To explain in a layman's language, Service Level Agreements SLA is an agreement between an service provider and the customer i.e recipient of the service. The main objective of a service level agreement is answer three core questions, namely

- What is going to be delivered?
- When is it going to be delivered
- Where is it going to be delivered?

What terms and conditions are included or excluded in a service level agreement depends a lot on the parties involved. From a point of view of information security, organizations have to enter into SLA's with service providers. such service providers may include internet service providers, telephony service providers etc. The IS team has a major role to play in defining SLA's with service providers. The IS team must co-ordinate with the information technology team to define critical areas in the SLA. An important thing to remember while defining SLA's is to limit service level agreements to critical requirements only. It's no use defining every small detail in the SLA. A risk analysis can help the IS team in identifying critical areas. Stress should be made on such critical areas while defining the SLA. To take an example, while defining a SLA for maintainence of servers one critical criteria would be data back-ups.

Related Posts on Information Security

Developing an Information Security Policy
Concept of Digital Signatures
Recovery Time Objectives
Confidentiality, Integrity & Availability