In circumstances where you are paying for a service which is being delivered by a third party you should have a legally enforceable Service Level Agreement (SLA) in place. Without a clear Service Level Agreement it is difficult to get clear visibility of what you are paying for – or take action when you are not getting the service you requested. We describe the process of using SLAs to ensure you get the service you want as Service Assurance.
Some industries have additional requirements for Service Level Agreements – particularly where they are highly regulated – and the Regulators demand evidence that all Service Providers are managed consistently and effectively. In these cases not only do the people in these industries need SLAs but they need to show that they are managing them. This would include the Financial Services, Pharmaceutical, Energy and Telecoms Industry.
Control over Service Delivery – Service Assurance
Organisations increasingly rely on external third parties to deliver core services to their organisations. These services can include facilities management, recruitment, information technology services, document storage, business continuity services etc. It is essential for these organisations to maintain acceptable levels of service in these areas. Traditionally when these services were provided by employees normal management control could have been exerted over their performance. Where services are sourced from external parties it is necessary to implement a formal legal basis to ensure satisfactory service delivery. This legal basis is a service contract with a Service Level Agreement. By clearly identifying specific metrics for each service to be provided client organisations can ensure that they get the service they expect. Please read our article on creating SLAs for more information.
In recent times we have seen organisation baseline service performance expectations at reasonably low levels – where providers exceed the performance targets and provide an even higher level of service they receive bonus payments. This replaces the older approach of ‘penalising’ service providers where performance was in breach of the Service Level Agreement. This newer approach offers many advantages- including a much simpler enforcement mechanism.
In all cases service assurance means more than simply putting an SLA in place. Where a firm implements a best practice Service Management Process they will be regularly monitoring the SLAs they have in place – this means that they will consistently receive updates from their service providers on how they are performing against service levels. In some cases Clients receive performance reports in excel or hard copy format from Service Providers. More recently organisations are starting to use online Service Management Solutions like ServiceFrame(TM) to manage Service Level Agreements. These solutions offer significant advantages over more traditional approaches to managing SLAs, including:
o option to access all SLAs through an easy to use web-based tool
o options to view all SLA performance using an intuitive ‘traffic light’ colour coded dashboard
o be alerted when service providers are underperforming
o run reports on SLA performance
SLA management is covered in more detail in our article Managing SLAs
Service Level Agreements in Regulated Environments
If you work in an environment which is regulated then it is worth investigating whether there are specific requirements in relation to the way in which you can outsource services. There are many examples of these types of Regulations. It is important to conduct an analysis of your particular situation to understand which regulations are appropriate.
The Sarbanes Oxley Act of 2002 stipulated that where third party services directly impact financial reporting or internal control management activities, a company’s management is responsible for evaluating the design and effectiveness of the control structure in place, both within the third-party provider and between the two organisations. In these circumstances management must evaluate outsourcing provider’s internal controls within resource and time constraints. Outsourcing organisation must provide assurance about the controls they have in place for customers.
The Committee of European Banking Supervisors published guidelines in relation to outsourcing in December 2006. The guidelines are consistent with the Market in Financial Instruments Directive (MiFID). The purpose of these guidelines is to ensure that Financial Institutions are adequately managing the risks associated with Outsourcing. The guidelines note that ‘In managing its relationship with an outsourcing service provider an outsourcing institution should ensure that a written agreement on the responsibilities of both parties and a quality description is put in place’.
Most regulatory environments share a concern to ensure that the responsibilities between client and service provider are clearly documented – this means that a Service Level Agreement needs to be put in place. In addition most requirements call for active management of service contracts. Management of SLAs requires a proportionate activity – it is necessary to put a process in place to ensure that risk is covered. We believe that manual processes of managing SLAs can prove to be time consuming and costly. Traditional IT intensive systems for SLA monitoring have been very expensive but also relatively ineffective. New Service Management and Service Assurance tools such as ServiceFrame(TM) take advantages of easy deployment options offered by Software as a Service as well as very intuitive user interfaces.