Writing help
EduFixersLawService Level Agreement for Cyber Security and Information Sharing and Collaboration

Service Level Agreement for Cyber Security and Information Sharing and Collaboration

Subject: Law
Pages: 5
Words: 3391
Reading time:
20 min
Study level: PhD
Table of Contents
  1. Introduction
  2. Information Sharing Agreement
  3. Service Level Agreement
  4. Contents of a Service Level Agreement
  5. Sharing Cyber Incident
  6. Collaboration Framework
  7. Conclusion
  8. References

Introduction

Organizations find the sharing of real time information on information communication networks becoming an increasingly vital component in competitively pursuing their business goals. A study by Sen, Raghu and Vinze (2010, p.57) concurs with Jensen (2009, p.98) that information sharing on communications networks exposes the information to existing and emerging trends of Cyber threats, attacks, and possible compromise, which are the major causes of the loss of Confidentiality, Integrity, and Availability (CIA), the cornerstone of information security.

The emerging situation has led organisations to implement tools to counter the situation, which legally binds the parties to the contractual agreements contained in the service level agreements (SLA) document. Service level agreements enable firms to provide information to their prospective and current customers based on agreements, which define the Quality of Service (QoS) that must be maintained to ensure full compliance to the Service Level Objectives (SLOs) as per the specifications stipulated in the law (Jensen, 2009).

The situation on cyber security has entailed the use of information sharing agreements that determine the types of interactions between parties in the information-sharing agreements (Sen, Raghu & Vinze 2010). Service level agreements (SLAs) have special metrics that are used to measure their effectiveness. This study looks at information-sharing agreements, service level agreements, and collaborative frameworks in the IT field.

Information Sharing Agreement

An information-sharing agreement refers to a formal agreement where the exchange of personal information between individuals and organisations takes place. According to Crane (2010, p.34), an information-sharing agreement takes place where organisations or government institutions exchange personal information. The institutions that are exchanging the personal information usually exchange it under a formal concord that is supposed to take care of all the concerns for either party. The simpler definition of information sharing is a process where a party discloses personal information to another party for use in a particular process (Sen, Raghu & Vinze 2010).

An information-sharing contract may exist in various forms, including protocols, memorandum of understanding, treaties, a government ratified the convention, or a formal written agreement (Morris et al. 2014). This form of agreement is binding to all parties that are engaged in the agreement. Legal processes that are involved in the making of this agreement have to be followed for it to be binding for all involved parties. Despite the different forms of information sharing agreements, the determination of whether it is legally binding depends on the consultation of legal experts.

Cyber situational awareness has several frameworks that are covered within it. All parties that engage in these awareness protocols should respect them. One of the legal frameworks involves the determination of the individuals who are involved in cyber situational awareness. The right to privacy is another legal framework to consider in the process. Most global constitutions assure the right to information sharing, while at the same time protecting the freedom of individuals. Engagement in cyber situational awareness should be within the rights of the involved individuals (Hihara 2014).

The cyber situational awareness contract should have several important things, which guarantee the efficiency of the process and the right results. While many researchers on the subject highlight different components of the contract, some of the components are constant (Lim & Jung 2012). The contract should contain time as a major ingredient whilst incorporating multiple events of interest concerning time (Morris et al. 2014).

Space is another important content of the situational awareness system, with the events that occur within a given period being organised sensibly. A good contract contains relevant information that is integrated from different sources with the relevance of this information being related to the application of the contract (Jain, Seshadr & Sohoni 2011). The dynamic nature of the information requires information sharing to change with any changes. Hence, a good contract should maintain dynamism (Fan, Zhang & Yen 2014).

The sharing of cyber security information and intelligence constitutes a major function of intelligence organisations in many countries. The main reason for Cyber security and information sharing in different parts of the world is to allow Cyber situational awareness and Cyber security. Some of the legal implications of this form of information sharing include breach of privacy for Internet users and inaccurate information sharing (Ganesh, Raghunathan & Rajendran 2014).

Governments and other institutions are required to ensure that the citizens enjoy their freedom and rights, including the right to privacy. This right conflicts with the right to security where the government and other institutions protect the rights of their citizens (Yan & Pei 2012). Institutions that share private information and agreements only do so for use in the provision of security and improvement of the general environment in their area (Zhao & Xue 2012). The provision of this security requires the parties to share relevant information for use. Some individuals may also use the shared information and intelligence to cause harm to other parties. Hence, care and thorough scrutiny form a basic component of information sharing.

