What is an SLA? Best Practices for Service Level Agreements

In this digital economy, we all have expectations about a level of service that ensures the stability and availability of IT services at any time, as we do not wish for interruptions or downturns in the middle of transactions, processes or operations inside and outside the company. These needs have made it clear why the Service-Level Commitment ( SLC exists), in which the service provider commits to deliver a certain quality of service, with certain standards such as performance, customer service, security and compliance, among others. Many times, these same standards are part of a contract or agreement between the service provider and the customer receiving the service. This contract is called a Service-Level Agreement which describes:

• Specific details and scope of services provided, including priorities, responsibilities and guarantees.
• Specific, expected and measurable services at minimum or objective levels.
• Informal or legally binding aspects.
• Descriptive monitoring and reporting guidelines.
• Detailed procedures of issue management.
• Detailed fees and expenses.
• Duties and responsibilities of the client.
• Disaster recovery procedures.
• Termination clauses of the agreement.

As can be seen, there is a responsibility on both sides (the client and the service provider), in addition to defining courses of action in unforeseen situations. To monitor SLA compliance, IT strategists must have comprehensive monitoring tools and platforms that are capable of delivering powerful reports such as Pandora FMS (by days, hours, weeks). There are also resources such as the Uptime calculator (uptime of a machine or server, available and in service) made available by Pandora FMS.

Importance of SLAs

Based on the fact that an SLA defines the guidelines and responsibilities for the service provider-customer relationship to be successful, it is possible to manage the expectations of the customer who receives the service in terms of delivery time or response to an unforeseen problem, for example, that causes it to last longer than expected. By having written service standards and compliance metrics, the SLA helps to set customer expectations on a realistic basis, while building confidence in the quality of the service committed. On the supplier’s side, there is a commitment to what they offer in their service and it is clear that the customer can demand compliance with what has been agreed.

Of course, each service will have its own standards. To assess quality and determine SLA compliance, performance metrics are established, such as availability, uptime, error rate, response times, resolution and recovery, first call resolution rate, security, among other aspects. Monitoring these metrics with the right information is critical to the success of an SLA.

In terms of benefits of an SLA, we can name the following:

• Clear communication: The SLA clearly spells out the roles and responsibilities of stakeholders, processes, and problem-solving channels. This allows for effective communication both internally and externally.
• Better quality of service and customer support: The SLA defines performance metrics associated with services, processes, and associated customer experiences as benchmarks.
• Business continuity: The SLA establishes downtime policies and recovery procedures to minimize disruption and quickly solve technical issues.
• Lower risk: SLA allows IT teams to be proactive in risk management, as the right information can anticipate potential risks and threats, as well as make contingency plans to avoid or mitigate these issues.

In this blog post you may see some tips on how to use and take advantage of an SLA: SLA compliance: Tips for avoiding miscommunication.

Evolution of SLAs and industries that use them

SLAs arose from the need arising from the growing acquisition of information technology services. According to ComputerWeekly, IT outsourcing emerged in the late 80s, so it was necessary to lay the foundations of relationships between customers and service providers on supplier performance expectations, possible penalties for non-compliance or even bonuses for excellence in compliance. Initially, SLAs were written for a particular project. Over time, the adoption of managed services and cloud computing increased, causing SLAs to evolve in response to the need for shared services. New procurement methods were established that were broader and aimed at meeting the needs of clients. Of course, SLAs are subject to change, especially with the integration of new technologies or new local and international regulatory or compliance requirements.

However, the application of an SLA can take place in several industries, for example:

• Network service providers: With a network service provider, you may set your network availability at 99.999% in the SLA. If availability is lower, the supplier must compensate its customers, subject to agreed penalties. For mission-critical services, this is critical.
• IT service providers: In the SLA, the specifications of the services to be delivered are agreed, along with inclusions and exclusions, conditions of availability, responsibilities of each party, etc., and there are also penalties or bonuses based on their performance.
• Managed Service Providers: The SLA details both the customer services that are required, as well as the level of performance expected from the Managed Service Provider (MSP), aligned with the technology and/or business objectives.
• Cloud computing and Internet Service Providers: Both the cloud and the internet are large-scale infrastructures and can severely impact customers’ businesses if something goes wrong. The SLA can stipulate minimum acceptable levels, speed and responsiveness of cloud performance, application availability and uptime, data durability, support agreements, and egress.
• Corporate IT organizations practicing IT service management: In more robust companies, an SLA can also be established between the company’s internal customers and its IT department, agreeing on service standards and performance metrics.

How can Pandora FMS help with SLAs?Pandora FMS has different tools to exhaustively control the SLAs of your client/supplier. It has SLA reports, segmented by hours, days or weeks. That way you can visually assess where the defaults are. In this video, we show how reports can also be scheduled in a way that makes it easier for your IT team members to monitor.

