9 Important Elements in a Service Level Agreement

<h1>9 Important Elements in a Service Level Agreement</h1>Author: <a title="Bozidar Spirovski" href="http://www.articlesbase.com/authors/bozidar-spirovski/62441.htm">Bozidar Spirovski</a> It is a very frequent occurrence that the Service Level Agreement (SLA) is just an afterthought when preparing and negotiating a contract, and the buyer is usually waiting for the supplier to produce the SLA agreement. Of course, this leads to the situation in which the SLA actually protects the supplier, not the buyer.So here are the items one must do to achieve at least a reasonable if not good SLA:
<ol> 
<li>Remember that any SLA is open for negotiation, but only in initial purchase- although the supplier may propose a very rigid position on the SLA (especially common in large companies), the SLA is part of the sales process. Standing by a rigid position should immediately raise red flags that the proposed "unchangeable" SLA is protecting the supplier, not the buyer. So the best opportunity to negotiate it is during the initial RFP negotiations. Once the product/service is sold and goes into production use, the buyer has lost all power of negotiation. So be very wary to agree that you will negotiate the SLA after delivery, end of warranty or some similar wording. </li> 
<li>Define Availability as you would expect it - availability is usually calculated as a percentage of time the product under SLA is up and running. Usual numbers vary from 98% to 99.999% of the time. Now, let's examine the "time" factor in the formula. Upon first reading, a person will usually interpret that 98% will be 98% of any time measure, whether it be hour, day, month, year, century...But let's observe the following table:</li> 
<img src="http://bp2.blogger.com/_Hu1rpxRsqcU/R_SUSaPvS4I/AAAAAAAAAAg/yUN2pUfB8mM/s400/DownTime.JPG" />In a SLA contract specifying a percentage of availability per time period, the total downtime is accumulated over the entire time period. Furthermore, if there is no time period specified in the availability percentage, the default time period is the period of the validity of the contract - which is very often 1 year or more. So, if you sign a yearly contract with an SLA of 99%, it doesn't guarantee you that you will have at most 10 minutes of downtime per week. It means that you won't have more then 3.65 days (or 86 hours) of downtime over the entire year, which means that you can have full 10 8-hour workdays WITHOUT ANY SERVICE in that year. If you take the same 99%, but insist on applying it on a weekly level, you suddenly get much better odds - now, you can't have more then 1.68 hours of downtime in any of the days. So take a day of meetings in your company to define what is your maximum possible downtime per day, and use the above matrix to find the best option for you. 
<li>Always keep in mind the distinction between reaction time and correction time - During the negotiation of an SLA It is usual to have very tense negotiations to achieve a good "response time". But this umbrella term is an excellent umbrella - for the supplier! Response time is defined as the time passing between formal logging of problem and until a representative from the supplier logs a response (sends a reply on e-mail, makes a phone call or arrives on-site). So when defining the response times, ALWAYS define two or three different times: reaction time - which is equivalent to response time, workaround time - the time in which it is expected to achieve a temporary solution which will alleviate the problem and correction time - the time in which it is expected that a final solution will be found.</li> 
<li>Make precise definitions of problem severity levels and tie them in with reaction and correction times - as in my previous post, the severity of the problem can be viewed differently by the buyer and supplier. So, define a clear matrix of severity levels, and have a clause which states that if severity level differently, the view of the buyer prevails. A sample of severity levels are presented in the table below:</li> 
<img src="http://bp3.blogger.com/_Hu1rpxRsqcU/R_Sz3qPvS5I/AAAAAAAAAAo/aBVl6JBCRrY/s400/RespTime.JPG" /> 
<li>Define response time for all levels of severity - naturally, the buyer should expect faster reaction and correction for more severe problems. When defining the severity levels, in each one include at least the expected reaction time and workaround time.</li> 
<li>Define channels of communication and escalation - At first glance a very simple thing, but one that is very often a reason for not being able to dispute the SLA contract. For the problem to be considered properly reported, the supplier will expect a report from an authorized person to specific persons via email, fax number or phone. Any deviation from the agreed upon process is an excellent reason for not meeting SLA parameters on the grounds of "not being informed". So always have at least three authorized persons for problem reporting, and modify internal procedures so these persons are the first to be informed of a problem. The same is true for the escalation of problems to higher levels, should the problem persist.</li> 
<li>Define the conditions under which the SLA criteria are applied to a problem - It is not uncommon in SLA agreements to see that the SLA criteria start to apply from the time of problem reporting from the buyer to the supplier. This is an element usually insisted upon by the supplier, since it offloads the burden of monitoring and reporting on the buyer. By the time the problem is reported, the actual problem is already existent for several minutes up to half an hour. Even more so, there are products for which the supplier cannot perform the monitoring and cannot conclude that a problem is occurring. So although this point will not be applied in the contract, adjust internal procedures so that the authorized persons of the buyer IMMEDIATELY report the problem to the supplier. Internal metrics can be even applied to this process, to identify internal lags in communication.</li> 
<li>Define measurements and reporting - An SLA is useless if you can't measure and document each problem length properly. So the buyer should keep track of problems, with info on the severity, duration of problem, reaction time and correction time, with all relevant e-mails and messages exchanged. Tracking can be achieved with something as simple as an excel sheet, all it requires is regular update. </li> 
<li>Tie in penalties and contract back-out options - this is the actual big stick in the SLA. Breach of SLA parameters should be tied to serious penalties and possibility for contract termination. When defining penalties, always strive to define them in monetary value payable immediately upon breach of SLA. Also, you should try negotiate a penalty that has an exponential growth with each further hour of SLA breach. Do not accept a penalty to be compensated with other goods or services from the same supplier, since the supplier will value such services at sales price in the refund, while their internal costs for such services are significantly lower, thus reducing the actual loss of the supplier in SLA breach</li> 
</ol> 
 About the Author: Speaker Spirovski Bozidar, CISSP, MCSA 
 
