This post was originally published on January 21, 2016 and has been updated for accuracy and comprehensiveness.

Outsourcing security infrastructure and management can be an effective solution for businesses that don’t have the capabilities to manage these tasks in-house.

Service level agreements (SLAs) are designed to offer companies assurance that the security they invest in will satisfy them as the customer. From setting the expectation of cost, quantity and level of responsiveness, SLAs provide a common ground for the provider and the customer.

However, SLAs can be difficult to understand, stalling the process of making your security equipment purchase. This post overviews key tips to properly evaluate vendor SLAs before signing on the dotted line.

Ensure Promised Support Levels

Within the SLA, it’s important that the provider outlines the level of service you should expect to receive. This may include:

  • Frequency of service/maintenance visits (e.g. annually, quarterly).
  • When services are running and are accessible for the customer.
  • Service response times.
  • Associated charges related to billable service/maintenance requests (if applicable).
  • Associated fees for afterhours or emergency services.
  • Promptness of emergency notifications.
  • Expected resolution time.
  • Monitoring center availability.
  • Physical vs. virtual support features (e.g. phone, chat, site visit).
  • Penalties for breaking contract terms.

If the provider also manages the underlying network that security equipment runs on, look for details on:

  • Average latency.
  • Available bandwidth.
  • Availability by application.
  • Broadband speed.
  • Network carrier service providers.
  • Network operations center (NOC) and technical applications center (TAC) hours of operation and support levels.
  • Network uptime percentage.
  • Ownership of equipment and associated lines.
  • Packet loss targets.

The SLA is a mutual agreement between two parties. The SLA should clearly outline what requirements you, as a customer, must fulfill to guarantee that promised service levels can be met. Additionally, it should explain the ramifications to the provider if they fail to hold up their end of the bargain.

Carefully evaluate this information against your company’s security and network needs to determine if what is offered is sufficient. If not, you can often negotiate or pay more for improved speed, reliability and performance. While reviewing paperwork and a legal agreement can be time-consuming, the SLA is a contract and must be given much consideration.

Determine Exact Services Delivered

The SLA should detail the exact services that the security provider will deliver, and the hardware and software they will use to do so. Examples of services you may find include:

Configure Monitoring and Reporting Expectations

Finally, the SLA should offer information on how the company will monitor and report metrics, so you can ensure agreements are upheld. In the contract, come to agreement on what is acceptable data and what is unacceptable. If the prescribed metrics are not met, there must be a remediation plan in place.

By having a preset plan, the security provider and client have the ability to protect themselves if expectations are not met.

For more information on how to protect your business, contact a security professional today.