Normally SLAs are paper documents signed by both parties with the terms of the agreement outlined in the document. One trend Overly has seen recently are SLAs that refer to specific terms that are published on a website. That should generally be a red flag to consumers, he says. Websites can change and vendors, unless specifically agreed to in the SLA, may not be required to inform customers of changes to the terms.
It's reasonable that a provider may have to make a change to the service or SLA, but customers should be notified of the changes. It is best practice to have an out clause that allows the customer to terminate the contract if unacceptable changes are made as well. One tip is to ensure that any changes that are made are done so uniformly throughout the company's offering to all customers. "There's safety in numbers," he says.
Service respond time
One of the chief benefits of cloud computing is its elastic nature and the agility it gives customers to dynamically scale their IT usage based on their exact demands. If that's an important function for the user, Overly says it should be discussed with your provider. "Many people focus on availability, but sometimes just as important is the quality of the service," he says. If the customer's business relies on the ability to spin up new resources quickly, for example, perhaps that should be written into the SLA.
One innovative solution Overly has seen regarding this issue is vendors agreeing to survey their customers periodically, anywhere from once a year to quarterly, to monitor the quality of their service. If there are declines in customer service results, then the provider may agree to make changes, for example. This is helpful particularly in multi-year agreements, he says, and it's good for both the customer and the vendor. It provides the customer with assurances that the provider will continually improve or provide the expected service, and it allows the vendor to ensure they have satisfied customers.
Notification of security issues
Security breaches are all too common in IT today and Overly says customers should consider how they will deal with them when they occur. Does your service provider have to tell you about it? If your company has customers that are impacted, who informs the public of the breach? Overly says it's a grey area in many cloud contracts. Overly says providers should share information about security breaches and suspected security breaches and the sooner the better after an issue is discovered.
Furthermore, if there is a breach then the provider should leave it to the customers to notify any of its users that may be impacted. "You want to handle that message to your customers," Overly says. Customers may want to know about all security breaches their provider has, not just the ones that you're impacted by. "I may want to know about issues other customers are having," he says. "That's a situation of 'thank God my data wasn't hit, but I still want to know what happened to make sure we're not next in line,'" he says.
Sign up for CIO Asia eNewsletters.