Subscribe to our blog

Articles published weekly by IT security and compliance professionals with decades of experience

  

Subscribe to our blog

Articles published weekly by IT security and compliance professionals with decades of experience

  

Subscribe to our blog

Articles published weekly by IT security and compliance professionals with decades of experience

Vendor Risk Management: Importance of Service Level Agreements

Andrew Paull
Nov 13, 2019 1:00:00 PM

Every organization, at one point or another, regardless of maturity, complexity, or business vertical, will have a need to work with a vendor, partner, or client to move business goals forward and maintain functional operations. Although vendors, partners, and clients have different roles to play in the organization’s overall success, they share a core basis of integration: A written third-party contract developed specifically for the business relationship that defines the expectations for each party and requires signed acknowledgement of the same. Contracts can include boilerplate verbiage and previsions, but specific details of the engagement should not be overlooked in any attempt to speed up the underwriting process or for simplicity. This blog will be the first in a series as I identify important factors to consider when building out a new contract for a budding third-party relationship or when renewing a contract from a previously maintained relationship.

Service Level Agreements

Every third-party contract should incorporate a provision for Service Level Agreements (SLA). These are the requirements to provide specific services and / or operating standards that meet the needs of both entities engaged in the contractual agreement. Often, SLAs are defined after cooperative discussions between parties and are designed to ensure that all standards and objectives can be met during specific operating situations. For example, SLAs can include standards for:

  • Technology and resource redundancy & availability
  • Operating environment requirements
  • Business continuity & disaster recovery responsibilities
  • Incident response processes and escalations
  • Privacy and security requirements

On an additional note, organizations are always evolving, adapting, and maturing. When renewing a contract from a previous engagement, it is important not to let the good quality of the relationship solely guide how SLAs continue to be addressed. If SLA previsions of a previous contract no longer meet the needs of the organization’s current operations, they should be identified and discussed to ensure that the third party can continue to provide services to the standards and quality that is expected. If they cannot, it may be necessary to alter the contract to exclude unserviceable requirements, or to onboard a new third party that is able to meet those needs. Although business relationships can lead to lasting friendships and shared success, contracts are legal business arrangements that should not be dictated by personal feelings. Subscribe to the Compass IT Compliance blog to be notified of my future posts in this Vendor Management blog series. Contact us today to learn more about the Third-Party Vendor Risk solutions we offer!

You May Also Like

These Stories on Vendor Management

Subscribe by Email

No Comments Yet

Let us know what you think