AS ISO/IEC 19086.3:2023 identically adopts ISO/IEC 19086 3:2017, which specifies the core conformance requirements for service level agreements (SLAs) for cloud services based on ISO/IEC 19086 1 and guidance on the core conformance requirements
Table of contents
Header
About this publication
Preface
Foreword
1 Scope
2 Normative references
3 Terms and definitions
4 Abbreviated terms
5 Conformance
6 Relationship between the cloud service agreement and cloud SLAs
7 Cloud SLA Management
8 Role of cloud service level objectives, cloud service qualitative objectives, metrics, remedies, and exceptions in the cloud SLA
9 Cloud SLA components
9.1 General
9.2 Covered services component
9.3 Cloud SLA definitions component
9.4 Service monitoring component
9.4.1 General
9.4.2 Monitoring parameters
9.4.3 Monitoring mechanisms
9.5 Roles and responsibilities component
10 Cloud SLA content areas and their components
10.1 General
10.2 Accessibility content area
10.2.1 Accessibility component
10.2.2 Accessibility standards
10.2.3 Accessibility policies
10.3 Availability content area
10.3.1 Availability component
10.3.2 Availability
10.4 Cloud service performance content area
10.4.1 General
10.4.2 Cloud service response time component
10.4.2.1 General
10.4.2.2 Cloud service maximum response time observation
10.4.2.3 Cloud service response time mean
10.4.2.4 Cloud service response time variance
10.4.3 Cloud service capacity component
10.4.3.1 General
10.4.3.2 Limit of simultaneous cloud service connections
10.4.3.3 Limit of available cloud service resources
10.4.3.4 Cloud service throughput
10.4.3.5 Cloud service bandwidth
10.4.4 Elasticity component
10.4.4.1 General
10.4.4.2 Elasticity speed
10.4.4.3 Elasticity precision
10.5 Protection of personally identifiable information (PII) content area
10.6 Information security content area
10.7 Termination of service content area
10.7.1 Termination of service component
10.7.2 Data retention period
10.7.3 Log retention period
10.7.4 Notification of service termination
10.7.5 Return of assets
10.8 Cloud service support content area
10.8.1 Cloud service support component
10.8.2 Support hours
10.8.3 Service incident support hours
10.8.4 Service incident notification time
10.8.5 Maximum first response time
10.8.6 Maximum incident resolution time
10.8.7 Support plans
10.8.8 Support methods
10.8.9 Support contacts
10.8.10 Service incident reporting
10.8.11 Service incident notification
10.9 Governance content area
10.9.1 Governance component
10.9.2 Regulation adherence
10.9.3 Standards adherence
10.9.4 Policy adherence
10.9.5 Audit schedule
10.10 Changes to the cloud service features and functionality content area
10.10.1 Changes to the cloud service features and functionality component
10.10.2 Minimum service change notification period
10.10.3 Minimum time before feature/function deprecation
10.10.4 Service change notification method
10.11 Service reliability content area
10.11.1 General
10.11.2 Service resilience/fault tolerance component
10.11.2.1 General
10.11.2.2 Time to service recovery
10.11.2.3 Mean time to service recovery
10.11.2.4 Maximum time to service recovery
10.11.2.5 Number of service failures
10.11.2.6 Cloud service resiliency/fault tolerance methods
10.11.3 Customer data backup and restore component
10.11.3.1 General
10.11.3.2 Backup interval
10.11.3.3 Retention period for backup data
10.11.3.4 Number of backup generations
10.11.3.5 Backup restoration testing
10.11.3.6 Backup method
10.11.3.7 Backup verification
10.11.3.8 Backup restoration test reporting
10.11.3.9 Alternative methods for data recovery
10.11.3.10 Data backup storage location
10.11.4 Disaster recovery component
10.11.4.1 General
10.11.4.2 Recovery time objective (RTO)
10.11.4.3 Recovery point objective (RPO)
10.11.4.4 Cloud service provider disaster recovery plan
10.12 Data management content area
10.12.1 Intellectual property rights (IPR) component
10.12.2 Cloud service customer data component
10.12.2.1 Cloud service customer data
10.12.2.2 Cloud service customer data usage
10.12.3 Cloud service provider data component
10.12.4 Account data component
10.12.5 Derived data component
10.12.5.1 General
10.12.5.2 Derived data
10.12.5.3 Derived data usage
10.12.5.4 Derived data access
10.12.6 Data portability component
10.12.6.1 General
10.12.6.2 Data portability capabilities
10.12.7 Data deletion component
10.12.7.1 General
10.12.7.2 Data deletion time
10.12.7.3 Data deletion process
10.12.7.4 Data deletion notification
10.12.8 Data location component
10.12.8.1 General
10.12.8.2 Data location
10.12.8.3 Data location specification capability
10.12.8.4 Data location policy
10.12.9 Data examination component
10.12.9.1 General
10.12.9.2 Data examination
10.12.10 Law enforcement access component
10.12.10.1 General
10.12.10.2 Law enforcement requests
10.13 Attestations, certifications and audits content area
