ELI5: What are Service Level Agreements?
An SLA is a pinky promise written on paper. A company swears your internet will work almost all the time, and if they break that promise, they owe you something back.
Definition
A Service Level Agreement (SLA) is a formal contract between a service provider and a customer that defines the expected level of service performance, availability, security obligations, and remedies for non-performance. In security contexts, SLAs establish uptime guarantees (e.g., 99.9% availability), incident response times (e.g., critical incidents responded to within 1 hour), security notification timelines (e.g., breaches reported within 24 hours), and data protection obligations.
Key Details
- Availability SLAs: 99.9% uptime = ~8.7 hours downtime/year; 99.99% = ~52 minutes; 99.999% = ~5 minutes
- Security SLAs: patch application within 30/60/90 days based on severity, encryption requirements, access control standards
- Notification SLAs: vendor must notify customer of security incidents within a defined timeframe (e.g., 24 or 72 hours)
- SLA violations typically trigger financial penalties (service credits) or termination rights
- Exam tip: SLAs are the contractual mechanism for holding vendors accountable for security performance; they complement right-to-audit clauses
Connections
- Parent: third-party-risk — SLAs are the primary contractual tool for managing vendor performance and security obligations
- See also: contractual-compliance
- See also: vendor-assessment