Welcome to issue 9 of ISO 17799 News, intended to keep you abreast of developments and news with respect to ISO17799 and information security.
The newsletter is absolutely free to our subscribers and provides guidance on various practical issues, plus commentary on recent Information Security incidents.
Included in this edition are the following topics:
CONTROLLING CHANGES TO THE SERVICE LEVEL AGREEMENT
From time to time, it may be necessary for either the Supplier or the Client to require changes to the services being delivered or other aspects of the servive level agreement. These changes need to be carefully controlled and should be covered by an approved and detailed procedure. It is recommended that change requests are formalized and agreed between the parties. If the changes to the services are reasonably simple then only minor changes to service listings need to be agreed. If, however, the changes to the Services are fundamental or complex, they may also require changes to be made to broader aspects of the agreement itself.
Changes to the Agreement should be handled under agreed change control procedures. It is normally recommended, however, that the Client organization establishes some form of specific Steering Committee which will be responsible for controlling and monitoring the SLA and changes to the Services, service measurement criteria or the Agreement itself. The following process is fairly common:
- The nominated Client Representative should submit a Services Change Request (SCR) on behalf of the user department to the Supplier for consideration, review and costing.
- The Supplier should review the feasibility of the Services Change Request and provide an estimate of the time and work effort
- The Client Representative and the Supplier should jointly present the Services Change Request to the SLA Steering Committee
- Steering Committee is to approve or reject the Services Change Request.
- The Steering Committee should consider the impact on contracts and agreements between the two parties and the budgetary issues
- The Service Change Request, if approved, is then incorporated into the Service Level Agreement.
For a service level agreement template and pre-defined process covering SLAs see: http://www.service-level-agreement.net
NOTE: If you haven't got a formal service level agreement in place for your critical services... you should have!