Spirovski Bozidar is an ICT and security expert. Mr. Spirovski has worked in information management and security since 1999 His professional experience includes from Head of Systems and Security of an ISP, and Senior Solution Designer within an Incumbent Telco Opator. Bozidar currenty holds the position of a Chief Information Security Officer for bank, member of a large multinational group. 
He has been involved as a guest speaker in a multitude of international conferences on information systems in CEE, covering the subjects of Personal Data protection and EU regulations, Risk Analysis and Business Continuity and Reliable Data hosting. 
 
He is the author of the ShortInfosec Portal (<a target="_blank" href="http://www.shortinfosec.net)">http://www.shortinfosec.net)</a>Article Source: <a href="http://www.articlesbase.com/">ArticlesBase.com</a> - <a href="http://www.articlesbase.com/strategic-planning-articles/9-important-elements-in-a-service-level-agreement-438294.html" title="9 Important Elements in a Service Level Agreement">9 Important Elements in a Service Level Agreement</a>

It is a very frequent occurrence that the Service Level Agreement (SLA) is just an afterthought when preparing and negotiating a contract, and the buyer is usually waiting for the supplier to produce the SLA agreement. Of course, this leads to the situation in which the SLA actually protects the supplier, not the buyer.So here are the items one must do to achieve at least a reasonable if not good SLA:

Remember that any SLA is open for negotiation, but only in initial purchase- although the supplier may propose a very rigid position on the SLA (especially common in large companies), the SLA is part of the sales process. Standing by a rigid position should immediately raise red flags that the proposed "unchangeable" SLA is protecting the supplier, not the buyer. So the best opportunity to negotiate it is during the initial RFP negotiations. Once the product/service is sold and goes into production use, the buyer has lost all power of negotiation. So be very wary to agree that you will negotiate the SLA after delivery, end of warranty or some similar wording.

