Understanding the role of service-level agreements and the best way to use them are crucial skills for IT managers.
A service-level agreement, or SLA, is a written document that defines the expectations for both the client and the provider of the service. They have been around for years, typically as part of a contract with a telecom provider or Web-hosting service. Nowadays, however, the use and scope of SLAs have expanded, and they are commonly used for both external and internal service functions.
SLAs have to be reasonable. Clients must understand the provider's capability to actually deliver and support what both parties agreed to. For internal SLAs, the business units' expectations may often exceed what IT is capable of delivering. IT shops must make sure business units understand what realistic service levels are as well as the capabilities of the IT staff.
For clients, an SLA clearly defines their expectations of performance -- including system availability, performance metrics, contingency plans in the event of an outage, escalation procedures and even financial penalties for failure. For service providers, an SLA outlines client responsibilities, parts of the service that are crucial to the customer, downtime schedules, emergency contacts during unexpected outages, dispute resolutions, procedures for upgrading or modifying the agreement and billing practices.
By clearly defining the expectations of both parties, well written SLAs can help reduce the risk of litigation and lost business from misaligned assumptions. After all, a client's idea and a vendor's idea of exceptional or even acceptable service may vary greatly. An SLA presents the opportunity to adjust the expectation levels of both parties, to quantify roles and responsibilities and define satisfaction levels.
A service-level agreement should define the following components:
The services provided -- These services might include Web hosting, application hosting, email and call centers.
The scope of the services – identifies who provides the hardware and software and maintains backups. This component can also define the skill level of the staff performing the services. The wider the scope, the higher the cost, so think carefully about which services you really need.
Responsibilities for both parties -- define each party's role in the agreement. For example, this component can specify who maintains and updates hardware and software or who performs upgrades and implements changes. Again, it can also spell out the level of expertise required for support personnel.
Availability and performance guarantees -- These guarantees identify critical areas such as usage monitoring, minimum and target baselines, tools and metrics, estimated usage, expected peak periods, reporting tools, critical business hours and defined maintenance periods.
Incident management -- This element defines what an incident is and its severity, who will be notified and how quickly, who will respond, how long the vendor has to resolve the problem and how often updates are issued during an outage.
Change control -- SLAs need to be reviewed and adapted as business needs change. This component determines how often the SLA will be reviewed, who has authority to request a change and how soon changes must be implemented.
Cost of services -- The more demanding the SLA, the higher the cost. Determine the the overall service costs, itemize components, define billing terms and determine which services may be needed that are not covered under the agreement.
Penalties and remedies -- Penalties or chargebacks can work to keep both parties from abusing the agreement. This component includes penalties for overuse of services, such as excessive bandwidth, utilization and volume or penalties if the provider fails to deliver the expected service or if a critical outage affects your operations. Determine how you will be compensated or reimbursed for unused services, lost revenue and other losses.
Legal requirements — Make sure you have transfer and termination clauses in the event that either company is sold or if the agreement for services is canceled. It should also cover dispute resolution, review periods and a renegotiation date.
There are techniques to use when writing effective SLAs. First of all, use clear simple language that focuses on the needs of the business. Next, make sure all of the service, performance and availability requirements are quantifiable using agreed upon metrics. If the SLA requires detailed technical or operational requirements, consider creating a separate service-level specification document, called an SLS.
Be aware that vendors' default SLAs are often heavily biased in their favor. They often cap their liability to what you have paid for the service and not your actual losses or the costs of implementing a backup or secondary solution.
Monitor and enforce your SLAs diligently. Unmonitored SLAs will give you a false sense of confidence and endanger your business. Monitoring and enforcing SLAs will keep vendors on their toes and may identify issues before they have a negative impact on your business.
Although SLAs can be important and effective tools for managing both internal and external service providers, using too many of them can bog down your organization. SLAs require continuous monitoring and periodic review to maximize their value and to remain effective.
Bernie Klinder is an IT Project Lead with Blue Chip Consulting Group in Cleveland, Ohio. He was the founder and editor of LabMice.net, a comprehensive resource index for IT professionals who support Microsoft Windows NT/2000/XP/2003 and BackOffice products. For his contributions to the information technology community, Bernie was selected as a Most Valuable Professional by Microsoft. He can be reached at firstname.lastname@example.org.