Organizations can struggle to understand what service-level agreements (SLAs) are required and how they can differ depending on the service type. In addition, these other challenges can also cloud an organization’s knowledge of SLAs:
SLAs need to have clear, easy-to-measure objectives, to meet expectations and service level requirements, including meaningful reporting and remedies to hold the provider accountable to its obligations.
This project will provide several benefits and learnings for almost all IT workers:
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.
Understand key components and elements of an SLA.
Properly evaluate an SLA for required elements.
1.1 SLA overview, objectives, SLA types, service levels
1.2 SLA elements and objectives
1.3 SLA components: monitoring, reporting, and remedies
1.4 SLA checklist review
SLA Checklist
Evaluation Process
SLA Checklist
Evaluation Process
SLA Checklist
Evaluation Process
SLA Checklist
Evaluation Process
Apply knowledge of SLA elements to create internal SLA requirements.
Templated SLAs that meet requirements.
Framework to manage SLOs.
2.1 Creating SLA criteria and requirements
2.2 SLA templates and policy
2.3 SLA evaluation activity
2.4 SLA Management Framework
2.5 SLA monitoring, tracking, and remedy reconciliation
Internal SLA Management Framework
Evaluation of current SLAs
SLA tracking and trending
Internal SLA Management Framework
Evaluation of current SLAs
SLA tracking and trending
Internal SLA Management Framework
Evaluation of current SLAs
SLA tracking and trending
Internal SLA Management Framework
Evaluation of current SLAs
SLA tracking and trending
Internal SLA Management Framework
Evaluation of current SLAs
SLA tracking and trending
Hold Service Providers more accountable to their contractual obligations with meaningful SLA components & remedies
Every year organizations outsource more and more IT infrastructure to the cloud, and IT operations to managed service providers. This increase in outsourcing presents an increase in risk to the CIO to save on IT spend through outsourcing while maintaining required and expected service levels to internal customers and the organization. Ensuring that the service provider constantly meets their obligations so that the CIO can meet their obligation to the organization can be a constant challenge. This brings forth the importance of the Service Level Agreement.
Research clearly indicates that there is a general lack of knowledge when comes to understanding the key elements of a Service Level Agreement (SLA). Even less understanding of the importance of the components of Service Levels and the Service Level Objectives (SLO) that service provider needs to meet so that the outsourced service consistently meets requirements of the organization. Most service providers are very good at providing the contracted service and they all are very good at presenting SLOs that are easy to meet with very few or no ramifications if they don’t meet their objectives. IT leaders need to be more resolute in only accepting SLOs that are meaningful to their requirements and have meaningful, proactive reporting and associated remedies to hold service providers accountable to their obligations.
Ted Walker
Principal Research Director, Vendor Practice
Info-Tech Research Group
Vendors provide service level commitments to customers in contracts to show a level of trust, performance, availability, security, and responsiveness in an effort create a sense of confidence that their service or platform will meet your organization’s requirements and expectations. Sifting through these promises can be challenging for many IT Leaders. Customers struggle to understand and evaluate what’s in the SLA – are they meaningful and protect your investment? Not understanding the details of SLAs applicable to various types of Service (SaaS, MSP, Service Desk, DR, ISP) can lead to financial and compliance risk for the organization as well as poor customer satisfaction.
This project will provide IT leadership the knowledge & tools that will allow them to:
Hold service providers more accountable to their contractual obligations with meaningful SLA components and remedies
IT Leadership doesn't know how to evaluate an SLA.
Misunderstanding of obligations given the type of service provided (SAAS, IAAS, DR/BCP, Service Desk)
Expectations not being met, leading to poor service from the provider.
No way to hold provider accountable.
SLAS are designed to ensure that outsourced IT services meet the requirements and expectations of the organization. Well-written SLAs with all the required elements, metrics, and remedies will allow IT departments to provide the service levels to their customer and avoid financial and contractual risk to the organization.
Service types
Agreement Types
Performance Metrics
Example SaaS Provider
SLA Management Framework
To understand which SLAs are required for your organization and how they can differ depending on the service type. In addition, these other challenges can also cloud your knowledge of SLAs
There are several unknowns that SLA can present to different departments within the organization:
Info-Tech has a three-step approach to effective SLAs
There are some basic components that every SLA should have – most don’t have half of what is required
Info-Tech Insight
SLAs need to have clear, easy to measure objectives to meet your expectations and service level requirements, including meaningful reporting and remedies to hold the provider accountable to their obligations.
SLAs come in many variations and for many service types. Understanding what needs to be in them is one of the keys to reducing risk to your organization.
