As a professional in third party risk management, you probably hear the term service level agreement, or SLA, for short, often. So, it’s important to understand what they are. To help, we'll go through a few basic points now.
What’s an SLA?
A service level agreement (SLA) is "an agreement that sets the expectations between the service provider and the customer and describes the products or services to be delivered, the single point of contact for end-user problems and the metrics by which the effectiveness of the process is monitored and approved.” - Gartner
It's a key component of every contractual relationship with your third parties. The SLA should be developed between two companies – your organization and the third party. Ideally, it will be tailored to the products and services the third party is providing.
What Do You Include in an SLA?
The SLA should include the following:
- Timing and Frequency
Additionally, spell out very clear expectations on the type of reporting and documentation you’ll receive from the third party. It will always vary based on the type of service. You should request that robust reporting be developed in order to demonstrate that the third party is performing in the expected manner. While it’s certainly your responsibility to track and analyze the reports provided, you shouldn’t need to go and ask for them each time; the third party should be obligated to provide without reminders but you must keep track and follow up if they're not delivered.
What Do You Do If an SLA Is Broken?
When something looks amiss, react to it early and inform your board and senior management. Also, be sure you have their support in enforcing the contractual terms, even if that means escalating items to make sure you get them. While things like due diligence and notification of outages or providing of audit reports may be covered in other areas of the contract, it’s not a bad idea to make sure so that, if not, you can add them as an SLA provision.
Remember that SLAs provide your organization with an opportunity to set standards, require high-quality performance, identify benchmarks, create consistency and more. Therefore, they’re a very important element of any successful third party risk management program.
Now that you've learned the basics, dive deeper into vendor contract management. Download the eBook.