Service Level Agreement Risk Analysis

“Mean-Time to Switchover” metric: This indicates the expected time to move from a service outage to a replicated failoque instance. This is usually measured in minutes and recorded from start to completion. Whether or not there is flexibility, it is important to understand and review SLAs as part of a cloud computing contract to determine if they pose a significant risk. The risk profile is determined by an organization`s risk-taking and the threats to which it is exposed. The risk profile should indicate the acceptable level of risk, how risks are taken and how decisions are made based on risks. In addition, the risk profile should take into account the potential costs and disruptions in the event of the exhaustion of one or more risks. This gives the CSP an important negotiating lever in the event of a payment dispute. For SLAs to be used to control the behavior of a cloud service provider, they must be accompanied by financial penalties. Contractual penalties provide an economic incentive for suppliers to comply with the indicated LTC. This is an important mechanism for cloud risk management and mitigation, but such sanctions rarely, if at all, provide adequate compensation for a customer who is largely related to them. Penalty clauses are not a form of transfer of danger. Penalties, when offered, are usually in the form of credits and not in the form of refunds. But who would want an extension of a service that does not meet quality requirements? Some contracts offer reimbursement of penalties if the supplier significantly exceeds the SLA for the remainder of the contract term.

Das Folgende ist ein Auszug aus The Official (ISC)2 Guide to the CCSP CBK, Second Edition, von Adam Gordon, CISSP-ISSAP, ISSMP, SSCP. . .