“One of the biggest mistakes an IT leader can make is ignoring the ‘A’ in SLA,” adds Wendy M. Pfeiffer, CIO at Nutanix. “
An agreement isn’t a one-sided declaration of IT capabilities, nor is it a one-sided demand of business requirements,” she says. “An agreement involves creating a shared understanding of desired service delivery and quality, calculating costs related to expectations, and then agreeing to outcomes in exchange for investment.” (15 SLA mistakes IT leaders still make | CIO)
Most organizations don’t have a full understanding of what SLAs they require and how to ensure they are met by the vendor. Other obstacles that SLAs can present are:
55% of businesses do not find all of their service desk metrics useful or valuable (Freshservice.com)
27% of businesses spend four to seven hours a month collating metric reports (Freshservice.com)
Understand SLA Elements
Phase Content:
Outcome:
This phase will present you with an understanding of the elements of an SLA: What they are, why you need them, and how to validate them.
Create Requirements
Phase Content:
Outcome:
This phase will leverage knowledge gained in Phase 1 and guide you through the creation of SLA requirements, criteria, and templates to ensure that providers meet the service level obligations needed for various service types to meet your organization’s service expectations.
Manage Obligations
Phase Content:
Outcome:
This phase will provide you with an SLA management framework and the best practices that will allow you to effectively manage service providers and their SLA obligations.
SLAs need to have clear, easy-to-measure objectives to meet your expectations and service level requirements, including meaningful reporting and remedies to hold the provider accountable to their obligations.
Not understanding the required elements of an SLA and not having meaningful remedies to hold service providers accountable to their obligations can present several risk factors to your organization.
Creating standard SLA criteria for your organization’s service providers will ensure consistent service levels for your business units and customers.
SLAs can have appropriate SLOs and remedies but without effective management processes they could become meaningless.
Be sure to set SLAs that are easily measurable from regularly accessible data and that are straight forward to interpret.
Beware of low, easy to attain service levels and metrics/KPIs. Service levels need to meet your expectations and needs not the vendor’s.
Each step of this blueprint is accompanied by supporting deliverables to help you accomplish your goals:
SLA Tracker & Trending Tool
Track the provider’s SLO attainment and see how their performance is trending over time
SLA Evaluation Tool
Evaluate SLA service levels, metrics, credit values, reporting, and other elements
SLA Template & Metrics Reference Guide
Reference guide for typical SLA metrics with a generic SLA Template
Service-Level Agreement Checklist
Complete SLA component checklist for core SLA and contractual elements.
Service-Level Agreement Evaluation Tool
Evaluate each component of the SLA , including service levels, metrics, credit values, reporting, and processes to meet your requirements
Once you have this knowledge you will be able to create and negotiate SLA requirements to meet your organization’s needs and then manage them effectively throughout the term of the agreement.
InfoTech Insight:
Right-size your requirements and create your SLO criteria based on risk mitigation and create measurements that motivate the desired behavior from the SLA.
"Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful."
"Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way wound help keep us on track."
"We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place."
"Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project."
Contact your account representative for more information.
workshops@infotech.com 1-888-670-8889
Day 1 | Day 2 | |
---|---|---|
Understanding SLAs | SLA Templating & Management | |
Activities | 1.1 SLA overview, objectives, SLA types, service levels 1.2 SLA elements and objectives 1.3 SLA components – monitoring, reporting, remedies 1.4 SLA Checklist review |
2.1 Creating SLA criteria and requirements 2.2 SLA policy & template 2.3 SLA evaluation activity 2.4 SLA management framework 2.5 SLA monitoring, tracking, remedy reconciliation |
Deliverables |
|
|
Phase 1
Understand SLA Elements
Phase Steps
Create Requirements
Manage Obligations
An SLA is an overarching contractual agreement between a service provider and a customer (can be external or internal) that describes the services that will be delivered by the provider. It describes the service levels and associated performance metrics and expectations, how the provider will show it has attained the SLAs, and defines any remedies or credits that would apply if the provider fails to meet its commitments. Some SLAs also include a change or revision process.
SLAs come in a few forms. Some are unique, separate, standalone documents that define the service types and levels in more detail and is customized to your needs. Some are separate documents that apply to a service and are web posted or linked to an MSA or SSA. The most common is to have them embedded in, or as an appendix to an MSA or SSA. When negotiating an MSA it’s generally more effective to negotiate better service levels and metrics at the same time.