Key Components of an SLA

A service level agreement sets out the stakeholders along with a summary of each party’s responsibilities, including expected outcomes with performance metrics. The agreement also specifies the duration period and all services included along with details on procedures for monitoring service performance, as well as procedures for problem solving, dispute handling, penalties and compensation. In other words, the SLA includes:

• Stakeholders.
• Detailed description of services hired and their features.
• Service exclusions and scopes.
• Service performance, with defined metrics.
• Compensation in case of non-compliance.
• Levels of security, including data protection and regulatory compliance.
• Risk management and disaster recovery, including actions in extraordinary situations.
• Monitoring and reporting of services.
• Periodic review and change processes.
• Agreement termination/cancellation process.
• Signatures of interested parties.

Types of SLAs and examples

The most common types of SLAs are:

• Customer-based SLA: A contract with a customer that covers all services used by that customer. For example, in the relationship between you as a customer and the telecommunications operator. It uses voice, SMS and data services of the telecommunications operator. For all these services there is only one contract between the client and the telecommunications operator, in which the level of customer service for the services provided is agreed.
• Internal SLA: This SLA involves only stakeholders within the organization. Here the service level of the customer consultation service will be the same for all customers who will use this service. For example, if the finance department and the human resources department are two customers who will use this service, the same SLA will be valid between the IT service provider and these two departments because it is a service-based SLA.
• Multi-level SLAs: Aspects of the SLA are defined according to the customer’s organization using some sort of hierarchy with general definitions relevant to all subordinate levels. As it can be inferred, this SLA focuses on the customer’s organization. All services and their interrelationships with subordinate services are used when defining the structure of the multi-level service level agreement. For example, a multi-level external SLA might include a general section aimed at all customers, while another section applies only to customers who purchased a specific package or subscription—and a multi-level internal SLA might start with terms that apply to all departments, but have specific subsections that only refer to sales and IT.

SLA Level Validation

Commitments and compliance metrics need to be monitored and tracked because it reduces the chances of not delivering quality service to internal and external customers, as well as providing an important resource in case agreed service levels are not met. This becomes more important as organizations are extending their business ecosystems and the fact that there are external companies that are themselves customers who also expect a level of service. In addition to this, there are the IT service providers or managed services involved in delivering quality services. It is in these scenarios that automation tools become more relevant to capture and demonstrate performance data, in case of having to make an indemnity clause applicable.

As explained above, an SLA defines service expectations, but also provides courses of action and consequences if obligations are not met. In the event of any breach, the same SLA defines the disciplinary measures and penalties, which may be legal sanctions or some economic restitution for the impact on the availability and/or quality of service, and must also previously establish the scope and limits of the penalties. Along the lines of that, an indemnification clause can be defined, in which one of the parties (the compensating part) accepts full responsibility for any damage or loss suffered by the other party for any SLA breach. Although these clauses are usually unilateral (they only benefit one of the parties), some service providers include it as an additional guarantee on their service standards.

It is also important to consider a “Force Majeure” clause, considering events of force majeure, which prevent some compliance and which are presumed to be beyond the control of the parties and of an unforeseeable nature at the time of the conclusion of the contract.

Another important thing is that you may also define earnings (earn backs). Some service providers include a clause in which they are allowed to recover already paid service credits. This gives providers the ability to recover service credits that were lost by not meeting minimum performance standards. Providers recover credits by performing at or above the standard service level for a specified period of time.

SLA Performance Metrics

SLAs include performance indicators (KPIs) to measure service delivery. These metrics must be associated with a business objective. The criteria that can be taken to select performance metrics are:

• Relation to the objectives of the company or department for which the metric is established.
• Objectives and measurable, both for the client and the service provider.
• Understandable to all parties involved.
• Continuous monitoring.

It is also important for metrics must give the necessary elements to motivate the correct behavior under reasonable control. Likewise, metrics should provide data collection in order to establish action plans in case of deviations or non-compliance.

When should an SLA be reviewed and why update it?

The review of an SLA depends entirely on the company and vendor involved, and the needs and requirements of both parties. It may be an annual or semi-annual review, although, in accordance with ITIL continuous improvement practices and the dynamic nature of the services, it should be reviewed and updated whenever service changes are proposed or promised. It is recommended to adjust any changes that have an impact on the desired objectives of the organization such as hours of service, availability, uptime, response times, etc. For example:

• Changes in business needs: A newly created e-commerce site or app, for example, will likely have more aggressive availability needs as it adds more users.
• Technology is becoming more reliable: There are lower fault rates, especially with the adoption of technologies such as Artificial Intelligence or Machine Learning that automate tasks and optimize the use of services.
• Changes in workload by the customer, company or supplier. For example, work teams grow or shrink, or changes in work hours.
• Adjustments to metrics, measurement tools, or processes. Any changes to these standards must be reflected in the SLA to know if it is complied with or not.