Some of the other legal implications of cyber security information and intelligence sharing include the likelihood of passing information to the wrong parties with the risk of breach of contract (Belderbos, Van Roy & Duvivier 2013). While an information sharing agreement occurs between two or more parties, some other parties that are not involved in the agreement may also access the agreement or the passed information. The results of this move may be catastrophically calling for the need for the agreement to be within the concerned parties only (Piccolo & Pagnozzi 2013).

Service Level Agreement

Information sharing takes many shapes in organisations as discussed above. A service level agreement defines formally the services that organisations engage in (Demirkan & Goul 2013). Most organisations use service level agreements to define the contract delivery time, which is the time that they take to deliver services or goods (Demirkan&Goul 2013). Internet service providers (ISPs) are some of the institutions that largely apply service level agreements, especially in their engagements with their clientele (Lango 2014). These institutions use plain language as a form of service level agreements.

A simple definition of a service level agreement is that it is an agreement between service providers and their customers, or an agreement between two or more parties on service provision (Lango 2014). The agreement is usually binding between the involved parties. Formal agreements are respected. The agreements are contracts between parties. Therefore, the inclusion of other parties is prohibited unless where there is consensus (Blake et al. 2012). The process of setting up sharing services entails many processes and operations. A major requirement in setting up sharing services is a definition of the parties that are involved in the process of sharing. The service level agreement requires a close understanding between the parties that participate in the agreement since they should have similar interests.

The other requirement for a service level agreement is a legal framework by which the agreement is to take place. A service level agreement is legally binding in cases where the involved parties hold each other legally responsible for the shared information. A sharing service should be targeted to the parties participating in the agreement, especially the consumers (Unger, Mietzner & Leymann 2010). When setting up sharing services, parties should be aware of the implications of these services. This goal is effectively achieved through the formulation of a service level agreement that sets up sharing services where parties have to be committed to respecting the terms of the agreement. None of the parties should reveal the shared information to third parties. Termination of the agreement is a consequence of any violation.

When setting up sharing services, parties have the obligation of respecting the privacy laws in the region and as set by local authorities. Setting up a sharing service also requires the technological input of parties that are involved in information sharing. Technologies that are currently in use in sharing services have been realised after years of innovation where researchers had tried different methods of sharing information from one party to the next.

Modern communication gadgets are effective in sharing services. Parties that intend to have these services should invest heavily in technology. The sharing services that are currently in use utilise technologies from the 20th century. Every day, many innovations enter the market. Effective sharing services should utilise these state-of-the-art communication solutions in the market (Katok, Thomas & Davis 2010).

Several legal concerns with service level agreements and sharing services are also evident. One major concern is the guarantee of privacy in the sharing of this information. While the sharing services usually consist of processes that are intended to make them secure, some of these services usually have loopholes where other parties may utilise to undermine the sharing services and/or risk the safety of the shared information. Poor information sharing may affect both parties. It may have detrimental effects on their interactions. The legal concerns in service level agreements also include misinformation where parties share information that is contrary to their abilities (Goo, Huang & Hart 2010). The misinformation during service level agreements usually leads to legal concerns for the involved parties.

Organisations usually engage in the provision of quality services and goods to their clients to attain high competitiveness in their respective markets. Some of the organisational concerns during sharing services and service level agreements include the delivery of accurate information to customers and clients. Usually, organisations attain their goal of improving performance through participation in service level agreements where they plan to maintain their current clients and attract a larger client base.

The other concern for organisations includes developing the right skills in the industry and ensuring that they are ahead of their competitors. Organisations usually highlight the differences between them and their competitors, with the expected results being improved performance in the market. The concerns that organisations have included making agreements that they are unable to fulfil (Lango 2014).In terms of reputation and image, organisations are concerned with the likelihood of poor performance in the same field. Inadequate service level agreements accord organisations poor reputation in addition to harming their corporate image. The result of this situation is poor performance in the industry. Service level agreements in different parts of the world are dependent on the individuals who are involved in decision-making.

Service level agreements are important in several ways. When made between willing parties, organisations can market themselves and increase their market dominance. The service level agreements also allow clients and customers to choose between organisations that are in direct competition. The best agreements attract significantly larger customer populations. Service level agreements are also important since they make organisations objective and devoted to their service delivery (Bruce 2013). When service level agreements are made, organisations deliver the best services to their customers because they are bound by the agreement(Bruce 2013). Therefore, the result of this agreement is improved service delivery to clients of particular organisations.