To be effective, SLAs need to have clearly described objectives that define the service type(s) that the service provider will perform, along with commitment to associated measurable metrics or KPIs that are sufficient to meet your expectations. The goal of these service levels and metrics is to ensure that the service provider is committed to providing the service that you require, and to allow you to maintain service levels to your customers whether internal or external.
There are several more common service-related elements of an SLA. These generally include:
These are construct components of an SLA that outline their roles and responsibilities, T&Cs, escalation process, etc.
In addition, there are several contractual-type elements including, but not limited to:
Service-level SLA
Customer-based SLA
Multi-level SLA
InfoTech Insight: Beware of low, easy to attain Service levels and metrics/KPIs. Service levels need to meet your requirements, expectations, and needs not the vendor’s.
The objective of the service levels and service credits are to:
Service types
There are several service types that can be part of an SLA. Service types are the different nature of services associated with the SLA that the provider is performing and being measured against. These can include:
Service Desk, SaaS, PaaS, IaaS, ISP/Telecom/Network MSP, DR & BCP, Co-location security ops, SOW.
Each service type should have standard service level targets or obligations that can vary depending on your requirements and reliance on the service being provided.
Service levels
Service levels are measurable targets, metrics, or KPIs that the service provider has committed to for the particular service type. Service levels are the key element of SLAs – they are the performance expectations set between you and the provider. The service performance of the provider is measured against the service level commitments. The ability of the provider to consistently meet these metrics will allow your organization to fully benefit from the objectives of the service and associated SLAs. Most service levels are time related but not all are.
Common service levels are:
Response times, resolution times per percent, restore/recovery times, accuracy, availability/uptime, completion/milestones, updating/communication, latency.
Each service level has standard or minimum metrics for the provider. The metrics, or KPIs, should be relatively easy to measure and report against on a regular basis. Service levels are generally negotiable to meet your requirements.
Using this checklist will help you review a provider’s SLA to ensure it contains adequate service levels and remedies as well as contract-type elements.
Instructions:
Use the checklist to identify the principal service level elements as well as the contractual-type elements within the SLA.
Review the SLA and use the dropdowns in the checklist to verify if the element is in the SLA and whether it is within acceptable parameters as well the page or section for reference.
The checklist contains a list of service types that can be used for reference of what SLA elements you should expect to see in that service type SLA.
Download the SLA Checklist Tool
As mentioned, well-defined service levels are key to the success of the SLA. Validating that the metrics/KPIs are being met on a consistent basis requires regular monitoring and reporting. These elements of the SLA are how you hold the provider accountable to the SLA commitments and obligations. To achieve the service level, the service must be monitored to validate that timelines are met and accuracy is achieved.
Too many SLAs do not have these elements as often the provider tries to put the onus on the customer to monitor their performance of the service levels. .
Service-level reports validate the performance of the service provider to the SLA metrics or KPIs. If the metrics are met, then by rights, the service provider is doing its job and performing up to expectations of the SLA and your organization.
Research shows that credit values that equate to just a few dollars, when you are paying the provider tens of thousands of dollars a month for a service or product, the credit is insignificant and therefore doesn’t incent the provider to achieve or maintain a service level.
Along with meaningful credit values, there must be a defined credit calculation method and credit redemption process in the SLA.
Credit calculation. The credit calculation should be simple and straight forward. Many times, we see providers define complicated methods of calculating the credit value. In some cases complicated service levels require higher effort to monitor and report on, but this shouldn’t mean that the credit for missing the service level needs to require the same effort to calculate. Do a sample credit calculation to validate if the potential credit value is meaningful enough or meets your requirements.
Credit redemption process. The SLA should define the process of how a credit is provided to the customer. Ideally the process should be fairly automated by the service provider. If the report shows a missed service level, that should trigger a credit calculation and credit value posted to account followed by notification. In many SLAs that we review, the credit process is either poorly defined or not defined at all. When it is defined, the process typically requires the customer to follow an onerous process and submit a credit request that must then be validated by the provider and then, if approved, posted to your account to be applied at year end as long as you are in complete compliance with the agreement and up-to-date on your account etc. This is what we need to avoid in provider-written SLAs. You need a proactive process where the service provider takes responsibility for missing an SLA and automatically assigns an accurate credit to your account with an email notice.
Secondary level remedies. These are remedies for partial performance. For example, the platform is accessible but some major modules are not working (i.e.: the payroll platform is up and running and accessible but the tax table is not working properly so you can’t complete your payroll run on-time). Consider the requirement of a service level, metric, and remedy for critical components of a service and not just the platform availability.
