Service Management and SLA Standardisation Considerations - Manifesto for Local

and Global Customers by Bob Panic Whitepaper

Having a standard global service support, Service Level Agreement or SLA is an admirable
aim.
You may soon find however that only 80 or 90% of a defined SLA can be consistent if you
have more than one office. This makes the creation and establishment of a set of global
SLAs for an organisation that has a national or international footprint, a bit of a challenge.
In this whitepaper I make a case for specific, targeted SLAs and service offering depending
on business unit or vertical.
Businesses, in particular highly complex organisations, those who have many specific
products or models, are now moving away from a centralised model towards a silo model.
Silos, if done well, make a lot of sense from a business perspective.
However support and the provision of technical or business support needs to be centralised,
running parallel or in an umbrella fashion (enterprise view) to business verticals.
However having a centralised business and technology support service does not mean that
you can create one size fits all or cookie cutter generic solutions and service offerings.
Service provisioning is a service and as a service it must cater to specific, individual demands
of the business or key stakeholders, no matter the perceived pain points
You will need to factor in unique local issues and concerns: customs, laws, technology (or the
lack off), latency, technology disparity, skills disparity etc.
Few key things to keep in mind:

Do not fall into the trap to set SLAs in isolation to the business, the business needs to
be involved in the entire support process in fact, the support agreements are ALL
for them!
Avoid the big bang approach to SLAs. More important to the implementation of
SLAs, is the effective use of them
Work with the business, work with your vendors, work with your management and
work with your operational support teams (the doers!)
Senior management support of SLAs is paramount!
Penalties are the cornerstone of effective adoption of SLAs. If there are no penalties
there may be no incentive for adoption SLAs that bite are SLAs that matter!
SLAs must be measurable; if you cannot measure, you cannot ask for a service level
to be established! Human nature will resist change and even more so if we are forced
to comply to service levels that cannot be effectively managed or reported against

Challenge no.1:
The challenge is to measure customer satisfaction not just meeting of service levels.
This may need a 1 on 1 approach (Usually surveys or workshops)

Service satisfaction workshops and web portal are also a great way to measure intangible
benefits of a functioning Service Centre and SLAs!
Thought leadership Question:
Think about SLAs in relation to every element of the business not just technology! For
example: the outage of electricity in a branch is more serious than a IT or business systems
server going down. Why? Servers and technology or business systems, in all probability,
would be under your direct control. The biggest effects to the business are services or
systems that are out of our control.
I suggest therefore that effective service levels that are provided from a Service Centre (or
call centre/help desk), will need to take on Black Swan events (Black Swan are reffered to
as events that are highly improbable, unknown in nature and completely devastating to the
business).
I know that this borders on Disaster Recovery and Business Continuity discipline, but there is
a strong link to service management and the management of service centres.
Some of the questions will be hard but I find that hard questions open discussions and that is
one of the key success factors/elements of a successful requirements gathering workshop/s
Key questions and principles of Service Management:
What risks can we take? = What are acceptable risks to the business?
This is a great start to the SLA conversation and must occur with the entire business. Just
because one part of the business is happy for a server to have an outage, someone else in the
organisation may have an application on that particular server that is critical to their work.
So a holistic, enterprise view is needed before SLAs can be established.
In fact, sometimes, the most basic service, one that we never thought would be business
critical can be one that is a literal life saver!
Example: Recently I did a Service Requirements Audit including understanding core
business and IT systems and services. I was surprised to learn that the most critical
application for a specific remote branch/office was the internet.
I asked the manager to qualify.
The office staff absolutely relied on the internet to access news services. Why was this
important? Being in a tropical area, the office would be regularly shut down due to deadly
cyclones! The reliance on the internet was not business related, but was imperative for the
health and wellbeing of office staff that had to evacuate the office before the storms hit!
Thought Leadership: There are NO stupid questions!
So you may need to ask out of the box questions, in particular from long standing
operational (front line staff) not just management.

