• United States



More Thoughts on System Availability

Mar 21, 20082 mins
Core Java

Following up on my comments last week on the need for service level agreements (SLAs) to ensure data availability in hosted environments (e.g., ASPs, SAAS, cloud environments, and other online services). This week some further suggestions and considerations for SLA:

1. Not all SLAs should be looked on as punitive. In many instances, businesses have achieved excellent results and return on their investment by offering incentive payments for vendors who exceed SLA requirements. 

2. Another type of positive incentive is the use of language permitting the vendor to “earn-back” credits for previous SLA failures. For example, if a vendor suffers an availability failure in one month for which a credit is assessed, but corrects the problem and has no further availability issues in the two months thereafter, the earlier credit is erased.

3. As a matter of goodwill, language should be considered permitting the customer to waive SLA credits in selected circumstances. For example, if a vendor is working hard to resolve a situation and has otherwise been performing adequately, it may make good business sense to waive an applicable credit. Waiver, of course, in a particular instance would not result in the waiver of any future SLA failure. 

4.  Although not directly related to availability, other relevant SLAs should also be considered. For example, response time requirements to ensure an acceptable user experience or specific SLAs for the time to recover backups from off-site storage. In offshore engagements, where staff turnover is sometimes in the double digits, data is placed at risk simply by the sheer number of personnel rotating through the vendor’s facilities. In these cases, consider adding an SLA imposing credits if staff turnover exceeds a certain threshold. 


Michael R. Overly is a partner and intellectual property lawyer with Foley & Lardner LLP where he focuses on drafting and negotiating technology related agreements, software licenses, hardware acquisition, development, disaster recovery, outsourcing agreements, information security agreements, e-commerce agreements, and technology use policies. He counsels clients in the areas of technology acquisition, information security, electronic commerce, and on-line law.

Mr. Overly is a member of the Technology Transactions & Outsourcing and Privacy, Security & Information Management Practices. Mr. Overly is one of the few practicing lawyers who has satisfied the rigorous requirements necessary to obtain the Certified Information System Auditor (CISA), Certified Information Privacy Professional (CIPP), Certified Information Systems Security Professional (CISSP), Information Systems Security Management Professional (ISSMP), Certified Risk and Information System Controls (CRISC) and Certified Outsourcing Professional (COP) certifications.

The opinions expressed in this blog are those of Michael R. Overly and do not necessarily represent those of IDG Communications, Inc., its parent, subsidiary or affiliated companies.

More from this author