Solved

SLa's and monitoring

Posted on 2014-10-30
3
156 Views
Last Modified: 2014-11-16
From a contract monitoring perspective, if you are monitoring the performance of a 3rd party (by performance compliance to the contract) - should they be able to provide evidence that they are aligning with SLA's, i.e.

If you have performance and availability requirements for an application they host - should they be able to provide evidence that the performance and availability of the application is meeting your SLA requirements?

issue resolution/ response - should they again be able to verify that all incidents/requests are being dealt with in line with SLA targets etc.
0
Comment
Question by:pma111
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 62

Assisted Solution

by:gheist
gheist earned 167 total points
ID: 40414694
Depending on their morals they will either tell the truth or bake 102,3% availability graphs.
I mean you need to monitor or hire independent third party to do it for you.
0
 
LVL 64

Assisted Solution

by:btan
btan earned 167 total points
ID: 40414834
Evidence - verifiable proof such as report depicting progress of status regime covering problem handling, change mgmt, incident handling and acceptance testing for all resolution. User acceptance and approving authority for report is required as due diligence from customer and main contractor.

Specific to performance and availability, besides a/m, as long as there is no complaint, I doubt you want to add more paperwork unnecessarily. There is no need to go into fatigue drill for the sake of fulfilling task if they can update progress in the agreed frequency. Existence of helpdesk service report may be good indicator but that is more of their internal but can try seeking for executive summary of the deliverable stats in term of the request, problem handled so far - time reported, time escalated, time recovery, time of workaround and time resolved and closure

Benchmark metric is good baseline but has to strike agreement and understanding - hear their proposal too. Below are some possible ones (ref CIS and I believe ITIL has some metric too..)

Configuration Change Management
    Mean-Time to Complete Changes
    Percent of Changes with Security Review
    Percent of Changes with Security Exceptions

Incident Management
    Mean-Time to Incident Discovery
    Incident Rate
    Percentage of Incidents Detected by Internal Controls
    Mean-Time Between Security Incidents
    Mean-Time to Recovery

Patch Management
    Patch Policy Compliance
    Patch Management Coverage
    Mean-Time to Patch

Vulnerability Management
    Vulnerability Scan Coverage
    Percent of Systems Without Known Severe Vulnerabilities
    Mean-Time to Mitigate Vulnerabilities
    Number of Known Vulnerability Instances
0
 
LVL 79

Accepted Solution

by:
arnold earned 166 total points
ID: 40414848
The answer is yes, though everything in the SLA boils down to the meaning of terms used.

the question you pose encompasses many possible issues.
Often their SLA will reflect their System, network  as proof that they were available in conformance with the SLA. Example, will be a store says that it is open daily 9-5pm to support your needs with an item you purchased for a few days following your purchase.
Unfortunately, your car brakes down such that you can not get to the store or your access to get to the store is .....
If you come on the fourth day, they can still say they were available to tend to your needs the first few days, but now the term has expired.

Going back to your issue, an application specific SLA has to be established and a clear definition of what your terms for the SLA compliance is.
Since you've not included greater detail, their SLA would only reflect the availability of the resources needed by your application, I.e. A server or a VM resource. The functionality of the Applicarion will often not be part of any SLA.
If the firm includes monitoring of your application's "availability" as part of an SLA or Monitoring, it often means that they monitor/check responses and functionality of a specific pages/functions versus every single aspect of the application.
My guess in your case, an update/change lead to a portion of your application stopped functioning while the provider reflects in their SLA, monitoring that your application's availability and functionality is meeting the SLA/monitoring to which you and they agreed.
An explanation often is that the pages/functionality of the application did not include the portion of the application in your SLA/Monitor agreement.
0

Featured Post

What, When and Where - Security Threats from Q1

Join Corey Nachreiner, CTO, and Marc Laliberte, Information Security Threat Analyst, on July 26th as they explore their key findings from the first quarter of 2017.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Curious about the latest ransomware attack? Check out our timeline of events surrounding the spread of this new virus along with tips on how to mitigate the damage.
This article is in regards to the Cisco QSFP-4SFP10G-CU1M cables, which are designed to uplink/downlink 40GB ports to 10GB SFP ports. I recently experienced this and found very little configuration documentation on how these are supposed to be confi…
This video Micro Tutorial shows how to password-protect PDF files with free software. Many software products can do this, such as Adobe Acrobat (but not Adobe Reader), Nuance PaperPort, and Nuance Power PDF, but they are not free products. This vide…
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…

622 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question