Service level agreements are important in the service industry where organisations deliver service to individuals and other organisations. The agreements allow improvements in service delivery since organisations can benchmark and compete on a global scale. Most organisations with effective service level agreements enjoy significant success in their respective industry. The customer is better convinced with a service level agreement in place (Kauffman & Sougstad 2010). Therefore, the benefits of a service level agreement are mutual since customers and organisations benefit.

Contents of a Service Level Agreement

A service level agreement has several contents. In the case of Internet service providers, the SLA defines the duration of service provision. SLA contains the amount of time that the service providers will provide the required services to their customers and/or prospective clientele (Sieke, Seifert & Thonemann 2012). The provision of this time percentage allows convenience since the operations are performed smoothly. Most Internet service providers have a limit to the users that their system can support at any given time. Therefore, as a rule, SLA for these companies usually contains the users that they can handle at any one time (Liang & Atkins 2013).

Benchmarks are important in the IT industry.SLAs provide a platform where organisations in this industry provide their benchmarks. ISPs usually provide performance benchmarks in their SLAs, with performance being compared to these benchmarks (Liang & Atkins 2013). These organisations also provide notifications for any changes that may affect the use while any arising problems are highlighted in the SLA. Clients for Internet providers often experience some common problems in their interactions with these companies. Therefore, SLAs contain some of the frequently asked questions that may be a guide for clients (Liang & Atkins 2013).

Most SLAs provide help desks for the different problems that the clients experience. Some of them (help desks) also contain a ‘dial-in access availability’ (Hausken 2007). The organisations are heavily dependent on usage statistics. Hence, they provide these statistical findings in their SLAs (Bruce 2013).

Important points that this agreement should contain include the price of the various services and/or how they will vary with time. The agreement should also have the expected service delivery procedures in addition to what the customers should expect. Any interruption with service delivery should be highlighted in the SLA (Bruce 2013). SLAs should also have benchmarks in service delivery for the organisations under which they are applied. For organisations with adequate service delivery, the SLAs should provide some of the experiences that the organisation has had in the past with clients. The most asked questions by clients should be highlighted with appropriate answers being made available.

Sharing Cyber Incident

The above discussion indicates that Cyber information sharing is better if a Cyber information-sharing agreement is in place. Cyber information sharing will benefit an organisation because of the agreement since the involved parties will have to engage in a formal agreement where they are in control of the agreement. In most institutions where information-sharing agreements are in place, the relationship between clients and the organisation is fairly better. Therefore, Cyber information sharing will gain from Cyber information sharing agreements (Bruce 2013). Cyber information agreements are not difficult to construct. Firms can greatly improve their performance just by implementing these terms as the only change in their organisation (Audy et al. 2012). My personal opinion is that Cyber information sharing agreements make it easy for organisations to control their performance and output.

The important metrics in any information sharing agreement correspond with the objectives of the agreement. According to Bruce (2013, p.45), the most important operations in an organisation should dictate the metrics that the organisations choose. Such metrics should also be easily monitored, with automated systems providing the best details (Bruce 2013). In the present case, the metrics include the availability of the service and the time that this service is accessible to clients. The other metric that should be included in the defect rate, which is the error in percentage that the organisation is liable to make in service delivery.

Sharing security clearance is important. This move is a personal opinion that it should aid in the sharing of information between organisations and their clients or other parties. Sharing security clearance enables organisations to make the best decisions on who should access their information. A security clearance is a way of limiting access to sites that are controlled by an organisation (Audy et al. 2012). According to Bruce (2013), sharing security clearance builds confidence among organisational clients, ensuring that they can engage constructively. The sharing of security clearance is a practice that is common in the telecommunications communications sector. The practice is intended to make the sector efficient.

A security clearance allows only parties to an informal agreement to access this information. External parties are prevented from accessing this information based on their non-participation in the agreement. However, with security clearance; these parties may access the information (Hop et al. 2014). In most cases, sharing of security clearance leads to compromise of information and information sharing. Parties that are involved in information sharing have to agree on the clearance levels before this clearance is accorded to them (Audy et al. 2012). Legal implications are evident in the sharing of security clearance. Firms in the telecommunications sector have to abide by the local laws and the existing information agreements.