Define Availability as you would expect it - availability is usually calculated as a percentage of time the product under SLA is up and running. Usual numbers vary from 98% to 99.999% of the time. Now, let's examine the "time" factor in the formula. Upon first reading, a person will usually interpret that 98% will be 98% of any time measure, whether it be hour, day, month, year, century...But let's observe the following table:

Always keep in mind the distinction between reaction time and correction time - During the negotiation of an SLA It is usual to have very tense negotiations to achieve a good "response time". But this umbrella term is an excellent umbrella - for the supplier! Response time is defined as the time passing between formal logging of problem and until a representative from the supplier logs a response (sends a reply on e-mail, makes a phone call or arrives on-site). So when defining the response times, ALWAYS define two or three different times: reaction time - which is equivalent to response time, workaround time - the time in which it is expected to achieve a temporary solution which will alleviate the problem and correction time - the time in which it is expected that a final solution will be found.

Make precise definitions of problem severity levels and tie them in with reaction and correction times - as in my previous post, the severity of the problem can be viewed differently by the buyer and supplier. So, define a clear matrix of severity levels, and have a clause which states that if severity level differently, the view of the buyer prevails. A sample of severity levels are presented in the table below:

Define response time for all levels of severity - naturally, the buyer should expect faster reaction and correction for more severe problems. When defining the severity levels, in each one include at least the expected reaction time and workaround time.

Define channels of communication and escalation - At first glance a very simple thing, but one that is very often a reason for not being able to dispute the SLA contract. For the problem to be considered properly reported, the supplier will expect a report from an authorized person to specific persons via email, fax number or phone. Any deviation from the agreed upon process is an excellent reason for not meeting SLA parameters on the grounds of "not being informed". So always have at least three authorized persons for problem reporting, and modify internal procedures so these persons are the first to be informed of a problem. The same is true for the escalation of problems to higher levels, should the problem persist.

Define the conditions under which the SLA criteria are applied to a problem - It is not uncommon in SLA agreements to see that the SLA criteria start to apply from the time of problem reporting from the buyer to the supplier. This is an element usually insisted upon by the supplier, since it offloads the burden of monitoring and reporting on the buyer. By the time the problem is reported, the actual problem is already existent for several minutes up to half an hour. Even more so, there are products for which the supplier cannot perform the monitoring and cannot conclude that a problem is occurring. So although this point will not be applied in the contract, adjust internal procedures so that the authorized persons of the buyer IMMEDIATELY report the problem to the supplier. Internal metrics can be even applied to this process, to identify internal lags in communication.

Define measurements and reporting - An SLA is useless if you can't measure and document each problem length properly. So the buyer should keep track of problems, with info on the severity, duration of problem, reaction time and correction time, with all relevant e-mails and messages exchanged. Tracking can be achieved with something as simple as an excel sheet, all it requires is regular update.

Tie in penalties and contract back-out options - this is the actual big stick in the SLA. Breach of SLA parameters should be tied to serious penalties and possibility for contract termination. When defining penalties, always strive to define them in monetary value payable immediately upon breach of SLA. Also, you should try negotiate a penalty that has an exponential growth with each further hour of SLA breach. Do not accept a penalty to be compensated with other goods or services from the same supplier, since the supplier will value such services at sales price in the refund, while their internal costs for such services are significantly lower, thus reducing the actual loss of the supplier in SLA breach

Speaker Spirovski Bozidar, CISSP, MCSA

Spirovski Bozidar is an ICT and security expert. Mr. Spirovski has worked in information management and security since 1999 His professional experience includes from Head of Systems and Security of an ISP, and Senior Solution Designer within an Incumbent Telco Opator. Bozidar currenty holds the position of a Chief Information Security Officer for bank, member of a large multinational group.
He has been involved as a guest speaker in a multitude of international conferences on information systems in CEE, covering the subjects of Personal Data protection and EU regulations, Risk Analysis and Business Continuity and Reliable Data hosting.

He is the author of the ShortInfosec Portal (http://www.shortinfosec.net)

Rate this Article:

5 / 5 stars - 8 vote(s)

Re-Publish

Article Source: http://www.articlesbase.com/strategic-planning-articles/9-important-elements-in-a-service-level-agreement-438294.html

Article Tags: Sla, Service Level Agreement, Service Management

Related Videos
Related Articles
Ask / Related Q&A

Play

Grade Level and Special Education

Play

Lower Water Level Pool Winterizing

Latest Strategic Planning Articles
More from Bozidar Spirovski

Starting a Business—A Five Step Reality-Check to Evaluate Your Own Idea

By: Jim Delapa | 18/12/2009
One of the most frequently asked questions we receive is, "How can I be sure my new business will succeed?"

