(ISC)2 Certified in Cybersecurity Practice Exam

What type of agreement is used to define availability requirements for an IT service purchased from a vendor?

• A. ISA
• B. MOU
• C. BPA
• D. SLA

The correct answer is: SLA

The correct answer is a Service Level Agreement (SLA), which is a formal document that outlines the expected level of service between a service provider and a customer. An SLA specifically defines performance metrics, including availability requirements, uptime commitments, response times, and support provisions. This agreement ensures that both parties have clear expectations regarding service delivery, which is essential for maintaining operational continuity and service reliability. SLAs are integral in the context of IT services and vendor relationships, providing a framework for measuring service performance and establishing penalties or remedies for service failures. By outlining these critical elements, SLAs help ensure that the vendor meets the needs of the organization consistently. Other types of agreements, like those mentioned, serve different purposes. An Interconnection Security Agreement (ISA) focuses primarily on secure data exchange and the security measures needed for such interactions. A Memorandum of Understanding (MOU) typically outlines a mutual agreement between parties, but it lacks the enforceable commitments present in an SLA. A Blanket Purchase Agreement (BPA) is used for repetitive purchases of goods and services and does not directly address performance metrics or service levels. Thus, SLAs are uniquely suited to defining availability requirements for IT services.