Sample SLAs

This page is a sample set of Service Level Agreements (SLAs) for various types of IT services. SLAs are agreements between a service provider and a customer that define the level of service that the provider will deliver, as well as the consequences if they fail to meet those standards. The sample SLAs cover areas such as data center operations, network availability, and help desk services, among others. They are intended to provide a starting point for organizations that are developing their own SLAs, but they should be customized to fit each organization's specific needs and circumstances.

What are some sample SLAs and how do they align with Veeam?
What is a Service Level Agreement? What is RPO and RTO? If you want to better manage your customer (internal or external) expectations, a service level agreement (SLA) may be worth considering. An SLA is a negotiated agreement designed to create a common understanding and expectation about services, priorities and responsibilities.

• SLA Definition

• Designing Meaningful Recovery Point Objective & Recovery Time Objective Policies

BIA: A Business impact analysis (BIA) is a systematic process to determine and evaluate the potential effects of an interruption to critical business operations as a result of a disaster, accident or emergency.

• What Is Business Continuity? - January 16, 2023  - 4 min to read

CBF: Critical Business Function - Essential functions critical to business operations.

RTO vs RPO, what's the difference?

NOTE: Data should be categorized/classified based on importance and sensitivity (Governance).

By  implementing SLAs,  you can  specify exactly what is (and is  not) covered,  document roles and  responsibilities of  both parties, and  define service  prerequisites  that set  you up  for success. 

• Identify specifically  what is and is not covered to avoid confusion.

• Define availability and contact information.

• Monitor compliance by measuring your progress against SLA goals. Rely on reporting to help you keep customers aware of how you’re meeting and exceeding your SLA promises.

• Automate reporting.  Providing real-time performance to customers through automated reporting provides full transparency into the real status of the agreed upon metrics.

[Blog Series] How to Design and Implement a Backup System Based on SLA Policies

The following are samples only / Consider using tags as part of your SLA strategy: Amazing Power of Tags

SLA Label: "Gold"

• Mission-critical applications that require an RTO/RPO of less than 15 minutes

• Performance Expectations: High

• Availability Expectations: 99.999% / Five Nines: 5.26 minutes of unplanned downtime per year.

• Tier 3 or 4 data center.

• Retention Points: 37 over 6 years (21 daily, 4 weekly, 6 monthly, and 6 yearly recovery points).

• Backups should be immutable for 65 days.

• Data should be encrypted.

• Utilize the 3-2-1-1-0 rule.

• Use VBR with a PERFORMANCE TIER and a CAPACITY TIER and GFS retention (see below).

• Use CDP (Continuous Data Protections) to replicate systems to an alternate location (a DR site) for availability requirements. <1 hour RTO

• Use VDRO to automate your recovery process.

• Use Veeam Instant Recovery to meet RTOs.

• Use Veeam ONE for continuous monitoring and forecasting.

• Use Veeam SureBackup to test your recovery.

SLA Label: "Silver"

• Business-critical applications that require RTO of 2 hours and RPO of 4 hours

• Performance Expectations: Medium-High

• Availability Expectations: 99.99% / Four Nines: 52.60 minutes of unplanned downtime per year.

• Tier 2 or better data center

• Retention Points: 32 over 3 years (21 daily, 4 weekly, 4 monthly, and 3 yearly recovery points).

• Backups should be immutable for 45 days.

• Data should be encrypted.

• Utilize the 3-2-1-1-0 rule.

• Use VBR with a PERFORMANCE TIER and a CAPACITY TIER and GFS retention (see below).

• Use VBR to replicate systems to an alternate location (a DR site) for availability requirements. >1 hour RTO

• Use Veeam Instant Recovery to meet RTOs.

• Use Veeam ONE for continuous monitoring and forecasting.

• Use Veeam SureBackup to test your recovery.

A Label: "Bronze"

• Non-critical applications that require RTO of 4 hours and RPO of 24 hours

• Performance Expectations: Medium-Low

• Availability Expectations: 99.9% / Three Nines: 8.77 hours of unplanned downtime per year.

• Tier 1 or better data center

• Retention Points: 14 over 2 years (7 daily, 2 weekly, 3 monthly, and 2 yearly recovery points).

• Backups should be immutable for 20 days.

• Data may or may not be encrypted.

• Utilize the 3-2-1-1-0 rule.

• Use VBR with a PERFORMANCE TIER and a CAPACITY TIER and GFS retention (see below).

• Use Veeam Instant Recovery to meet RTOs.

• Use Veeam ONE for continuous monitoring and forecasting.

• Use Veeam SureBackup to test your recovery.

SLA Label: N/A

• Performance Expectations: ABSOLUTELY NONE

• Availability Expectations: ABSOLUTELY NONE

• RTO/RPO: "Best effort"

• Retention: Undefined

• Use Veeam ONE for continuous monitoring and forecasting.

SAMPLE: 35 GFS Retention Points

1. 14 Daily Backups - 14 in the Performance Tier and 14 in the Capacity Tier (Copy Function).

2. 4 Weekly Backups - 4 in the Performance Tier and 4 in the Capacity Tier (Copy Function).

3. 3 Monthly Backups - Capacity Tier/Archive Tiers (Move Function).

4. 5 Annual Backups - Capacity Tier/Archive Tiers (Move Function).

Long-Term Retention Policy (GFS) 

Meet All SLAs with Veeam 

• Veeam: How to design and implement a policy-based SLA backup system – Part V – Monitoring the Veeam Backup & Replication environment with Veeam ONE

• https://www.keystonelaw.com/keynotes/service-level-agreements 

• https://www.manageengine.com/products/service-desk/help-desk-software/help-desk-metrics-kpi.html

• https://www.manageengine.com/products/service-desk/automation/what-is-service-level-agreement-sla.html 

Designing Meaningful Recovery Point Objective & Recovery Time Objective Policies

• Step One: Define Recovery Priority

• Step Two: Identify Your Risks

• Step Three: Separate Desirable and Required RPOs

• Step Four: Layered RPO

• Step Five: Verification

• Step Six: Fault Tolerance