CompTIA Security_ Deluxe Study Guide_ SY0-201 - Emmett Dulaney [216]
Some SLAs may put you in a vendor-dependent position that can potentially open up your data to eyes that should not see it. Consider a medical practice that must grant an application vendor full access to all patient records in the spirit of being able to maintain the application. Just as with any other contract, you must carefully scrutinize the SLA and make certain you are not unintentionally opening your organization to harm.
Quite often, SLAs exist even within a company. They serve the same purpose within departments of a company as they do between a vendor and a supplier.
SLAs are also known as maintenance contracts when referring to hardware or software.
If a vendor promises to provide you with a response time of four hours, this means it will have someone involved and dedicated to resolving any difficulties you encounter—either a service technician in the field or a remote diagnostic process occurring on your system. In either case, the customer has specific remedies that it can demand from the vendor if the terms of an SLA aren’t met.
Most computer manufacturers offer a variety of SLA levels. Some can guarantee support in hours, whereas others may require days. Different levels of coverage and different response times usually have different costs associated with them. A 4-hour service agreement will typically cost much more than a 24-hour or 48-hour agreement. An SLA should also stipulate how long the repair will take once the support process has been activated: Having a service technician on site in four hours won’t do much good if it takes two weeks to get a replacement for a defective part.
Make sure that you understand the scope and terms of your SLAs; periodically review them to verify that the performance criteria match your performance needs. Doing so can help prevent frustration and unanticipated disruptions from crippling your organization. The following are key measures in SLAs:
Mean time between failure The mean time between failure (MTBF) is the measure of the anticipated incidence of failure for a system or component. This measurement determines the component’s anticipated lifetime. If the MTBF of a cooling system is one year, you can anticipate that the system will last for a one-year period; this means you should be prepared to replace or rebuild the system once a year. If the system lasts longer than the MTBF, your organization has received a bonus. MTBF is helpful in evaluating a system’s reliability and life expectancy.
Mean time to repair The mean time to repair (MTTR) is the measurement of how long it takes to repair a system or component once a failure occurs. In the case of a computer system, if the MTTR is 24 hours, this tells you it will typically take 24 hours to repair it when it breaks.
While MTTR is considered a common measure of maintainability, be careful when evaluating it because it doesn’t typically include the time needed to acquire a component and have it shipped to your location. I once worked with a national vendor that thought MTTR meant mean time to response. A technician would show up on site within the time the contract called for but would only begin to look at the problem and make a list of any needed supplies as well as get coffee. Make sure the contract agreements spell out exactly what you want.
Most SLAs stipulate the definitions of these terms and how they apply to the agreement. Make sure you understand how these terms are used and what they mean to the vendor.
Real World Scenario
Should I Buy the Computer Store’s SLA for My New Laptop?
You just purchased that new laptop you’ve been eyeing at the computer store. The store you bought it from is a large, national computer and software retailer. When you purchased the laptop, the salesperson worked hard to sell you an extended warranty agreement. Was it a good deal?