Computerworld - In my last column, I walked through the basic areas that a service provider’s service-level agreement should cover: the service summary, security and design reviews, hardware, software, service availability, service requests, and monitoring and reporting.
In this article, I’ll focus on the service summary. In most SLAs, this section describes the service you will be receiving in general terms. Here are some of the areas you should keep in mind as you negotiate your contract with your service provider.
Service provider name
Most people will probably skim this section, because they assume that the service provider handing them the SLA will be responsible for providing the service. However, as with any contract, it’s critical to make sure the SLA identifies your service provider by name and lists any doing-business-as, or DBA, names. This will remove any obstacles or confusion later should issues occur.
Support level
Many security providers offer different levels of support based on your contract, such as basic, gold or platinum. The support level generally determines the number of service requests or tickets you are allowed per month or per week. It may also determine the level of support staff you can contact directly. Be sure you understand the support level you've bought, and make sure that the SLA spells out the terms of that support. (I will go into more detail about service requests or tickets in later articles.)
Exclusions
Most service providers build into the SLA a list of exclusions or exceptions that they do not consider service outages. This list essentially lets your provider off the hook for that service under the circumstances stated. For example, upgrades necessitating off-line time generally aren't considered outages.
Every service provider will have a list of exclusions or exceptions. If the SLA contains no exclusions, be sure to check with the service provider, since it’s best to include a full list of exclusions or exceptions upfront to avoid future disputes. Make sure you review the list carefully and negotiate for the removal of any exclusion or exceptions you consider unreasonable.
Customer requirements
Generally, the service provider will require you, as the customer, to provide all necessary information about contacts, escalation procedures and maintenance windows for your network.
These requirements often cover not only the hardware and software you deploy but the personnel and even your maintenance plans. Many providers will ask you for a copy of your latest network topology, assurance of adequate protection for your equipment, and a list of the hardware and software you use for network management. Some of this information will be used to configure the security policies, such as those for firewalls and IDSs.
Free Insider GuideCopyright © 1994 - 2012 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.
