Essential SLA Element #2: The devil’s in the details Posted on October 18, 2011 by Tim Burke I’ve already blogged about the importance of negotiating a service-level agreement that specifies the functionality of the managed and cloud services you engage. Now I’m going to focus on Essential SLA Element #2: Including details about the system, network, and security infrastructure and standards to be maintained for your services by the provider. In addition to the functional description of the services you’re using, your SLA should describe the infrastructure on which they’re based in detail so you know and can rely on what supports the services you’re buying. This description should include — and commit your service provider to maintain — system, network, and security infrastructure and standards. For instance, if electrical power provisioning is part of your SLA, make sure it clarifies what your monthly costs will be, since some providers play games with power costs. Further, your SLA should include your rights to audit your provider’s compliance and conduct onsite inspections at least once a year. In addition, your SLA should require that the service provider inform you immediately of discovery of any unauthorized disclosure or loss of your data — or even the reasonable belief that unauthorized disclosure/loss has occurred. And your SLA should obligate your service provider to supply indemnification if they’ve caused your data to be accessed inappropriately or lost.