Why less is more with SLAs

We were recently working with a financial services enterprise who was in the process of outsourcing several key service areas in IT and HR towers to 2 major providers.

As we engaged in the process to determine the critical and key metrics that need to be measured, reported and tracked for SLA compliance, it dawned on them, in their enthusiasm to contractually cover all possible performance indicators - they had not fully thought about what they would do with the performance metrics that were reported and what would be the appropriate action on a breach of a service level.

Which brings us to the first rule of SLAs - construct SLAs on metrics that are actionable and that have a clear business or user impact (on meeting targets or falling below minimum service levels). There may be other operational metrics that would be useful to track and report - though, these may not be good candidates to base SLAs on.

For example, it may be somewhat useful to track the responsiveness and resolution of severity-3 and severity-4 tickets, though the business or user impact of an SLA based on these metrics for such tickets may be minimal.

Also, should a vendor be penalized for meeting the SLA target on severity-1 and severity-2 tickets but missing a monthly SLA for severity-3 tickets?

Who should be notified on such a breach? What would they do? Is it worthwhile doing a root-cause analysis of this breach? If the answer to these questions is "no" - the metric is not a good candidate for an SLA.

The client ended up with less than 50 SLAs across the two towers, though they had over 250 operational metrics that they were planning to track and report.