Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
Risk Assessment
Session 14
Service Level Agreement(SLA)
• Describes the level of service expected by a customer from a
supplier
• Vendor and the customer can use the SLA to agree on the
methods of rendering a guaranteed service
• SLAs are between companies and external suppliers, but they may also be
between two departments within a company
• May include a plan for addressing downtime and documentation for how
the service provider will compensate customers in the event of a contract
breach.
• Defect rates
– Counts or percentages of errors in major deliverables
• Downtime
– Maximum number of allowed breakdowns per year
• Availability
– Percentage of Assured system availability
• Solution Time
– Maximum period of time allowed for the solution of the problem
• Technical quality
– Measurement of technical quality by commercial analysis tools that examine
factors such as program size and coding defects.
• Security
– Measuring controllable security measures such as anti-virus updates and patching
is key in proving all reasonable preventive measures were taken, in the event of an
incident.
Definition Reaction time Standard Service
Resolution Time Level Yearly
Target
• Difficult to prevent
• Losses can be avoided with proper precautions
Natural Disaster
• E.g. Earthquakes , fire, flood, hurricane, etc
• The objective of a disaster recovery plan is to minimize downtime and data loss
• Minimize the disruption of operations and ensure that some level of organizational
stability and an orderly recovery will prevail after the disaster
Impact of Disaster
The primary objective is to protect the organization in the event that all or part of
its operations and/or computer services are rendered unusable.
• Tangible costs
– Lost data, Lost assets, Lost revenue, Lost Wages, Lost Inventory, Marketing
Costs, Bank Fees/Penalties, Legal Costs, Recovery costs
• Intangible costs
– Lost Opportunity, Employee Retention, Loss in Share Value, Goodwill, Brand
Image, Diminished service reputation, Loss in confidence from partners &
customers
Recovery Point Objective (RPO):
Point in time to which applications data
must be recovered to resume business
transactions
Recovery Time Objective (RTO):
Maximum elapsed time required to
complete recovery of application data
Disaster Recovery
1 • Set up an emergency response plan
6 • Human resources
7 • Physical resources
Disaster Recovery (DRP) & Business
Continuity Planning (BCP)
• Process / policies related to preparing for continuation after
a disaster
• DRP is a subset of larger process known as BCP
• Resumption of applications, data, hardware, communications,
other IT infrastructure
• Planning for non – IT related aspects such as key personnel,
facilities, crisis communication & reputation protection
Benefits of a DRP
1 • Providing a sense of security