Security clearances inhibit the ability to do an exchange of information in the telecommunications s sector (Hop et al. 2014). The existence of security clearances acts to stop the organisations from agility in the exchange of information. The presence of security clearances in most cases occurs in organisations that have important information to safeguard. The presence of security clearance also locks out some parties from an information-sharing agreement because of reduced confidence in these parties (Hop et al. 2014). Therefore, the presence of security clearance works against organisations by reducing the level of confidence (Yoshimura 2012).

On the other hand, sharing security clearance may improve relations between firms in the telecommunications sector and their relationship with their clients. The result of this improved interaction is better service delivery and improved competition between the firms (Mallinder & Drabwell 2013; Morgan 2010).

IT service providers formulate service level agreements that are based on their strength in the industry. Where these overhaul level contracts include several facility performance units with equivalent aims, their service delivery is often aggressive. According to Mallinder and Drabwell (2013, p.98), organisations with numerous service performance metrics have better benchmarks compared to those that have fewer metrics.

Therefore, these organisations tend to provide services to their clients as compared to their counterparts. The existence of better benchmarks and more metrics in telecommunications s allows organisations to establish their client base. IT service providers such as telecommunications companies often have to include many service performance metrics in the SLA, the benefit of which is improved service delivery. The high competition in the industry is also a reason for these organisations to formulate many metrics in their SLAs.

Collaboration Framework

A collaboration framework is crucial in the interaction between organisations in any industry, especially in the IT sector. The presence of a collaboration framework allows parties to engage in a formal and organised manner, especially where decisions have to be made regarding the interaction between parties (McCusker et al. 2013). According to Schmeil, Eppler, and de Freitas (2012, p.56), collaboration requires constant communication between parties, with social negotiation being a key part of this interaction. The collaborative framework establishes personal boundaries in interactions, the interests between parties, and the objectives of each of the parties (Willumsen, Ahgren & Ødegård 2012). Where organisations are in direct competition, a collaborative framework may be applied where there is a need to highlight the stakes in their engagement (Schmeil, Eppler & de Freitas 2012).

A collaborative framework will be important in the development of a personal framework where the collaboration will increase the available information. According to Nadarajah and Bookbinder (2013, p.98), the existence of a collaboration framework works in the way of increasing the output of organisations and keeping their partners in check. The existence of a collaboration framework will increase the availability of know how at various levels and sages in information sharing.

This plan ensures that the parties that are involved in information development and sharing get the most out of the agreement. The presence of a facility such as a dashboard can encourage organisations to practice information sharing (Han & Kim 2014). The reason for this suggestion is that such facilities enhance the sharing of information through increased collaboration and inter party interactions. Service level agreements that are associated with facilities such as a dashboard include IT service level agreements and the operational service level agreements between organisations.

Conclusion

Information is an important part of contemporary society. IT service providers have grown in importance over the years. The interaction between these organisations and their clients or between organisations is dictated by special contracts that allow responsible information sharing. This paper has evaluated the information sharing agreements between parties in addition to how they affect the performance of these parties.

When the information sharing agreements are in place, organisations can improve service delivery. Other concepts that have been discussed include the service level agreements that define the interactions between organisations and their clients. This strategy enables parties to define the quality of services that other parties should expect. A collaborative framework has also been highlighted. The benefits of this interaction have been highlighted in the paper.

References

Audy, J, Lehoux, N, D’Amours, S & Rönnqvist, M 2012, ‘A framework for an efficient implementation of logistics collaborations, International Transactions In Operational Research, vol. 19 no. 5, pp. 633-657.

Belderbos, R, Van Roy, V & Duvivier, F 2013, ‘International and domestic technology transfers and productivity growth: firm level evidence’, Industrial & Corporate Change, vol. 22 no. 1, pp. 1-32.

Blake, M, Cummings, D, Bansal, A & Kona Bansal, S 2012, ‘Workflow composition of service level agreements for web services’, Decision Support Systems, vol. 53 no. 1, pp. 234-244.

Bruce, N 2013, Service Level Agreement 56, Brisbane, Australia, Emereo.

Creane, 2010, ‘Input Suppliers, Differential Pricing, and Information Sharing Agreements’, Journal Of Economics & Management Strategy, vol. 17 no. 4, pp. 865-893.

Demirkan, H & Goul, M 2013, ‘Taking value-networks to the cloud services: security services, semantics and service level agreements’, Information Systems & E-Business Management, vol. 11 no. 1, pp. 51-91.

