, source-of-truth logic, process states, handoffs, relationship models. This is how fragmented environments become coherent.

B

Data as signal.

What matters for a decision. What protects delivery, margin or compliance. What is live versus decorative. What reflects real strain versus formal completion. This is how fragmented environments become useful.

Three process logics

Compliance, operations, economics — usually confused.

Mature businesses carry processes built for three different purposes. They protect different things. They are often run as if they were one thing — which is where the operating model starts to slip.

For compliance

Built to be defensible.

Satisfies formal obligations, passes review or audit, reduces regulatory or contractual risk, provides defensible documentation. Client value: keeps the business formally protected and externally defensible.

For operations

Built to keep delivery moving.

Supports real execution under live conditions: handoff friction, coordination workability, service-delivery momentum. Client value: keeps the business operationally functional under real delivery pressure.

For economics

Built to protect margin.

Reveals waste, hidden cost and decorative metrics; supports timing, prioritisation and spend decisions; distinguishes survivability from formal completeness. Client value: helps the client see what actually matters commercially, not only what is formally recorded.

Internal mechanics

The unglamorous craft.

Real control layers are made of unfashionable work — the structural decisions a senior practitioner takes early, that everything downstream depends on. We do not delegate this.

a

Data mapping & identifier alignment.

The same site, the same contract, the same asset — recognised across systems even when the names, IDs and lifecycles don't agree.

b

Taxonomy & ontology normalisation.

What counts as a lease event, an exception, a closure, an escalation — defined precisely enough to act on, not just count.

c

Source-of-truth cleanup.

For each entity and event, the deliberate decision: which system is authoritative, under what conditions, and how conflicts are resolved.

d

Orchestration & workflow structuring.

How things move across roles, systems and review points — designed for accountability, not just throughput.

e

Data quality logic.

What "clean enough" means for each decision the layer supports. Tolerances, fallbacks and escalation rules made explicit.

f

Working process logic.

The actual operating rhythm — who acts, when, on what evidence, and what gets reviewable sign-off — beneath the visible interface.

04 — Differentiator

Exception-aware design. We work where things are already messy.

Most operating-layer thinking assumes clean systems, happy paths, neat data, perfect ownership and tidy reconciliation. Mature environments don't behave that way — and pretending otherwise produces designs that fail on first contact with operating reality.

We do not assume
×

Clean systems.

Idealised starting conditions don't exist in mature environments. The work begins where the systems already are.

×

Happy paths.

The interesting load is in the exceptions — the edges where formal logic stops describing what actually happens.

×

Neat data and clean ownership.

Records are partial, ownership is informal, reconciliation is manual. We design around that, not against it.

We work where

Stale information exists.

Records that were once accurate, no longer are — and nobody quite knows when they stopped being trustworthy.

Partial workflows and workaround logic exist.

Half-finished processes, parallel sub-systems, the way things actually get done versus the way the manual says.

System outputs look cleaner than reality.

The most common starting condition. The system tells one story; the operating team is quietly carrying a different one.

05 — Method

Disciplined, non-theatrical method.

This is not open-ended transformation theatre. We enter precisely, scope tightly, structure quickly, define clearly and stay close enough to protect integrity through to live use.

Step 01

Enter precisely.

One bounded operating environment. One narrow management gap. We resist the urge to widen the scope before we have seen how the gap behaves in real conditions.

Step 02

Scope tightly.

Three to five decision-relevant outcomes. A defined timeframe. A clear decision gate at the end: scale or stop. No drift, no creep.

Step 03

Structure quickly.

Source-of-truth decisions, identifier alignment, exception taxonomy — the structural work that everything downstream depends on. Done early, by senior practitioners.

Step 04

Define clearly.

Reviewable, sign-off-ready outputs — solution design, requirements, acceptance criteria, adoption logic — that the client can stand behind under audit and pressure.

Step 05

Collaborate sensibly.

Where engineering build is required, it runs through trusted technical partners. Solution ownership, acceptance ownership and architectural control stay with us.

Step 06

Stay close enough to protect integrity.

A solution that is defined but not used well is not considered a successful outcome. We stay engaged through onboarding, adoption and live use — until the layer is actually carrying weight.

06 — Outcomes

What the business gets.

Strong operators build this layer not because they like complexity, but because maturity creates management gaps that core systems alone do not resolve. The point isn't more reporting. The point is more controllable growth.

Capacity

Absorb more complexity.

The operating model can take on more clients, more portfolios and more service intensity without proportionate increases in coordination drag.

Confidence

Improve delivery confidence.

Leadership and account teams see what is at risk, what is moving and what needs ownership — before issues become escalation.

Drag

Reduce coordination drag.

Less time burned on reconciliation, re-explanation and chasing. Stronger handoffs across roles, systems and reporting cycles.

Capacity

Recover usable capacity.

Time that was being absorbed by manual stitching becomes available for the work the operating team is actually paid to do.

Trust

Strengthen reporting trust.

Internal packs and client-facing reporting hold up under scrutiny — without reporting theatre or pre-meeting reconciliation cycles.

Survivability

Make growth more survivable.

New business stops adding friction faster than capacity. The operating model can stand behind what the commercial team is selling.

Begin

One narrow problem.
One bounded pilot.

The right starting point is usually a single, expensive management gap you can already name. Bring us that one. We'll tell you whether a bounded pilot is the right way to make it visible and controllable — or whether it isn't.

Begin a scoping call See engagement shapes
Pilot length
6–12 weeksstructured, reviewable
Scope
One portfolio · one accountnarrow by design
Outcomes
3–5 measurable signalsdecision-relevant
End state
Numerical decision · scale or stopno drift, no creep