Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SLA recommendations for Security requests

Former Member

‎02-17-2010 12:04 AM

0 Kudos

Hi Everyone:

I have been asked to gather information from SAP industry experts on SLA response times specific to security. We are currently creating a new SLA policy for security request/tasks and wanted to ask for general input on how other companies are currently handling this.

Here are a few areas that we are requesting feedback for in regards to SLA response times:

New user requests (ex: 24 hours to complete)

User modifictions

Role modifications

Authorization incidents

Project requests

Any feedback would be greatly appreciated!

Thanks,

Robin

6 REPLIES 6

Former Member

‎02-17-2010 4:22 AM

0 Kudos

Hi Robin,

This is not the forum which will help you in defining SLA's. SLA's are something with varies from client to client as they differ in needs , landscape, architecture etc. For example: Setting up users: It varies for CUA or NON CUA landscape or if GRC tools are used then it again differs. Hence analyze these tasks for your client's landscape and accordingly set up the SLAs.

Let us know if you need any more information on this.

Former Member
In response to Former Member

‎02-17-2010 4:48 AM

0 Kudos

Hi Robin,

The prioritization of an incident & service Request will be determined by two factors of the occurring incident & service Request:

1. Service Criticality

2. Business Impact

Level 1 Support (L1)

New user requests

User modifications

Service Request

Access Fault

Password

Lock / Unlock User Account

Level 2 Support (L2)

Authorization incidents

Workaround

Project requests

Level 3 Support (L3)

Bug fix

Role modifications

New Project Requirements

Change Management

Level 4 Support (L4)

New Enhancement

New Developments

New Functionality Requirements

Thanks,

Raja

arpan_paik
Active Contributor

‎02-17-2010 8:44 AM

0 Kudos

New user requests (ex: 24 hours to complete)

User modifictions : 1day

Role modifications : 2-4day (Depends on approval structure)

Authorization incidents : 2day

Project requests : Depends

Former Member

‎02-18-2010 2:40 AM

0 Kudos

Hi Robin,

Service Level Agreement is between service provider and Business/customer, which would not be same for all.

You need to analyse from Service Provider point of view and from Business point of view.

For the customer (For Business):

- Impact, Priority,Availability etc.

For the Service Provider (For IT)

- Resource, Complexity, Problem Management process, ownership of SLA based on team, Service ownership structure etc.

This should be defined at the time of your service strategy, If this is part of continuous service improvement than whole process initiates service level management.

Former Member

‎02-18-2010 9:40 AM

0 Kudos

Hello,

Please also look into the [post|] where we have discussed the factors for support.

You can actually consider this factors and decide the SLA's based on today's support structure you have. Usually maximum time to resolve any type of request is 3 days, however it depends on the time taken for approval and testing.

Regards,

Gowrinadh

andrea_brusarestelletti
Active Contributor

‎02-18-2010 10:47 AM

0 Kudos

Hello,

in the companies I experienced we usually had these SLA:

- about 4 hours (working hours) for resetting passwords and unlocking users;

- about 12 hours (working hours) for all authorization incidents and authorization ordinary maintenance (that's to say adding missing authorizations, missing transactions, changing users' master data, creating new users' accounts); about the creation of new SAP users also the approach of the company/person submitting request is an important driver: if the request for the creation of a new user SAP account is submitted just the same day he/she should start working, even 8 hours SLA won't be seen by the end user as a reasonable time.

- for any change to roles resulting from some developements or new projects there were no SLA but the completion time was agreed with the project team.

There could be many other drivers influencing the valuation of these SLA: for instance the ratio between the size of the company and the size of the support team, the number of steps between the user's request and the problem solution (the user's satisfaction can't be measured on the time support team takes to solve the problem, but on the time elapsed from the submission of the request to the solution of the problem).

Hope to be useful and not to be too messy (I fear I mixed technical and psychological considerations).

Best regards,

Andrea