SLAs are just pieces of paper

Recent research into outsourcing corporate Web presence found that the most important factor for companies when considering...

Recent research into outsourcing corporate Web presence found that the most important factor for companies when considering external managed hosting is favourable customer service.

Although cost (50%) and flexibility (45%) were important, most agreed that customer service (71%) and service levels (60%) were the key deciders when choosing a third party to manage their entire Internet hosting platform.

The results highlight the importance of good service levels when using a third-party outsourcer. But many companies are discovering that once they have signed a service level agreement (SLA) they are not actually protected. They presume that once they have signed on the dotted line they are guaranteed 100% uptime and reliable security, but is that true? And what does an SLA actually protect against?

The trouble with most SLAs is that they aren't worth the piece of paper they are written on. This is because you will often find that they hide a series of get-out clauses so that if something does go wrong the third party is still covered. The customer, on the other hand, simply has to put up with an unacceptable service. So how do you ensure your SLA meets your needs?

In my experience, the following points should always be covered when signing an SLA with an ISP or hosting company:

  • Resilient power availability - you would have thought this was a necessity but, amazingly, many companies are not covered if there is a power cut. Some ISPs only offer this as an extra option

  • The network - without doubt the outsourcing company should use more than one carrier, to provide insurance against downtime. They should also be able to guarantee 99.999% uptime, which means only 288 seconds lost per month compared to 3.65 days a year with 99%

  • Guaranteed fix time - in today's technology-focused world any maintenance work should be carried out in a fixed time and without the whole network being taken down. I have heard of companies where the network goes down indefinitely. If that happens you are stuck with no service and your business is going to suffer. Also, the supplier should have spares on-site and the technological capability to fix the hardware problem. Many companies have to order parts, which can take days

  • Payment options - there should be no requirement to pre-pay but if you want to pre-pay you should be allowed to. Unfortunately, many companies' billing systems cannot handle this

  • Contract length - if the outsourcing company is providing a good service, it should be able to offer the flexibility of a monthly contract, if this is not possible the contract should include a definition of what failures, such as a certain amount of downtime, will allow an early exit

  • Security - is the datacentre safe? Has the network been protected? Is the supplier running intrusion detection solutions on your systems? These are all vital security-related questions you should ask if you hand over parts of your business to an third party. This must be detailed in the agreement

  • Performance monitoring and reporting - this should be available, free and accessible at all times. Any reliable company should be monitoring performance on a continual basis and reports should be available via the Web 24 hours a day. Companies that only do reporting on request are stuck in the stone age

  • Compensation and guarantees - any company that openly offers guarantees but then adds a rule about compensation if they are not upheld is starting on a negative note and you should ask yourself if it is really worth it. After all, you require the service, not loads of money back

  • Installation - many companies offer a guaranteed estimate when agreeing installation times. This is a contradiction of terms, why don't they just say 24 hours and ensure everything is up and running. This is their business, so how complicated can it be?

Once this has been agreed, it is still worth remembering that a piece of paper is still only a piece of paper. Unless the people involved care about the service they provide no agreement in the world is going to work.

My feelings are that while it is important to negotiate and get the most out of your SLA, too much emphasis is put on the document. Not enough time is being spent on actually ensuring the people providing the service can support it.

Dominic Monkhouse is managing director, Rackspace Managed Hosting Europe

The Omniboss research was conducted by Vanson Bourne among 100 UK IT directors from companies with turnovers of more than £50m

Read more on IT outsourcing