02-17-2010 12:04 AM
Hi Everyone:
I have been asked to gather information from SAP industry experts on SLA response times specific to security. We are currently creating a new SLA policy for security request/tasks and wanted to ask for general input on how other companies are currently handling this.
Here are a few areas that we are requesting feedback for in regards to SLA response times:
New user requests (ex: 24 hours to complete)
User modifictions
Role modifications
Authorization incidents
Project requests
Any feedback would be greatly appreciated!
Thanks,
Robin
02-17-2010 4:22 AM
Hi Robin,
This is not the forum which will help you in defining SLA's. SLA's are something with varies from client to client as they differ in needs , landscape, architecture etc. For example: Setting up users: It varies for CUA or NON CUA landscape or if GRC tools are used then it again differs. Hence analyze these tasks for your client's landscape and accordingly set up the SLAs.
Let us know if you need any more information on this.
02-17-2010 4:48 AM
Hi Robin,
The prioritization of an incident & service Request will be determined by two factors of the occurring incident & service Request:
1. Service Criticality
2. Business Impact
Level 1 Support (L1)
New user requests
User modifications
Service Request
Access Fault
Password
Lock / Unlock User Account
Level 2 Support (L2)
Authorization incidents
Workaround
Project requests
Level 3 Support (L3)
Bug fix
Role modifications
New Project Requirements
Change Management
Level 4 Support (L4)
New Enhancement
New Developments
New Functionality Requirements
Thanks,
Raja
02-17-2010 8:44 AM
New user requests (ex: 24 hours to complete)
User modifictions : 1day
Role modifications : 2-4day (Depends on approval structure)
Authorization incidents : 2day
Project requests : Depends
02-18-2010 2:40 AM
Hi Robin,
Service Level Agreement is between service provider and Business/customer, which would not be same for all.
You need to analyse from Service Provider point of view and from Business point of view.
For the customer (For Business):
- Impact, Priority,Availability etc.
For the Service Provider (For IT)
- Resource, Complexity, Problem Management process, ownership of SLA based on team, Service ownership structure etc.
This should be defined at the time of your service strategy, If this is part of continuous service improvement than whole process initiates service level management.
02-18-2010 9:40 AM
Hello,
Please also look into the [post|] where we have discussed the factors for support.
You can actually consider this factors and decide the SLA's based on today's support structure you have. Usually maximum time to resolve any type of request is 3 days, however it depends on the time taken for approval and testing.
Regards,
Gowrinadh
02-18-2010 10:47 AM
Hello,
in the companies I experienced we usually had these SLA:
- about 4 hours (working hours) for resetting passwords and unlocking users;
- about 12 hours (working hours) for all authorization incidents and authorization ordinary maintenance (that's to say adding missing authorizations, missing transactions, changing users' master data, creating new users' accounts); about the creation of new SAP users also the approach of the company/person submitting request is an important driver: if the request for the creation of a new user SAP account is submitted just the same day he/she should start working, even 8 hours SLA won't be seen by the end user as a reasonable time.
- for any change to roles resulting from some developements or new projects there were no SLA but the completion time was agreed with the project team.
There could be many other drivers influencing the valuation of these SLA: for instance the ratio between the size of the company and the size of the support team, the number of steps between the user's request and the problem solution (the user's satisfaction can't be measured on the time support team takes to solve the problem, but on the time elapsed from the submission of the request to the solution of the problem).
Hope to be useful and not to be too messy (I fear I mixed technical and psychological considerations).
Best regards,
Andrea