Page 198 - Courses
P. 198
IT Essentials — Computer Operations
Service Level Agreement Management
The service level agreement (SLA) is the backbone of the service contract or organizationwide
commitment between departments, and should be clearly measurable.
All service level agreements (SLAs) should be:
Clear and unambiguous.
Agreed upon and approved by the client and the service provider.
Measurable.
According to The IIA’s GTAG “Information Technology Outsourcing, 2nd Edition,” all statistics
relating to SLAs should be system-generated and tamper-proof. SLA management also includes the
documentation, handling, monitoring, and management of system performance-related customer
complaints, compliments, and feedback.
Incident and Problem Management
Incident management processes should record impacts of all incidents in clearly quantifiable terms,
including the number of users affected, staff hours lost, complexity, impact on business revenues,
and impact on regulatory compliance. Incidents reported generally fall under one of several
categories, including:
User error.
Software failure.
Security incident.
Hardware failure.
Misconfiguration.
False positive.
Management should examine all incident reports and check whether or not a root cause analysis
was performed, if issues were resolved satisfactorily, and if preventative actions were taken to avoid
recurrence of the problem.
Incident Management Process
Per The IIA’s GTAG “Information Technology Outsourcing, 2nd Edition,” the critical success factors
for the incident management process are:
Centralized incident management data.
Access to configuration management database (CMDB) information.
Performance indicators.
Clear case ownership.
Management of case dispatches.
Standard incident categorization.
Access to service level agreements (SLAs).
Copyright © 2021 by The Institute of Internal Auditors, Inc. All rights reserved.
