kentoh - Fotolia


Why SLA compliance should be top of mind for IT leaders

Service-level agreements are critical to measuring agreed-upon metrics and ensuring accountability of both parties. Learn more about the importance of SLA compliance in IT.

Service-level agreements, or SLAs, are business contracts between product or service providers and customers. SLAs document specific services to be provided, metrics that measure service performance and remedies for nonperformance. Logically, avoiding noncompliance in any SLA requirements is the primary result.

SLAs are not limited to vendors and customers. In fact, they may be applied to any arrangement in which something -- such as an activity or process -- is to be performed by one party for another party to an agreed-upon level of performance. For example, it is not uncommon for IT departments to establish SLAs with business units regarding the delivery of specific actions by IT. Most departments can execute an SLA with another department or departments for the provision or completion of a specific activity. In practice, SLAs with vendors are more common and are often the subject of discussion and dissention between participants based on satisfaction of an SLA's parameters.

It is critical that IT leaders understand the importance of SLA compliance and how to best comply with expectations therein. Here, learn more about the typical components of SLAs, what metrics to expect in SLAs specific to IT and why monitoring is critical to ensuring SLA compliance.

Types of SLAs

IT product or service providers, cloud service providers, network service carriers and corporate IT organizations create SLAs with internal customers to establish expectations and evaluate vendor performance. SLAs come in three different forms:

  1. Service-based SLAs. This form of SLA is for a service; it sets the same parameters for all customers using that service.
  2. Customer-based SLAs. This SLA is based on an agreement between a provider and an individual customer and covers all services being provided to that customer.
  3. Multilevel SLAs. This form of SLA focuses at the corporate level and is applied to all users in an organization. Multilevel SLAs are used to avoid duplicate or conflicting agreements across the organization.

Components of SLAs

SLAs typically include all or most of the following components; compliance with each of these components is essential:

  • description of services to be provided;
  • scope of the services;
  • location(s) where services are to be provided;
  • responsibilities and duties of the service provider;
  • responsibilities and duties of the service recipient;
  • description of acceptable performance levels;
  • metrics to be used to evaluate performance;
  • processes to monitor, track and evaluate performance;
  • processes to resolve poor performance;
  • remedies for failure to provide acceptable performance, time frames and escalation procedures;
  • protection of intellectual property, as applicable;
  • compliance with legislation, standards, regulation and acceptable practices; and
  • termination of the agreement.

From a compliance perspective, parties to the SLA must agree on what is to be provided, the metrics to be satisfied, the method of monitoring and reporting service delivery, and remedies for failure to satisfy SLA requirements.

Each of the above components can be treated as an SLA compliance requirement. Users must decide which aspects of service provisioning are the most important from a business perspective, and these can be specified in compliance documents.

Checklist of key SLA features
A sampling of key features that may be included in an SLA

SLA compliance requires monitoring

Compliance can perform the monitoring function in an SLA relationship, ensuring SLA agreements are followed precisely. After all, the result is satisfaction of the SLA requirements for however long the SLA is required.

An SLA may require that IT systems be restored within eight hours of a disruption, based on an agreed-upon recovery time objective, for example. Or, following disruption of local access facilities, an SLA may require the recovery of network connectivity to the internet within four hours. It may also be based on the time required to complete a failover from primary to backup servers -- for example, within one hour.

To get the most out of an SLA, IT leaders should consider preparing a table of SLA compliance monitoring activities, such as the following.

Image of a sample table for monitoring SLA metrics for compliance
Consider using a table to monitor SLA compliance and ensure all SLA metrics are met.

SLA compliance can be occasionally overlooked by IT management due to the number of projects, workloads and the inevitable handling of emergencies they are faced with. Considering a loss of service -- with failure or delay by the service provider to do its job fixing the problem -- could result in a serious disruption to the business, compliance with SLAs is an essential activity.

Dig Deeper on Risk management and governance

Cloud Computing
Mobile Computing
Data Center
and ESG