Solved

SLa's and monitoring

Posted on 2014-10-30
3
143 Views
Last Modified: 2014-11-16
From a contract monitoring perspective, if you are monitoring the performance of a 3rd party (by performance compliance to the contract) - should they be able to provide evidence that they are aligning with SLA's, i.e.

If you have performance and availability requirements for an application they host - should they be able to provide evidence that the performance and availability of the application is meeting your SLA requirements?

issue resolution/ response - should they again be able to verify that all incidents/requests are being dealt with in line with SLA targets etc.
0
Comment
Question by:pma111
3 Comments
 
LVL 61

Assisted Solution

by:gheist
gheist earned 167 total points
ID: 40414694
Depending on their morals they will either tell the truth or bake 102,3% availability graphs.
I mean you need to monitor or hire independent third party to do it for you.
0
 
LVL 61

Assisted Solution

by:btan
btan earned 167 total points
ID: 40414834
Evidence - verifiable proof such as report depicting progress of status regime covering problem handling, change mgmt, incident handling and acceptance testing for all resolution. User acceptance and approving authority for report is required as due diligence from customer and main contractor.

Specific to performance and availability, besides a/m, as long as there is no complaint, I doubt you want to add more paperwork unnecessarily. There is no need to go into fatigue drill for the sake of fulfilling task if they can update progress in the agreed frequency. Existence of helpdesk service report may be good indicator but that is more of their internal but can try seeking for executive summary of the deliverable stats in term of the request, problem handled so far - time reported, time escalated, time recovery, time of workaround and time resolved and closure

Benchmark metric is good baseline but has to strike agreement and understanding - hear their proposal too. Below are some possible ones (ref CIS and I believe ITIL has some metric too..)

Configuration Change Management
    Mean-Time to Complete Changes
    Percent of Changes with Security Review
    Percent of Changes with Security Exceptions

Incident Management
    Mean-Time to Incident Discovery
    Incident Rate
    Percentage of Incidents Detected by Internal Controls
    Mean-Time Between Security Incidents
    Mean-Time to Recovery

Patch Management
    Patch Policy Compliance
    Patch Management Coverage
    Mean-Time to Patch

Vulnerability Management
    Vulnerability Scan Coverage
    Percent of Systems Without Known Severe Vulnerabilities
    Mean-Time to Mitigate Vulnerabilities
    Number of Known Vulnerability Instances
0
 
LVL 76

Accepted Solution

by:
arnold earned 166 total points
ID: 40414848
The answer is yes, though everything in the SLA boils down to the meaning of terms used.

the question you pose encompasses many possible issues.
Often their SLA will reflect their System, network  as proof that they were available in conformance with the SLA. Example, will be a store says that it is open daily 9-5pm to support your needs with an item you purchased for a few days following your purchase.
Unfortunately, your car brakes down such that you can not get to the store or your access to get to the store is .....
If you come on the fourth day, they can still say they were available to tend to your needs the first few days, but now the term has expired.

Going back to your issue, an application specific SLA has to be established and a clear definition of what your terms for the SLA compliance is.
Since you've not included greater detail, their SLA would only reflect the availability of the resources needed by your application, I.e. A server or a VM resource. The functionality of the Applicarion will often not be part of any SLA.
If the firm includes monitoring of your application's "availability" as part of an SLA or Monitoring, it often means that they monitor/check responses and functionality of a specific pages/functions versus every single aspect of the application.
My guess in your case, an update/change lead to a portion of your application stopped functioning while the provider reflects in their SLA, monitoring that your application's availability and functionality is meeting the SLA/monitoring to which you and they agreed.
An explanation often is that the pages/functionality of the application did not include the portion of the application in your SLA/Monitor agreement.
0

Featured Post

Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

Join & Write a Comment

Data center, now-a-days, is referred as the home of all the advanced technologies. In-fact, most of the businesses are now establishing their entire organizational structure around the IT capabilities.
Healthcare organizations in the United States must adhere to the guidance of both the HIPAA (Health Insurance Portability and Accountability Act) and HITECH (Health Information Technology for Economic and Clinical Health Act) for securing and protec…
Video by: Tony
This video teaches viewers how to export a project from Adobe Premiere Pro and the various file types involved.
The viewer will learn how to successfully download and install the SARDU utility on Windows 7, without downloading adware.

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now