Making Cloud SLAs readily usable in the EU private sector

Standards & the Common Reference Model

In order to maximize the impact and facilitate the adoption of the contributed Common Reference Model (CRM) by industrial stakeholders, and in particular by small-medium enterprises (SMEs), it is necessary to ensure its alignment with relevant standards and best practices.

This task will also benefit SMEs, who are typically not cloud experts, and often with very limited understanding of cloud service level agreements (SLAs) and especially the role of relevant related standards/best practices. Consequently, we started the alignment process by conducting a gap analysis of the CRM from the standardisation perspective by using as input the work done by SLAReady’s WP3 (International cooperation, consensus and standardisation), in particular D3.2 (Standardisation and international cooperation report) which reports relevant standards/best practices in this field.

Our goal is to ascertain the degree of standardisation related coverage of the CRM, such that the SMEs using it have assurance that the provided SLA guidance is aligned with the relevant standards and best practices. Furthermore, the results of the gap-analysis performed can be used by the SLA-Ready marketplace in order to create interactive guides that, based on the SMEs requirements, can realise both the

  • CRM elements to consider for their own use cases;
  • outline standards/best practices that could be taken into consideration either as development guidelines or references.


Initiatives being analysed Based on the outcomes from Deliverable 3.2:

Organisation Initiative acronym Initiative Relevance to the CRM
CSCC CSCC SLA Practical Guide to Cloud Service Level Agreements – v2 The 10 recommended CSCC SLA steps are state of practice.
EC C-SIG SLA Cloud SLA Standardisation Guidelines These guidelines became part of the EC contribution to ISO/IEC 19086-1, and represent one of the main results from the respective C-SIG group.
EC SMART Standards terms and performance criteria in service level agreements for Cloud computing services The proposed Model SLA is the most current EC-sponsored study in this field.
ETSI TR 103 125 SLAs for Cloud services The defined SLA template is relevant to the industry.
ISO 19086-1/-4 Cloud SLAs terminology, and security and privacy Both standards are generating high expectations with the industry, so CRM alignment with them will also maximize its chances for industrial adoption.


For each analysed standard/best practice, we assess if the corresponding CRM element is being referenced or not.

The primary conclusions from our analysis are the following:

  • The analysis of the CRM with respect to surveyed standards and best practices shows that there is good coverage related to the CRM’s SLOs elements. However, general-purpose SLOs (e.g., related to existing certifications, and SLA governance) are only discussed in ISO/IEC 19086-1 and the Cloud Standards Consumer Council’s (CSCC) “Practical guide to Cloud SLAs version 2“.
  • None of the analysed works utilized any standardized or consistent formats to specify the actual SLO metrics to use (please refer to Deliverable 2.2 for examples), although in many cases they provided selective high-level metrics as examples.
  • Unfortunately, relevant standards such as the upcoming ISO/IEC 19086-1/-4 do not contain any reference related to essential CRM’s elements that SLA-Ready has identified as significant means to empower/guide SMEs in their transition to the Cloud. For example, the advocated elements such as SLA findability, update/validity period, available languages, are still not addressed by the standards. The same situation occurs with known best practices such as the “Cloud SLA checklist” contained in the SMART EC report.
  • From the analysed-standards/best-practices, only the CSCC report provided the highest CRM coverage. However, we note that the CSCC report still has conspicuous gaps related to CRM’s elements such as choice of law and others as reported in ISO/IEC 19086-1/-4.
  • It is also worth mentioning that, despite not being cloud-specific, the SLA template defined by ETSI in their “ETSI EG 202 009-3” report also shown a good coverage of the CRM elements. This was expected due to the fact that such template was referenced in ETSI’s “SLAs for Cloud Services” technical report.


From the performed analyses it may be noted that the contributed D2.3 CRM has the potential to improve cloud customers’ understanding related to SLAs, while at the same time providing good coverage of the elements included in these relevant standards/best practices. The most evident benefit of the CRM with respect to surveyed works is in the following groups:

General | Freshness | Readability | Credits


The table below summarizes the results of the performed gap analysis. 

  CRM coverage to relevant standards (Yes/No)
CRM element

ISO/IEC 19086

(Part 1 and Part 4)

Cloud SLA checklist Guide for Evaluating Cloud SLAs C-SIG SLA Guidelines ETSI’s cloud SLA template
SLA URL No No No No No
Findable No No No No No
Choice of law No No No No No
Roles and responsibilities Yes Yes Yes No Yes
Cloud SLA definitions Yes No No Yes Yes
Revision date No No Yes No Yes
Update Frequency No No Yes No Yes
Previous versions and revisions No No Yes No Yes
SLA duration No No Yes No Yes
SLA language No No No No No
Machine-readable format No No No Yes No
Nr. of pages No No No No No
Contact details Yes Yes Yes Yes Yes
Contact availability No No Yes Yes Yes
Service Credit No No Yes No No
Service credits assignment No No No No No
Maximum service credits (Euro amount) provided by the CSP No No No No No
SLA change notifications Yes Yes Yes Yes Yes
Unilateral change No Yes Yes No No
Service Levels reporting Yes Yes Yes Yes Yes
Service Levels continuous reporting No Yes Yes No Yes
Feasibility of specials & customizations No No Yes No No
General Carveouts Yes No Yes No No
Specified SLO metrics Yes No Yes Yes Yes
General SLOs Yes Yes Yes No Yes
Cloud Service Performance SLOs Yes Yes Yes Yes No
Service Reliability SLOs Yes Yes Yes Yes Yes
Data Management SLOs Yes Yes Yes Yes Yes
Security SLOs Yes Yes Yes Yes Yes
Personal Data Protection SLOs Yes Yes Yes Yes No