SLA 102: The Service Summary

Computerworld - In my last column, I walked through the basic areas that a service provider’s service-level agreement should cover: the service summary, security and design reviews, hardware, software, service availability, service requests, and monitoring and reporting.

In this article, I’ll focus on the service summary. In most SLAs, this section describes the service you will be receiving in general terms. Here are some of the areas you should keep in mind as you negotiate your contract with your service provider.

Service provider name

Most people will probably skim this section, because they assume that the service provider handing them the SLA will be responsible for providing the service. However, as with any contract, it’s critical to make sure the SLA identifies your service provider by name and lists any doing-business-as, or DBA, names. This will remove any obstacles or confusion later should issues occur.

Support level

Many security providers offer different levels of support based on your contract, such as basic, gold or platinum. The support level generally determines the number of service requests or tickets you are allowed per month or per week. It may also determine the level of support staff you can contact directly. Be sure you understand the support level you've bought, and make sure that the SLA spells out the terms of that support. (I will go into more detail about service requests or tickets in later articles.)

Exclusions

Most service providers build into the SLA a list of exclusions or exceptions that they do not consider service outages. This list essentially lets your provider off the hook for that service under the circumstances stated. For example, upgrades necessitating off-line time generally aren't considered outages.

Every service provider will have a list of exclusions or exceptions. If the SLA contains no exclusions, be sure to check with the service provider, since it’s best to include a full list of exclusions or exceptions upfront to avoid future disputes. Make sure you review the list carefully and negotiate for the removal of any exclusion or exceptions you consider unreasonable.

Customer requirements

Generally, the service provider will require you, as the customer, to provide all necessary information about contacts, escalation procedures and maintenance windows for your network.

These requirements often cover not only the hardware and software you deploy but the personnel and even your maintenance plans. Many providers will ask you for a copy of your latest network topology, assurance of adequate protection for your equipment, and a list of the hardware and software you use for network management. Some of this information will be used to configure the security policies, such as those for firewalls and IDSs.