How to Protect Your Organization with Strong Service Level Agreements

As business becomes more and more reliant on technology, the impact of unavailability of a service becomes more and more critical. An outage on a customer-facing website, an off-line point of sale in a brick and mortar environment, inability to finalize a contract on a large sale, to obtain insurance, to use an app provided by a vendor all impact both revenue and reputation. Service level agreements are a powerful tool to ensure expectations for support and service, playing a critical role in business success.

There are two types of service level agreements of note:

  • Internal agreements: between IT and the business they support
  • External agreements: between a business and a commercial provider (third parties)

A true service level agreement is a formal contract between a provider and their customer (the person who pays for or funds the service). In the case of internal IT organizations, this is just as important as agreements with external providers but often overlooked. Most organizations fail to achieve the benefits of service level agreements internally, using published objectives rather than formal agreements.

A sign that more is needed is when providers treat every outage the same when they cannot prioritize which services are more important than others. The most effective way to address this gap is to establish formal service level agreements whether the provider is internal or external. When the goal of such an initiative is to protect the business, there are two key areas to consider.

Language and Agreement Terms

The language and terms used in crafting a service level agreement is often designed to support vendor needs and is a critical consideration when negotiating service level agreements. The contract’s language and definition of terms contains details that protect the vendor and should be carefully reviewed. Areas to consider include:



While often glossed over when reading a contract, definitions in service level agreements set the stage for the delivery of the agreement. Terms to review carefully include:

  • Definition of availability:
    • Performance degradation should be included in the definition of availability, including the level of degradation that counts as unavailability (downtime)
    • Performance benchmarks should be offered and measured to be able to validate degraded performance
    • Hours included in calculating availability are also critical: if the service is offered 24x7x365, ensure availability measurements don’t exclude “non-critical” hours or maintenance windows
    • Items included in availability measured: all vendor-provided services needed to deliver the solution should be included. For example, network outages for their connectivity to the Internet should not be excluded from service availability just because it is provided by a third party.
  • Hours of operation vs. hours of support:
    • Ensure the formal hours of operation meet the business’ needs. A 24×7 business requires services with 24×7 hours of operation.
      • If these are not offered by a vendor, they should be negotiated or considered during vendor selection.
      • In the case of internal support, to get to a 24×7 operational window, investment in equipment and personnel may be needed to achieve this. Understanding the gap enables the business to protect itself by making the required investment.
    • Support may vary during off-hours depending on the contract:
      • Critical system outages should receive support during all operational hours
      • User support may/may not be covered during off-hours. This needs to be weighed against business need.
    • Support hours need to be clearly identified if they are less than the operational hours. Any organization that operates in more than one timezone needs to confirm whose time zone limited hours fall into. For example, 9 AM – 5 PM support on the provider’s east coast clock may mean west coast locations only receive support until 2 PM.
  • Maintenance/blackout windows:
    • Most vendor environments should be virtualized enough that maintenance windows do not take services offline, but this needs to be confirmed.
    • Internal agreements should also consider maintenance windows and virtualization but only to a level of criticality of a service. Customer facing online services should be virtualized and require no maintenance windows, but internal, administrative services may tolerate a short window once or twice a week.
    • If the business has specified blackout windows during which any/all maintenance should not be performed, this needs to be specified in the service level agreement. Where it is not, the consumer may be able to influence this, but not always.
  • Notifications vs. influence:
    • All service level agreements should specify how the customer is notified of maintenance activities that could affect service availability and what the customer’s rights are.
    • For revenue-generating, customer-facing or other highly critical systems, understand the ability to request a hold before maintenance takes place.
    • Lack of say in this area should be considered during vendor selection.
    • Internally, consumer needs should always be considered, but it’s worth calling this out.
  • Client responsibilities:
    • Providers often include clauses in contracts that they can later use to avoid the consequences of not meeting their agreed upon service levels. In the case of third-party agreements, a careful review of client responsibilities should be performed.
  • Consequences for failure to meet service level agreements:
    • Consequences for failure and the levels at which they begin must be clearly defined or there is little to enforce when sufficient service is not being provided.
    • For internal providers, the consequence may be kicking off a service improvement program
    • For external providers, consequences may include credits or financial penalties



Once an agreement is drafted, all key service levels defined in the agreement need an associated and agreed upon a measure or set of measures as well as defined reporting periods. These should be reviewed regularly, rather than waiting until problems become regular.


Managing the Agreement

Accountability is key to protecting the business from the impact of unmet service level agreements. Review meetings should not wait until there is a problem with the provider, they should be regularly scheduled: quarterly if reports indicate good performance, monthly if performance is under question. There’s a short agenda and a fifteen-minute meeting may be sufficient to maintain the provider-consumer relationship when things are going well:

  • Review reports and discuss areas where service levels were not met or could be in jeopardy if no action is taken
  • Talk about changes in how the product is used and how its use is expected to grow/decline
  • Review/establish improvement programs to enable the provider to meet service levels

The communication that comes out of these meetings is critical to maintaining the relationship. While the service level agreement formalizes the expectations of both parties, regular communication is the key to using service level agreements to protect the business as it enables good discussion about where the provider can do better or where the business is not accurately partnering with the provider.

Cover image by Srinivas