Fan, J, Zhang, P & Yen, D 2014, ‘G2G information sharing among government agencies’, Information & Management, vol. 51 no. 1, pp. 120-128.

Ganesh, M, Raghunathan, S & Rajendran, C 2014, ‘Distribution and Equitable Sharing of Value From Information Sharing Within Serial Supply Chains’, IEEE Transactions On Engineering Management, vol. 61 no. 2, p. 225.

Goo, J, Huang, C & Hart, P 2010, ‘A Path to Successful IT Outsourcing: Interaction Between Service-Level Agreements and Commitment’, Decision Sciences, vol. 39 no. 3, pp. 469-506.

Han, S & Kim, J 2014, ‘A service composition oriented framework for configuring SMeet multiparty collaboration environments’, Multimedia Tools And Applications, vol. 3 no. 1, p. 595.

Hausken, K 2007, ‘Information sharing among firms and Cyber attacks’, Journal Of Accounting & Public Policy, vol. 26 no. 6, pp. 639-688.

Hihara, K 2014, ‘An analysis of airport-airline vertical relationships with risk sharing contracts under asymmetric information structures’, Transportation Research Part C, vol. 1 no. 1, p. 80.

Hop, G, Mourits, M, Oude Lansink, A & Saatkamp, H 2014, ‘Cross-border Collaboration in the Field of Highly Contagious Livestock Diseases: A General Framework for Policy Support’, Transboundary And Emerging Diseases, vol. 61 no. 4, pp. 300-315.

Jain, A, Seshadri, S &Sohoni, M 2011, ‘Differential Pricing for Information Sharing Under Competition’, Production & Operations Management, vol. 20 no. 2, pp. 235-252.

Katok, E, Thomas, D & Davis, A 2010, ‘Inventory Service-Level Agreements as Coordination Mechanisms: The Effect of Review Periods’, Manufacturing & Service Operations Management, vol. 10 no. 4, pp. 609-624.

Kauffman, R & Sougstad, R 2010, ‘Risk Management of Contract Portfolios in IT Services: The Profit-at-Risk Approach’, Journal Of Management Information Systems, vol. 25 no. 1, pp. 17-48.

Lango, J 2014, ‘Toward Software- Defined SLAs’, Communications Of The ACM, vol. 57 no. 1, pp. 54-60.

Liang, L & Atkins, D 2013, ‘Designing Service Level Agreements for Inventory Management’, Production & Operations Management, vol. 22 no. 5, pp. 1103-1117.

Lim, Y & Jung, K 2012, ‘Conflict of Interest or Information Sharing? Evidence from Affiliated Analyst Performance in Korea’, Contemporary Accounting Research, vol. 29 no. 2, pp. 505-537.

Mallinder, J & Drabwell, P 2013, ‘Cyber security: A critical examination of information sharing versus data sensitivity issues for organisations at risk of Cyber attack’, Journal Of Business Continuity & Emergency Planning, vol. 7 no. 2, pp. 103-111.

McCusker, J, Yaffe, M, Sussman, T, Kates, N, Mulvale, G, Jayabarathan, A, Law, S & Haggerty, J 2013, ‘Developing an Evaluation Framework for Consumer-Centred Collaborative Care of Depression Using Input From Stakeholders’, Canadian Journal Of Psychiatry, vol. 58 no. 3, pp. 160-168.

Morgan, J 2010, ‘A Systems Psychodynamic Framework for Inter-agency Collaboration’, Socio-Analysis, vol. 12 no. 2, p. 19.

Morris, B, Kleist, V, Dull, R & Tanner, C 2014, ‘Secure Information Market: A Model to Support Information Sharing, Data Fusion, Privacy, and Decisions’, Journal Of Information Systems, vol. 28 no. 1, pp. 269-285.

Nadarajah, S & Bookbinder, J 2013, ‘Less-Than-Truckload carrier collaboration problem: modelling framework and solution approach’, Journal Of Heuristics, vol. 6 no. 1, p. 917.

Piccolo, S & Pagnozzi, M 2013, ‘Information sharing between vertical hierarchies’, Games And Economic Behaviour, vol. 1 no. 1, p. 201.

Schmeil, A, Eppler, M & de Freitas, S 2012, ‘A Structured Approach for Designing Collaboration Experiences for Virtual Worlds’, Journal Of The Association For Information Systems, vol. 13 no. 10, pp. 836-860.

