Which of the following is not a primary content area when preparing a cloud service level agreement (SLA)? (Wentz QOTD)
A. Price
B. Performance
C. Attestations, certifications, and audits
D. Personal Identifiable Information (PII) protection
Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.
My suggested answer is A. Price.
Wentz’s book, The Effective CISSP: Security and Risk Management, helps CISSP and CISM aspirants build a solid conceptual security model. It is a tutorial for information security and a supplement to the official study guides for the CISSP and CISM exams and an informative reference for security professionals.
ISO/IEC 19086-1 is a standard that suggests a service level agreement (SLA) framework for cloud computing and introduces 12 SLA content areas. Price is not a major concern of an SLA; it is typically addressed by the service procurement or vendor contract.
Contract vs Agreement
The terms “agreement” and “contract” are often used interchangeably, but they aren’t necessarily the same thing.
- “A contract is an agreement, but an agreement is not always a contract. An agreement can be informal or it may be written; a contract may be verbal or written, but a contract will always be enforceable if it contains certain requirements.” (Ironclad)
- “An agreement is any understanding or arrangement reached between two or more parties. A contract is a specific type of agreement that, by its terms and elements, is legally binding and enforceable in a court of law.” (Diffen)
Service Contract vs Service Level Agreement (SLA)
It’s commonly confused between a contract and an agreement or a procurement/vendor/service contract and a service level agreement (SLA).
Typically a contract is defined as an agreement between two or more parties, especially one that is written and enforceable by law. This legal document outlines the services provided, duration, cost, resources, approach, assumptions, etc.
An SLA would focus only on the performance measuring and service quality agreed to by both parties and may be used as a measurement tool as part of the contract. The service levels themselves may be established based on various factors, for example, a service provider may provide online credit checks to its customers. A service level in the contract may state the online service must be operational 99% of any given month, or it must provide the requested information within 3 hours after a request, etc.
The rationale for having a separate SLA document is that you can revise the SLA without having to revise the contract. The contract can just refer to the agreed SLA. The contract might then last for 2 years but the SLA may be reviewed quarterly, for example. This reduces the administrative burden of reviewing the contract too frequently.
Source: DocShare
Reference
- Cloud Computing by ISO/IEC 17788:2014
- Agreement vs. Contract: What’s the Difference?
- Agreement vs. Contract
- Agreement vs contract: The difference between them
- The Difference Between a Contract and an SLA
- Agency Contracts: Statement of Work vs Service Level Agreement
- Difference Between Service Level Agreement and Contract
- The Difference Between a Vendor Contract and a Service Level Agreement (SLA)
在準備雲服務水平協議 (SLA) 時,以下哪一項不是主要的內容領域? (Wentz QOTD)
A. 價格
B. 效能
C. 證明、驗證和稽核
D. 個人身份信息 (PII) 保護