Making Cloud SLAs readily usable in the EU private sector
What is an SLA and how to find it?
The Cloud Service Level Agreement (SLA) describes and sets Service Level Objectives (SLO)/Attributes for the Cloud service, and defines what services are in-scope and out-of-scope.
This can include, support, assumptions, performance levels, incident management, disaster recovery, data ownership and access, compliance and termination remedies and other arrangements. All these conditions should be properly documented in the SLA to ensure a clear migration strategy is in place, thereby increasing your control over the cloud services you are using.
Not every Cloud Service Provider that SLA-Ready has investigated has a publicly available SLA on the corporate website through a URL. This can make it hard to locate the SLA.
In addition, there is no standardised way to access the SLA. Sometimes it appears under "Legal", sometimes under "Support". Sometimes, these sections appear at the very bottom of the website. Only in a few cases is the SLA in a primary position.
A Cloud SLA generally is part of an overall (master) cloud services agreement (MSA). It can also be spread in several parts thereof, as described below. For the avoidance of doubt, each and every part is collectively referred to as SLA or Cloud SLA, even though there may be more documents involved. The full structure thereof can be defined as the SLA architecture.
The organisation and the names used for the MSA and its associated documents can vary considerably and the location of a particular SLO/Attribute within the document set can also vary. These documents may include, but are not limited to:
- Service Agreement or Subscription Agreement
- Master Service Agreement or Master Subscription Agreement (MSA)
- Service Level Agreement (SLA)
- Process Level Agreement
- Processor Agreement
- Privacy Level Agreement
- Acceptable Use Policy
- Security Policy
- Business Continuity Policy including Disaster Recovery Plan
- Service Description
SLAs are, becoming increasingly part of the cloud-based landscape. From a customer perspective, it is important for the cloud service customer to understand the complete set of documents that govern the Cloud service and to identify SLOs/Attributes wherever they occur. It’s key for them to understand just how often the system is up and active and how often it should be, so as to determine if the SLA is being honoured.
While an SLA is a particle in the Cloud service level ecosystem, it is inseparable from the other contractual arrangements between the Cloud Service Provider (CSP) and its Cloud Service Customer (CSC). It is therefore up to the CSC to ensure full understanding of the contractual arrangements and check for any changes therein, which are always made at the discretion of the CSP.
Related-SLA terms are often scattered over multiple web pages/documents, which the SME CSC has to carefully consider. In cases where a dedicated section for SLA documents is not available on the CSP public website, prospective CSCs are referred sections dealing with legal and privacy terms of the service usage. Moreover, the definition of terms might be even given under different articles of the same document or terms related to privacy & security are not always included under the available SLA terms. For example:
"This Service Level Agreement forms part of your Agreement with X CSP, along with the Terms of Service and the Acceptable Use Policy, and is subject to all the terms and conditions stated in these documents".