We’re trying to come to an agreement with a SaaS vendor about performance and availability service level agreements (SLAs).  I discussed this topic some in my previous “SaaS Headaches” post.  I thought it would be instructive to show people the standard kind of “defense in depth” that suppliers can have to protect against being held responsible for what they host for you.

We’ve been working on a deal with one specific supplier.  As part of it, they’ll be hosting some images for our site.  There’s a business team primarily responsible for evaluating their functionality etc., we’re just in the mix as the faithful watchdogs of performance and availability for our site.

Round 1 – “What are these SLAs you speak of?”  The vendor offers no SLA.  “Unacceptable,” we tell the project team.  They fret about having to worry about that along with the 100 other details of coming to an agreement with the supplier, but duly go back and squeeze them.  It takes a couple squeezes because the supplier likes to forget about this topic – send a list of five questions with one of them being “SLA,” you get four answers back, ignoring the SLA question.

Round 2 – “Oh, you said ‘SLA’!  Oh, sure, we have one of those.”  We read the SLA and it only commits to their main host being pingable.  Our service could be completely down, and it doesn’t speak to that.  Back to our project team, who now between the business users, procurement agent, and legal guy need more urging to lean on the supplier.  The supplier plays dumb for a while, and then…

Round 3 – “Oh, performance and availability of the service we’re supposed to be providing you!  Yeah, we have that.”  From somewhere comes a huge set of legalese with definitions of “to the glass” performance and everything.  Until this week they had “no idea” what we meant about a service performance SLA.  So we read that – the definitions look good, but now we go down to the remedies.  They define all these performance metrics, but down in the clause that says “you get money back if we jack it up” they carefully only list their total ping outages.  And you can only get compensation for one of these total outages if you report it *during* the outage.  And if you do that, you get a credit for 1/10 of your monthly bill.  No dice.  So back to the project team.  The procurement agent is very concerned that having to continuously work on this will interefere with has carefully crafted deal.  “Sorry, no SLA no go,” we say.  Meetings worth of internal friction occur, until we go back to the vendor yet again.

Here’s where you get into the truly deceptive territory.  If you read the SLA, up front you see all these definitions and tables about “to the glass performance” and “over DSL!” and everything so you think “great, it’s taken into account!”  But their lawyers have done their job well, so they can put in all the stuff they want but if down in the bottom it doesn’t say “and if we don’t live up to that we give you money back” it’s worthless.

Round 4 – Still pending.  But we’ve seen this all before, this supplier isn’t unique by any means.  We’ll get another two drafts in before we’re done, assuming that our business users don’t freak out and just say “we’ll accept the risk!!!” and sign the contract.

Next will come up how it’s measured.  The supplier will say “we’ll measure it!  Trust us!”  Obviously that’s stupid.  We usually pay for a Keynote or similar monitor as an impartial third party (expensive, but less expensive than a sucky SaaS service).  Then they’ll try one final draft where they’ll say they’re accepting all our terms but will cleverly revert one of the earlier edits to break the link between definitions and remedies.  It’s like there’s some script they all follow.

And every supplier does this.  It’s how they “protect” themselves.  This isn’t a fly by night operation, it’s a large supplier and 90% of you have their software loaded up on your PC right now.   They rely on you either not bothering with the SLA in the first place, or not reading it carefully enough, or not having the gumption to go 6 rounds with them to get an enforceable one in place.  That’s good odds for them.  Don’t accept it.  You’re paying for a service and you deserve to get that service, and get your money back if they don’t supply it in a usable way.