Cloud Service Level Agreement Standardization Guidelines

 

The European Commission has published a document called the Cloud Service Level Agreement Standardization Guidelines that provides a technology neutral, business model neutral, and global applicable set of standards for measuring service level agreements from the growing number of cloud service providers.  The document also includes a very good list of definitions for cloud computing.

The following are Service Level Objectives defined as part of the standard.  If you are looking to purchase cloud services from any vendor, this is a good list to start with when evaluating their Service Level Agreements.

Performance Service Level Objectives

  • Availability
  • Response Time
  • Capacity
  • Capability Indicators
  • Support
  • Reversibility and the Termination Process

Security Service Level Objectives

  • Service Reliability
  • Authentication and Authorization
  • Cryptography
  • Security Incident Management and Reporting
  • Logging and Monitoring
  • Auditing and Security Verification
  • Vulnerability Management
  • Governance

Data Management Service Level Objectives

  • Data Classification
  • Cloud Service Customer Data Mirroring, Backup and Restore
  • Data Lifecycle
  • Data Portability

Personal Data Protection Service Level Objectives

  • Codes of Conduct, Standards and Certification Mechanisms
  • Purpose Specification
  • Data Minimization
  • Use, Retention and Disclosure Limitation
  • Openness, Transparency and Notice
  • Accountability
  • Geographical Location of Cloud Service Customer Data
  • Intervenability