To identify acceptable risks, you need to know what are the Core Business Systems that the
business cannot live without. Post the question If I was to unplug server x or application y,
what effect would that have on you!

Key questions and principles of Service Management: the focus now turns on frontline
support, the Service Desk (if ITIL aligned) or call centre/help desk
Why/How is Service desk best-placed to manage them? = do we have capability, do we
have capacity, do we have the will?
This is a fantastic question and is one of the first questions that you will need to answer.
There is no point in going to the business and doing research on service requirements, only to
find a lack of capability to provide the service!
This may be harder to define and articulate that you may first think.
We ALL provide a service! This is the absolute truth to life. We are all servants to someone.
We all serve. However some of us are better at it than others. That is partly due to training,
experience, personal attitude, aptitude and just plain common sense. I believe all things can
be taught if there is a willingness to be educated. An audit can be performed on existing
available skills and a compare can be made with the needed skills. Note: if the service centre
is not currently coping with requests for service, new stricter SLAs will only highlight those
service gap capabilities! A great tip to see for yourself if a service desk is coping with
requests and how it is servicing those requests, try sitting quietly near the team and just
observeit is amazing what you may see, so be prepared to be shocked!
So how far we can, or should we go, to provide more structured services and our
preparedness for being put under the spotlight if we dont deliver.
- What can service desk warrant or guarantee? How / why?
The simple truth of warranting and suppling a service is all around the simple ability to
provide what you CAN provide!
To offer less is a disservice.
To promise more and not deliver is the biggest failing that you can make! Under promise
and over deliver is the mantra that you should always start the day with. The reason why
business is constantly upset at IT, is that they are oversold services, they expect that level
of service day1! Business is sick of non-delivery of services. So do not promise what you do
not have.
We need to be open and transparent in what we can do TODAY but with a commitment to
provide a higher level of service TOMORROW! You need to know what you can deliver
today, what you need to deliver to meet ITIL standards, and what you need to do, to comply
with customer demands.
In my experience once you start to do an As Is audit (current state audit or current State of
the Nation) and compare to ITIL requirements, you will notice that there is a lot of what I
call good practise by osmosis or put simply; human nature is such that in majority we will

do the right things most of the time. The problems that I see are that we either do too much
good will, or adversely, not enough good behaviour.
Too much good will is problematic if one individual is specifically doing more than needed,
this Martyr complex causes issues when you define business processes or stipulate SLAs
that are perceived by the business as less that currently provided.
What people fail to recognise, is that individuals or teams can only be martyrs for so long
before they suffer from burn out or they provide exceptional service to the customer but do
not document their actions and resolutions in a central knowledge database. This is
unacceptable from both a management perspective, from an ITIL perspective, and most
importantly, from an Audit perspective!
Everything that we do needs to documentable, measurable and auditable. We need to store
and share knowledge.
The service desk being willing to warrant service needs to be part of their Service Charter.
A Service Centre (or Help Desk) Service Charter should be created as this is a core
commitment by the Service Desk to provide services to the business.
The Why is a combination of understanding the nature and the extent of the Service Desk
and its services, to the business. Why is a commitment that the service desk makes to the
organisation to provide services, at agreed levels and therefore justifies its existence as a cost
centre
What conditions or precedent must be satisfied in order for service desk to provide such
warranties or guarantees?
The ability to satisfy a warrantee! Going back to my previous comments: Do not offer what
you cannot deliver! Further comments below should provide some context around what we
should warrantee, who should provide the warrantee and to what extent.
What risks does the customer take?
The ultimate risk that the client takes on is; if they do not fund a Service Desk of some kind,
or some form of business and technology support, would mean that any issues will be dealt
with by happenstance (luck), the internal ability of available staff to resolve issues and the
simple goodwill or individuals and abilities of those individuals.
To understand this from a business perspective, no business investment would occur if a
product or service is solely based around luck as the basis of financial return!
Can you imagine a board of directors allowing a $100 million investment on a project whose
sole return is based around Luck, Goodwill and basic hope in uptake?
Business understands three basic truths: revenue, market share and profit!
Blind luck does not generate revenue, or builds market share nor generates profit.
The question to pose to the business is this: what would the cost to the business be, if you
DO NOT have an effective service desk policy or investment, who will support you then, and
what is the potential cost of non-support? You can create $ figures to support your cause as

