The ISO27000 Newsletter - News & Views on the ISO/IEC Security Standard

ISO17799 News - Issue 9

Welcome to issue 9 of ISO 17799 News, intended to keep you abreast of developments and news with respect to ISO17799 and information security.

The newsletter is absolutely free to our subscribers and provides guidance on various practical issues, plus commentary on recent Information Security incidents.

Included in this edition are the following topics:

From time to time, it may be necessary for either the Supplier or the Client to require changes to the services being delivered or other aspects of the servive level agreement. These changes need to be carefully controlled and should be covered by an approved and detailed procedure. It is recommended that change requests are formalized and agreed between the parties. If the changes to the services are reasonably simple then only minor changes to service listings need to be agreed. If, however, the changes to the Services are fundamental or complex, they may also require changes to be made to broader aspects of the agreement itself.

Changes to the Agreement should be handled under agreed change control procedures. It is normally recommended, however, that the Client organization establishes some form of specific Steering Committee which will be responsible for controlling and monitoring the SLA and changes to the Services, service measurement criteria or the Agreement itself. The following process is fairly common:

  • The nominated Client Representative should submit a Services Change Request (SCR) on behalf of the user department to the Supplier for consideration, review and costing.
  • The Supplier should review the feasibility of the Services Change Request and provide an estimate of the time and work effort
  • The Client Representative and the Supplier should jointly present the Services Change Request to the SLA Steering Committee
  • Steering Committee is to approve or reject the Services Change Request.
  • The Steering Committee should consider the impact on contracts and agreements between the two parties and the budgetary issues
  • The Service Change Request, if approved, is then incorporated into the Service Level Agreement.

For a service level agreement template and pre-defined process covering SLAs see:

NOTE: If you haven't got a formal service level agreement in place for your critical services... you should have!




Free subscription is via our online form



Contact Us

© Copyright 2005/2006. RS