Outsourcing security infrastructure and management can be an effective solution for businesses that don’t have the capabilities to manage these items in-house.

However, service level agreements (SLAs) can be difficult to understand, stalling the process of making your security equipment purchase.

This post overviews key tips to properly evaluate vendor SLAs before signing on the dotted line.

Promised Support Level

Within the SLA, it is important that the provider outlines the level of service you should expect to receive. This may include:

  • Frequency of service/maintenance visits (e.g. annually, quarterly).
  • Service response times.
  • Associated charges related to billable service/maintenance requests (if applicable).
  • Promptness of emergency notifications.
  • Monitoring center availability.
  • Physical vs. virtual support features (e.g. phone, chat, site visit).
  • Hours of normal operation and associated fees for afterhours or emergency service.

If the provider also manages the underlying network that security equipment runs on, look also for details on:

  • Network uptime percentage.
  • Broadband speed.
  • Average latency.
  • Packet loss targets.
  • Available bandwidth.
  • Availability by application.
  • Network carrier service providers.
  • Ownership of equipment and associated lines.
  • Network operations center (NOC) and Technical Applications Center (TAC) hours of operation and support levels.

The SLA should also clearly outline what requirements you, as a customer, must fulfill to guarantee that promised service levels can be met, and ramifications to the provider if they fail to hold up their end of the bargain.

Carefully evaluate this information against your company’s security and network needs to determine if what is offered is sufficient. If not, you can often negotiate or pay more for improved speed, reliability and performance.


The SLA should detail the exact services that the provider will deliver, and the hardware and software they will use to do so. Examples of services you may find include:

Monitoring and Reporting

Finally, the SLA should offer information on how the company will monitor and report metrics, so that you can ensure that agreements are upheld. If the prescribed metrics are not met, there must be a remediation plan in place, that allows both provider and client the ability to protect themselves.

What do you look for in a security company SLA? Share with us in the comments below.