Sarbanes-Oxley IT Compliance Using Open Source Tools, Second Edition

While you might associate Service Level Agreements with a service you might provide to customers, you can also consider your IT group as a service organization to the company in general, end users of systems and applications being your "customers". The combination of Policies and Service Level Agreements is what defines and articulates the IT goals and the expected results of the delivery of those goals to the company. From the top down executive view you should ask the question "what am I paying for and what can I expect in return?" From the bottom up user perspective these define how they can expect to get their work done, and finally from a SOX perspective you now have a basis in which to establish how you will test your environment and demonstrate compliance. This will ultimately become a key area of focus when you actually undergo your audit. In the case study for NuStuff Electronics we provide some sample Service Level Agreements for you to consider, and while these examples are simple and will not completely satisfy the individual needs of your organization they do illustrate the sections that should address when writing your own SLAs.
| Tip | The sample SLAs provide in part on the CD are based on the standard templates available from NextSLM.org, which provides information concerning the strategies and practices surrounding IT service level management. In addition to templates they provide tips, recommendations and guidelines for managing IT as a service organization. For more... |