Sen, S, Raghu, T & Vinze, A 2010, ‘Demand Information Sharing in Heterogeneous IT Services Environments’, Journal Of Management Information Systems, vol. 26 no. 4, pp. 287-316.

Sieke, M, Seifert, R &Thonemann, U 2012, ‘Designing Service Level Contracts for Supply Chain Coordination’, Production & Operations Management, vol. 21 no. 4, pp. 698-714.

Unger, T, Mietzner, R & Leymann, F 2010, ‘Customer-defined service level agreements for composite applications’, Enterprise Information Systems, vol. 3 no. 3, pp. 369-391.

Willumsen, E, Ahgren, B & Ødegård, A 2012, ‘A conceptual framework for assessing interorganisational integration and interprofessional collaboration’, Journal Of Interprofessional Care, vol. 26 no. 3, pp. 198-204.

Yan, R & Pei, Z 2012, ‘Incentive-Compatible Information Sharing by Dual-Channel Retailers’, International Journal Of Electronic Commerce, vol. 17 no. 2, pp. 127-157.

Yoshimura, M 2012, ‘Framework and methodologies for maximising achievements of product designs by collaborative works’, Journal Of Engineering Design, vol. 23 no. 9, pp. 674-695.

Zhao, X & Xue, L 2012, ‘Competitive Target Advertising and Consumer Data Sharing’, Journal Of Management Information Systems, vol. 29 no. 3, pp. 189-222.

Figure 1: Table showing the variables of service level agreement.