Info-Tech Insight SLA’s without adequate remedies to hold the vendor accountable to their commitments make the SLAs essentially meaningless.
Attaining service-level commitments by the provider within an SLA can depend on other factors that could greatly influence their performance to service levels. Most of these other factors are common and should be defined in the SLA as exclusions or exceptions. Exceptions/exclusions can typically apply to credit calculations as well. Typical exceptions to attaining service levels are:
Attention should be taken to review the exceptions to ensure they are in fact not within the reasonable control of the provider. Many times the provider will list several exclusions. Often these are not reasonable or can be avoided, and in most cases, they allow the service provider the opportunity to show unjustified service-level achievements. These should be negotiated out of the SLA.
The SLA Evaluation Tool will allow you evaluate an SLA for content. Enter details into the tool and evaluate the service levels and SLA elements and components to ensure the agreement contains adequate SLOs to meet your organization’s service requirements.
Instructions:
Review and identify SLA elements within the service provider’s SLA.
Enter service-level details into the tool and rate the SLOs.
Enter service elements details, validate that all required elements are in the SLA, and rate them accordingly.
Capture and evaluate service-level SLO calculations.
Review the overall rating for the SLA and create a targeted list for improvements with the service provider.
Download the SLA Evaluation Tool
SLA – Service-Level Agreement The promise or commitment
SLO – Service-Level Objective The goals or targets
Other common names are Metrics and Key Performance Indicators (KPIs )
SLI – Service-Level Indicator How did we do? Did we achieve the objectives?
Other common names: attainment, results, actual
Info-Tech Insight:
Web-posted SLAs that are not embedded within a signed MSA, can present uncertainty and risk as they can change at any time and typically without direct notice to the customer
Understand SLA Elements
Phase 2
Create Requirements
Phase Steps
Manage Obligations
With your understanding of the types of SLAs and the elements that comprise a well-written agreement
After creating templates for minimum-service metrics & KPIs, reporting criteria templates, process, and timing, the next step should be to work on contract-type elements and additional service-level components. These elements should include:
These templates or criteria minimums can be used as guidelines or policy when creating or negotiating SLAs with a service provider.
Start your initial element templates for your strategic vendors and most common service types: SaaS, IaaS, Service Desk, SecOps, etc. The goal of SLA templates is to create simple minimum guidelines for service levels that will allow you to meet your internal SLAs and expectations. Having SLA templates will show the service provider that you understand your requirements and may put you in a better negotiating position when reviewing with the provider.
When considering SLO metrics or KPIs consider the SMART guidance:
Simple: A KPI should be easy to measure. It should not be complicated, and the purpose behind recording it must be documented and communicated.
Measurable: A KPI that cannot be measured will not help in the decision-making process. The selected KPIs must be measurable, whether qualitatively or quantitatively. The procedure for measuring the KPIs must be consistent and well-defined.
Actionable: KPIs should contribute to the decision-making process of your organization. A KPI that does not make any such contributions serves no purpose.
Relevant: KPIs must be related to operations or functions that a security team seeks to assess.
Time-based: KPIs should be flexible enough to demonstrate changes over time. In a practical sense, an ideal KPI can be grouped together by different time intervals.
(Guide for Security Operations Metrics)
Download the SLA Template & Metrics Reference Guide
*Credit values are not standard values, rather general ranges that our research shows to be the typical ranges that credit values should be for a given missed service level
Once you have created service-level element criteria templates for your organization’s requirements, it’s time to document a negotiation position or strategy to use when negotiating with service providers. Not all providers are flexible with their SLA commitments, in fact most are reluctant to change or create “unique” SLOs for individual customers. Particularly cloud vendors providing IaaS, SaaS, or PaaS, SLAs. ISP/Telcom, Co-Lo and DR/BU providers also have standard SLOs that they don’t like to stray far from. On the other hand, security ops (SIEM), service desk, hardware, and SOW/PS providers who are generally contracted to provide variable services are somewhat more flexible with their SLAs and more willing to meet your requirements.
The goal of creating internal SLA templates and policies is to set a minimum baseline of service levels that your organization is willing to accept, and that will meet their requirements and expectations for the outsourced service. Using these templated SLOs will set the basis for negotiating the entire SLA with the provider. You can set the SLA purpose, objectives, roles, and responsibilities and then achieve these from the service provider with solid SLOs and associated reporting and remedies.
