Service org deliveries monitored for performance - no SLAs 1100



  • Have you had to test any controls related to ‘Service organization deliveries monitored for performance’?
    If you did, what kind of evidence or proof did you provide? was there an SLA and what metrics were gathered and reported?
    We don’t have SLAs but the external auditor wants us to test controls around it. We need to find proof or evidence of:

    • Service levels exist in the contracts for the ‘key’ vendors.
      -Service levels are monitored on a regular basis (i.e. by event,monthly, quarterly, and annually) by a standard IT process.
      -Service level measurements for ‘key’ vendors are included in the IT metrics dashboard or some other method of documentation.
    • Regular follow-up actions are taken with ‘key’ vendors who do not meet their contractual service level agreements.
      We have contracts with key vendors but they are support contracts with no SLA. There are no measurements and no evidence. It is pretty informal how vendors are managed, which is a long way from best practice. I’d welcome any suggestions on alternatives since we have to give a shot rather than just failing out of the gate.

Log in to reply