Your IT Consultant

Information Technology Blog
by John W. Simek, Vice President of Sensei Enterprises, Inc.

Best Practices for Cloud SLAs (Service Level Agreements)

April 12, 2016

Despite what almost 50% of the public believe, the "cloud" is not impacted by weather. Working in the cloud means that your data and/or processing occurs on systems that are not located on your premise. Typically, it means that you have contracted for services from a third party and access the service via the Internet. But what should you look for in a Service Level Agreement (SLA) with a cloud provider? Not to worry. Network World has published the 10 best cloud SLA practices as identified by the General Accountability Office (GAO). They include:

Specify roles and responsibilities of all parties with respect to the SLA, and, at a minimum, include agency and cloud providers.
Define key terms, such as dates and performance. Define the performance measures of the cloud service, including who is responsible for measuring performance.
Define clear measures for performance by the contractor.
Specify how and when the agency has access to its own data and networks.
Specify the following service management requirements:
1. How the cloud service provider will monitor performance and report results to the agency.
2. When and how the agency, via an audit, is to confirm performance of the cloud service provider.
Provide for disaster recovery and continuity of operations planning and testing, including how and when the cloud service provider is to report such failures and outages to the agency.
Describe any applicable exception criteria when the cloud provider's performance measures do not apply (e.g., during scheduled maintenance or updates).
Specify metrics the cloud provider must meet in order to show it is meeting the agency's security performance requirements for protecting data (e.g., clearly define who has access to the data and the protections in place to protect the agency's data).
Specifies performance requirements and attributes defining how and when the cloud service provider is to notify the agency when security requirements are not being met (e.g., when there is a data breach).
Specify a range of enforceable consequences, such as penalties, for non-compliance with SLA performance measures.

E-mail: Phone: 703.359.0700
Digital Forensics/Information Security/Information Technology
http://www.linkedin.com/in/johnsimek
http://www.senseient.com

John W. Simek
Vice President

Subscribe in a Reader

Cookie	Duration	Description
cookielawinfo-checbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Your IT Consultant

Best Practices for Cloud SLAs (Service Level Agreements)

Subscribe for More!

Popular Categories

Listen to the Podcast

Disclaimer