Making Cloud SLAs readily usable in the EU private sector

Aligning work on Cloud SLAs with a new international standard

For a customer it is never easy to sign a cloud contract especially the service level agreements (Cloud SLAs), which in many cases are difficult to read and designed to protect the interests of the cloud service providers (CSPs).

The SLA-Ready analysis of the SLAs of over 150 CSPs and relevant standards reveals significant gaps in terms of best practices and an overall lack of transparency for customers, who feel they don’t have much of a say about what goes into the SLA.

Standardising SLAs can benefit both cloud service providers and customers. From a CSP perspective, CSPs would have to deal with fewer misunderstandings with their customers. From a customer perspective, having a standard means not having to re-invent the wheel every time, saving everyone time and effort.


SLA-Ready’s contribution to ISO/IEC 19086

ISO/IEC 19086 is a four-part standard for Cloud SLAs and is now rolling towards completion. Part 1 is now out for final draft and should be complete by the end of 2016. The other 3 parts are expected to be ready by the end of 2017.


Part 1: deals with the vocabulary and main components you typically find in an SLA. It is important to have the same vocabulary so everyone’s on the same page. 13 elements have been defined and should be part of all SLAs. These are the key elements for discussions between CSPs and their prospective partners.

SLA-Ready’s Common Reference Model leverages the terminology and components defined by ISO/IEC 19086 Part 1.


Part 2: a framework for cloud metrics related to aspects such as availability and uptime, etc. The issue is that each CSP uses different ways of measuring them. The framework enables you to create an SLA metric and define how you will measure it. This will lead to the development of a catalogue of SLA metrics for choosing metrics that best fit business needs.

SLA-Ready has been a major contributor to this ISO/IEC 19086-2 standard, and will soon leverage EU research on machine-readable Cloud SLAs.


Part 3: deals with core requirements, that is, all those elements you need to have in your contract to be compliant with the standard.

SLA-Ready’s customer good practices are aligned with the CSP compliance requirements documented in ISO/IEC 19086-3. Furthermore, SLA-Ready is contributing with the SME perspective/expectations to this standard.


Part 4: is standardisation work taking place in SC27, which focuses on security and privacy.

This is a key aspecy for SLA-Ready and its experts in this field, aiming to ensure also that the security and data protection levels are not only included in the SLA but are also measurable.


The ultimate goal of current Cloud SLA standardisation efforts is to pave the way for automating the process of defining and measuring a cloud contract, its SLAs and metrics to meet specific business needs while taking less time to spin up a cloud service and spin it down again.

Since its conception, the ISO/IEC 19086-4 has become a priority for SLA-Ready, as reflected by the project’s contributions to it.

The SLA-Ready Common Reference Model, provides missing guidelines that CSPs and customers need to get the best possible deal for both sides.  It also comes in very handy in terms of the legal aspects not currently covered by international standard but also particularly helpful for small firms that cannot afford a legal consultant.


The CRM and complementary SLA-Ready tools and services are all specifically designed to foster best practice implementations and give practical guidelines that help customers know what to expect, what to do and what to trust catering to different levels of knowledge, from novice to advanced. The ultimate goal of SLA-Ready is foster safer and fairer contracts that customers (in particular European small and medium sized-enterprises, SMEs) feel more comfortable with and therefore are more likely to sign up for.


Watch the video interview with John Messina, NIST recorded by GovTechWorks during Advanced Technology Academic Research Center (ATARC) Cloud Summit in Washington.