Gain a 360-degree view of third-party risk by using our SaaS software to centralize, track, automate, assess and report on your vendors. 

Managed Services

Let us handle the manual labor of third-party risk management by collaborating with our experts to reduce the workload and mature your program. 

Document Collection
Policy/Program Template/Consulting
Virtual Vendor Management Office
Vendor Site Audit

Ongoing Monitoring

Let us handle the manual labor of third-party risk management by collaborating with our experts.

Venminder Exchange

As Venminder completes assessments for clients on new vendors, they are then made available inside the Venminder Exchange for you to preview scores and purchase as you need.


Use Cases

Learn more on how customers are using Venminder to transform their third-party risk management programs. 


Venminder is used by organizations of all sizes in all industries to mitigate vendor risk and streamline processes

Why Venminder

We focus on the needs of our customers by working closely and creating a collaborative partnership

Sample Vendor Risk Assessments

Venminder experts complete 30,000 vendor risk assessments annually. Download samples to see how outsourcing to Venminder can reduce your workload.



Trends, best practices and insights to keep you current in your knowledge of third-party risk.


Earn CPE credit and stay current on the latest best practices and trends in third-party risk management.  

See Upcoming Webinars

On-Demand Webinars



Join a free community dedicated to third-party risk professionals where you can network with your peers. 

Weekly Newsletter

Receive the popular Third Party Thursday newsletter into your inbox every Thursday with the latest and greatest updates.



Venminder Samples

Download samples of Venminder's vendor risk assessments and see how we can help reduce the workload. 

State of Third-Party Risk Management 2023!

Venminder's seventh annual whitepaper provides insight from a variety of surveyed individuals into how organizations manage third-party risk today.


Tracking Vendor Performance With Service Level Agreements

5 min read
Featured Image

A vendor contract is an important document that defines the duties and responsibilities of both parties. But how do you make sure the vendor’s performance is consistent and meeting your expectations? Organizations will generally use a few different terms when referring to a vendor’s performance. Key performance indicators (KPIs) are metrics that are defined by an organization and used to guide a vendor’s efficiency and success.  Service level agreements (SLAs) establish firm, legally binding commitments between the organization and the vendor to provide a specified level of service.

We’re going to focus on SLAs and give some guidance on how to use them for performance tracking. We’ll also provide some examples of generic SLAs that can be adapted to your organization’s needs.

Using Vendor Service Level Agreements to Track Performance 

SLA tracking, or monitoring, is a critical component to your third-party risk management (TPRM) program. Establishing and tracking vendor SLAs helps ensure that both parties are on the same page in terms of standards and service. This builds in consistent support and holds you and the vendor accountable to the service that is being provided. If a vendor failed to meet their SLA obligations, this could negatively impact your organization's reputation and even the quality of the service that your organization is providing to your customers or employees. 

Here are some tips to remember when creating and using SLAs:

  • Set a standard. Prior to contract signature, you need to know what your organization’s strategic goals and objectives are. Ask yourself, “What is the big picture?” Having this clear understanding will give you the ability to define what those SLAs or measurements need to be to motivate the right behavior. Setting a standard also gives you the ability to measure against it, so you know how your vendor is performing. 
  • Take inventory. You need to know what your current SLAs are. As the industry evolves, this directly impacts those goals and objectives you identified above. This means your SLAs should never be viewed as “fixed”. The types of SLAs you use, and need should be reviewed periodically to ensure you stay aligned. This could include verifying that your SLAs have built-in guidance to modify them if a vendor fails to meet obligations, if your workload has changed, or there’s been a shift in your organization’s business needs. If your identified standards are not laid out in an already executed contract, discuss executing an addendum to the SLA to adjust to your preferred standards.
  • Create a monitoring schedule. The frequency of monitoring will depend on the SLA and any change in the vendor’s performance. Monitoring your SLAs on a regular basis will let you know whether they’re being met. You don’t want to wait until your annual review before discovering that the vendor has failed to meet one or more of your SLAs
  • Document unmet SLAs. As you monitor your vendor’s performance, you may discover some issues which should be formally documented with your vendor. This ensures that you have a formal record of issues that arose during the contract period, which can help minimize the chance of any potential disputes with your vendor. 
  • Refer to your exit strategy. If the vendor’s performance has greatly declined through multiple SLA failures, it may be time to consider termination. Always make sure you’re within your contractual rights to terminate and follow your exit strategy to ensure a smooth transition. 

3 Benefits of Vendor SLAs 

Tracking vendor performance is an important goal of SLAs, which allows you to identify, escalate, and resolve issues more efficiently. SLAs can also provide additional benefits for your organization, such as:

  • Providing contractual leverage. After all the work that goes into negotiating and writing a vendor contract, you’ll want to make sure that both parties are living up to their responsibilities. If the vendor isn’t meeting SLAs, this can be used as leverage for contract negotiations such as discounts or free products and services.
  • Justifying cost and risk. Every vendor relationship will carry some risk, and there’s always a possibility of dispute over whether the cost is validated. If the vendor continues to meet or exceed SLA expectations, the TPRM team might use this as justification for continuing the relationship.  
  • Driving efficiency. SLAs can be a great tool used to incentivize vendors. When vendors are offered bonuses or other benefits for meeting SLAs, they may be more likely to strive for excellence.

vendor performance tracking

Examples of Service Level Agreements Categories

A common challenge of SLAs is not knowing where to begin. There are so many different categories of SLAs that it can be difficult to know which ones to apply. A vendor that interacts directly with your customers will require different SLAs than one who only provides a product to your organization. The specific SLAs you use will be unique to your organization, based on the product and/or service that is being provided by your vendor. Here are a few examples:

  • Operational: This category would be used to verify that the service is working as it should. 
    • Accessibility – Client should have access to the service 24/7.
    • Uptime – Services shall have a [percentage] uptime. 
    • Credits – If vendor is unable to provide the uptime minimum for [amount of time], client will be entitled to the service level credits below: 
      • Percentage uptime: 99.5%-100% = 0% Credit percentage (1 month service fee paid) 
      • Percentage uptime: 97.5%-99.5% = 15% Credit Percentage (1 month service fee paid) 
      • Percentage uptime: <97.5% = 25% Credit Percentage (1 month service fee paid)
  • Non-operational: This category would cover the periods when the system is not functioning, either because of issues or scheduled maintenance.
    • Maintenance – Routine system maintenance will occur [list maintenance times].
    • Downtime – The client has a right to terminate based on consistent downtime.
    • Priority levels – Priority levels are based on the severity of an error or downtime of service. The more severe and the more it affects the SLA, the higher the priority, thus resulting in a faster escalation/resolution period and should be resolved within hours. The lower the priority, the slower amount of time to escalate/resolve the issues, this could be in hours or even days. 
      • Critical – Priority 1
      • High – Priority 2
      • Medium – Priority 3
      • Low – Priority 4
    • Escalation – Issues must be escalated based on priority level.
    • Resolution – Issues must be resolved within [amount of time] after escalation. 

The process of defining your SLAs and using them to track vendor performance may seem a bit overwhelming at first. However, it’s an important step in vendor contract management that helps drive efficiency within your organization. 

Subscribe to Venminder

Get expert insights straight to your inbox.

Ready to Get Started?

Schedule a personalized solution demonstration to see if Venminder is a fit for you.

Request a Demo