Info-Tech Insight
Web-posted SLAs that are not embedded within a signed MSA can present uncertainty and risk as they can change at any time and typically without direct notice to the customer
Understand SLA Elements
Create Requirements
Phase 3
Manage Obligations
Phase Steps
The next step to effective SLAs is the management component. It could be fruitless if you were to spend your time and efforts negotiating your required service levels and metrics and don’t have some level of managing the SLA. In that situation you would have no way of knowing if the service provider is attaining their SLOs.
There are several key elements to effective SLA management:
SLA Monitoring → Concise Reporting → Attainment Tracking → Score Carding →Remedy Reconciliation
“A shift we’re beginning to see is an increased use of data and process discovery tools to measure SLAs,” says Borowski of West Monroe. “While not pervasive yet, these tools represent an opportunity to identify the most meaningful metrics and objectively measure performance (e.g., cycle time, quality, compliance). When provided by the client, it also eliminates the dependency on provider tools as the source-of-truth for performance data.” – Stephanie Overby
SLO Attainment Tracking
A primary goal of proactive and automated reporting and credit process is to capture the provider’s attainment data into a tracker or vendor scorecard. These tracking scorecards can easily create status reports and performance trending of service providers, to IT leadership as well as feed QBR agenda content.
Remedy Reconciliation
Regardless of how a credit is processed it should be tracked and reconciled with internal stakeholders and accounting to ensure credits are duly applied or received from the provider and in a timely manner. Tracking and reconciliation must also align with your payment terms, whether monthly or annually.
“While the adage, ‘You can't manage what you don't measure,’ continues to be true, the downside for organizations using metrics is that the provider will change their behavior to maximize their scores on performance benchmarks.” – Rob Lemos
An important activity in the SLA management framework is to track the provider’s SLO attainment on a monthly or quarterly basis. In addition, if an SLO is missed, an associated credit needs to be tracked and captured. This activity allows you to capture the SLOs from the SLA and track them continually and provide data for trending and review at vendor performance meetings and executive updates.
Instructions: Enter SLOs from the SLA as applicable.
Each month, from the provider’s reports or dashboards, enter the SLO metric attainment.
When an SLO is met, the cell will turn green. If the SLO is missed, the cell will turn red and a corresponding cell in the Credit Tracker will turn green, meaning that a credit needs to be reconciled.
Use the Trending tab to view trending graphs of key service levels and SLOs.
Download the SLO Tracker and Trending Tool
Collecting attainment data with scorecards or tracking tools provides summary information on the performance of the service provider to their SLA obligations. This information should be used for regular reviews both internally and with the provider.
Regular attainment reviews should be used for:
Some organizations choose to review SLA performance with providers at regular QBRs or at specific SLA review meetings
This should be determined based on the criticality, risk, and strategic importance of the provider’s service. Providers that provide essential services like ERP, payroll, CRM, HRIS, IaaS etc. should be reviewed much more regularly to ensure that any decline in service is identified early and addressed properly in accordance with the service provider. Negative trending performance should also be documented for consideration at renewal time.
Service providers that consistently miss key service level metrics or KPIs present financial and security risk to the organization. Poor performance of a service provider reflects directly on the IT leadership and will affect many other business aspects of the organization including:
Communication is key. Poor performance of a service provider needs to be dealt with in a timely manner in order to avoid more critical impact of the poor performance. Actions taken with the provider can also vary depending again on the criticality, risk, and strategic importance of the provider’s service.
Performance reviews should provide the actions required with the goal of:
To avoid the issues and challenges of dealing with chronic poor performance, consider a Persistent or Chronic Failure clause into the SLA contract language. These clauses can define chronic failure, scenarios, ramifications there of, and defined options for the client including increased credit values, non-monetary remedies, and termination options without liability.
Info-Tech Insight
It’s difficult to prevent chronic poor performance but you can certainly track it and deal with it in a way that reduces risk and cost to your organization.
If you would like additional support, have our analysts guide you through other phases as part of an Info-Tech workshop.
Contact your account representative for more information.
1-888-670-8889
Improve IT-Business Alignment Through an Internal SLA
Data center Co-location SLA & Service Definition Template
Ensure Cloud Security in IaaS, PaaS, and SaaS Environments
Henderson, George. “3 Most Common Types of Service Level Agreement (SLA).” Master of Project Academy. N.d. Web.
“Guide to Security Operations Metrics.” Logsign. Oct 5, 2020. Web.
Lemos, Rob. “4 lessons from SOC metrics: What your SpecOps team needs to know.” TechBeacon. N.d. Web.
“Measuring and Making the Most of Service Desk Metrics.” Freshworks. N.d. Web.
Overby, Stephanie. “15 SLA Mistakes IT Leaders Still Make.” CIO. Jan 21, 2021.