Ensure a Successful Software Conversion with These Tips

By: S. Daggle | 18/12/2009
This article goes in to some details about several key factors that companies need to keep in mind when they're trying to successfully implement a new software package. These things should all be discussed and thought through before any implementation begins. Not only will they raise some key questions, but they will also help in developing the best plan for each organization.

Simple Guidelines on Writing a Workable Business Plan

By: acicoinvestments.blogspot.com | 18/12/2009
Have you ever considered putting down a business plan? Many people have considered it a hard task and left it in the hands of experts......

Does Use It Or Lose It Apply to Body And Mine?

By: H. Bernard Wechsler | 17/12/2009
Entrepreneurs are defined by Risk-Taking. Errors are part of learning. Recent Brain research indicated we learn better and remember longer when we make errors. Start now.

Power of Leverage. Leverage Your Business Efforts for Greater Growth and Profits

By: Ben Frank Jr. | 17/12/2009
There are 5 things that you can leverage that you can use to make millions in business: money, experience, ideas, talents, and work. We all have our strengths as well as our weaknesses, but individuals who use leverage are never lacking anything because they know how to fill in the gaps. By understanding how to use leverage to accomplish more with less, you can reach any goal and achieve success at levels higher than you may have ever even imagined.

Cost Benefit Analysis Template

By: Rebecca Kruger | 16/12/2009
Are you looking for a Cost Benefit Analysis Template? A cost benefit analysis template is going to save you significant time and money and make the generation of your cost benefit analysis fast and easy to implement. Generally you can get hold of a lot of templates online including a cost benefit analysis template.

What is a SWOT Analysis?

By: Peter Moore | 16/12/2009
Are you good at planning and telling others what your strengths and weaknesses are? Have you sat down and worked out how your small business is going to work and made a plan for yourself? Ever heard of a SWOT analysis? This is how it could help you.

The Future of Internet competition

By: Zoran Slavkovic | 16/12/2009
Creating a strong Internet brands will require more knowledge and work in the future. Clash of cultures will certainly be obstacles to success, in any form of partnership. Strategic positioning will be the basis for achieving sustainable competitive advantage, because the nature of Internet applications makes it difficult to maintain operational efficiency at a higher level of competition.

Reorganize the it to Become Business Oriented

By: Bozidar Spirovski | 04/07/2008 | Strategic Planning
There are opinions that IT is very difficult to implement a Business Oriented IT. Supposedly, corporations just look at IT is a "spender of money". Here is a suggested process which will convert IT department into a respected business unit.

Blueprint - Successful it Organization

By: Bozidar Spirovski | 04/07/2008 | Management
Different types of organizations have different views of IT. Usually, there are two general organizations: a Corporate IT and a Service Provider IT. There is a HUGE difference in the way things work in those IT organizations. By comparing these two organizations, here is a blueprint of a functional IT organization.

6 Steps to Securing Your Backup Media in Transport

By: Bozidar Spirovski | 14/06/2008 | Security
Companies use significant resources to secure their production systems. The security of backup elements of the same infrastructure, especially the backup files are overlooked. This lack of security can be an excellent opportunity for an attacker.

Is Skype a Good Corporate Tool?

By: Bozidar Spirovski | 09/06/2008 | Information Technology
The new age of information technology is strong in all corporations, and people understand that there are fast and easy methods of communication that haven't been available before. One of the most modern being the Instant Messaging tool, in any form possible. And the most popular form of the day is Skype. Read on for an analysis of how applicable Skype is to a corporate environment

Understanding Penetration Testing Methodology

By: Bozidar Spirovski | 06/06/2008 | Security
Every company has the responsibility to organize and perform penetration testing (pen-test) of its premises and systems at certain intervals. However, few companies understand the process of penetration testing and usually rely on the supplier to provide all direction. This article discusses the pen-test methodology, and items that every company should know about the penetration test