Variable Number Variable Name Variable Description Variable Reference
1 Access control This variable is crucial in determining the system access privileges, who, and what to access. (Audy, Lehoux, D’Amours & Rönnqvist 2012)
2 Monitoring This is a variable that can be used to determine whether an element of the SLA has been violated. Monitoring is classified into weighted, all-or-nothing, partial, and ‘weighted partial’. The total cost of the incidents that have been prevented, the incidents discovered, attack attempts, and the compliance of the system to the latest security patches is part of the monitoring requirements of the SLA. (Belderbos, Van Roy, & Duvivier 2013)
3 Resources This variable focuses on sharing resources as contained in the contractual components of the service level agreements, which bind parties on how to share information between themselves and the type of information to share. Information can be the type and attempted attacks, successful attacks, unsuccessful attacks, and the responsibility of the parties in the agreement. (Blake, Cummings, Bansal & Kona Bansal 2012)
4 Cyber information This variable provides detailed information on the kind of information that is shared between the client and the company. The metric enables an organisation to identify the customers served by the company. (Bruce 2013)
5 Sharing agreements This variable ensures that the right information is shared between the parties in the agreement. Each party should honour the terms in the agreement. The conditions of the agreement and any variations are stipulated in the SLA document. (Creane 2010)
6 Time The contract delivery time, the service and the period within, which the terms of contract between the parties are binding. (Demirkan & Fan Zhang & Yen 2014)
7 Breach of contract This variable ensures that if the components in the contract are violated, the penalties associated with the contract are administered accordingly. (Ganesh, Raghunathan & Rajendran 2014)
8 Misinformation This variable depicts the legal implications, which result when either party, which is bound by the contract, violates the integrity of information and the trust between the parties in the contract. (Goo, Huang & Hart 2010)
9 Contract management This is a crucial variable, which denotes the length of service the service provider renders to the customer and provides a review of the prevailing terms of agreement to determine the need to renew any components in the contract. There is need to ensure that the terms of the contract and the procedures therein are adhered to. (Han & Kim 2014)
10 Expected Service Requirements This variable explains the need for the services to be to the desired quality and not to be compromised. A compromised service adversely affects the quality of services and the expected outcomes from the service being rendered to the customer. (Hausken 2007)
Service assumptions The variable explains the type of assumptions contained in the SLA document. Such assumptions include the attempted attacks, the cost of the attacks which have been successfully thwarted, the system parches, and the compliance of the system to Cyber security agreements.
IT charging costs The variable provides a discussion of the service costs based on the capacity to provide the IT services required by the customer.
Contract maintenance Discusses the need to ensure that the elements of the contract are held by all the parties who are the signatories to the SLA document.
Signature blocks Discusses the information contained in the vulnerability assessment reports. (Hausken 2007)
11 Customer Responsibilities This variable is crucial in explaining the responsibilities of the customer in protecting and responsible use of information. (Hihara 2014)
12 Integrity This variable explains the ability to ensure that the messages or information on transmission cannot be compromised or is presented as it is between the parties. The variable is one of the fundamental cornerstone elements of information security, which constitutes confidentiality, integrity, and availability (CIA). (Hop, Mourits, Oude Lansink & Saatkamp 2014)
13 Vulnerabilities Discusses how best to secure information that is being shared between the parties in the SLA document to ensure information is not compromised. All the weaknesses of the agreement and leakages are covered in the agreements. (Jensen 2009)
14 IT Charging
Costs		 This is a variable that explains the cost of delivering the services to the client and the metric used to evaluate and determine the cost of the services. (Jain, Seshadri & Sohoni 2011)
15 Communication This variable illustrates the capacity to share information between different parties and the positive effects of communicating between different parties in the SLA document. The method and context, and content of information are crucial as spelt in this agreement. (Katok, Thomas & Davis 2010)
16 Contract
Responsibilities		 This variable describes the relationships between the personnel responsible for ensuring that the terms of the contract are adhered to. It also explains the dispute resolution mechanism if a system is attacked and compromised. (Kauffman & Sougstad 2010)
17 Signatures Provides a detailed explanation on the part of customers in signing into the SLA document binding the customer and the service provider to the elements in the contract. (Lango 2014)
18 users This variable is used to quantify the number customers affected by the SLA variables who rely on the quality of services provided. It also provides a list of the services to be provided to the customer and the expected quality of those services. (Liang & Atkins 2013)
Performance The variable provides a benchmark of companies to evaluate the services and agreements between the customers and the quality of services being offered by the companies. Performance is a metric that can be used to compare the effectiveness of different organisation on SLA.
19 Contract elements These elements define what binds the parties together and the obligations to each other and the penalties, which can be administered either party fails to honour the agreement. (Lim & Jung 2012)
20 Contract maintenance Provides an explanation of the effect the failure to maintain the terms of the agreement to protect information from unauthorised attacks and compromise has on either parties. (Mallinder & Drabwell 2013)
21 Collaboration This is a variable, which explains the relationship established between organisations and the type of information to share between the companies. (McCusker, Yaffe, Sussman, Kates, Mulvale, Jayabarathan, Law & Haggerty 2013)
22 Time This is when the contract is binding between the parties and the obligations of each party to the terms of the contract. (Morgan 2010)
23 Service assumptions The variable provides a detailed explanation of the assumptions about the services being offered based on the security management elements stipulated in the SLA document. Morris, Kleist, Dull & Tanner 2014
24 Service assumptions This variable focuses on the service level assumptions based on the accuracy, timely provision of solutions, and other elements, which lead to client satisfaction. (Nadarajah & Bookbinder 2013)
25 IT charging costs This variable explains the cost of sharing information at different levels or hierarchies and the need to ensure that the information shared is in accordance with the SLA contractual terms. (Piccolo & Pagnozzi, 2013)
26 Contract maintenance This variable is about the ability to maintain the terms of the contract to ensure that compliance with latest system requirements are adhere to reduce the vulnerability level of information. (Schmeil, Eppler & de Freitas 2012)
27 Performance effectiveness This is a metric for measuring any deviations from the elements of the contract between parties involved in the SLA document. (Sen, S, Raghu & Vinze 2010)
28 Service assumptions This variable is about assumptions, which include the fact that certain tests have been done and are reliability acceptable by all employees in the organisation. (Sieke, Seifert & Thonemann 2012)
29 Statutory requirements This variable explains the statutory requirements, which bind different parties to the contract and the penalties associated with violating any of the terms of the contract. (Unger, Mietzner, & Leymann 2010)
30 Confidentiality This variable is important in explaining what type of information should be shared and how and when to be shared between organisations and their customers. (Willumsen, Ahgren, & Ødegård 2012)
31 Individual rights This variable shows the obligations the government and other institutions have in protecting the rights of the customers to enforce confidentiality and privacy of information. (Yan & Pei 2012)
32 Confidentiality These variables describe the trust existing between the two parties who have signed a service level agreement. (Yoshimura 2012)
33 Availability This is a variable, which describes the need to make data and information available to customers and when they need the data. It is a component of information security, which is crucial for business organisations to maintain. (Zhao & Xue 2012)