business system outages cost money, they affect profit, they can cause loss of market share
and prevent the attainment of revenue!
What the business must do: To provide all requested information, to be open and
transparent, to be supportive of the service desk, to inform and communicate changing
business needs and to perform directed tasks. The business is the customer. The service desk
is the supplier. A partnership needs to exist between the business and the service desk.
Ultimately the business pays for the service desks existence
Why/How is the customer best-placed to manage them?
The onus is always on the Service Desk Management to be in continual contact with the
business to gage business needs. This needs to be a proactive service that the help desk
provides as part of their standard service charter.
My belief and firm stand is: it is not for the customer or business to manage associated risks
on their own. A working partnership between business and technology is required.
However, I understand that there are businesses that insist on going it alone and not involving
IT. This is not ideal and causes considerable angst with technology units who feel that they
are always chasing their tales in this regard. A useful approach for technology and business
support to be proactive, offer themselves as a trusted service partner, and persistently ask to
be involved in all aspects of the business
We briefly look at what types of rewards can be offered to service providers (either internal
or external) for taking on support services. Rewards can be monetary, recognition based
(recommendations and goodwill are worth more than money at times) or some other mutually
agreed reward.
- What are the "rewards" in return for risk? (i.e. L1 / L2 / L3 support levels).
See my section incentives and penalties. Rewards always go higher for more specialist and
complex solutions that are required for resolution. For example there might be many rewards
at L1 Service Desk as they are the face and voice of service management however at L3
the rewards might be few, but the incentives would be higher due to the fact that a persistent
production defect may take an individual weeks to resolve the underlying problem.
Pro-activeness should always be rewarded more than reactiveness.
Being proactive means, that here are no issues detected by the business in the first place.
This in turn means that proactive work must be highlighted to the business every single time
(including the $ saved!) a weekly IT newsletter highlighting all aspects of the area is a great
way to communicate and document worth wins and issues being looked at
I want touch upon lean thinking and business analysis techniques that go beyond needs
analysis directly to key documents and charters that make great advances to implementing
service level management
- How and where should we capture lean thinking principles?
Principals are guiding set of directions that should be in a charter document for service
support and management.

In the past I have created a Service Desk Operations manual with the guiding principles
stated within the document.
My interpretation of Lean thinking is all about being efficient and effective. Being adaptive
to changing situations is also part of my interpretation of Lean thinking.
Business processes 1st have to be defined and utilised and then as part of process
improvement process, looked into being made more Lean.
Until a process has been used consistently (discipline) can it can then be made more effective.
Establishing good working practice and discipline is more important than Lean processes, as
a Lean process used ineffectively is not Lean at all, however an ineffective processes
followed consistently can be quickly reviewed and a new Lean process can be established and
followed and the discipline is there.
As a specialist in change my biggest hurdle is not establishing Lean or efficient processes, but
the problem is usually a human one, where individuals who are resistant to change refuse to
work within the new framework.
Overcome the resistance to change and change will happen.
Establish good working behaviour and discipline and Lean Business processes will happen by
osmosis
I touch again on incentives for better than expected service. Exceeding SLAs should be
celebrated as it is a rare occurrence but one that should be more prevalent in the industry.
There is significant comment on penalties in my manifesto, so much so that it might be
considered by some as a manifesto in itself. So before I rip into service failure, I want to
touch on the positives and rewards of great service
Should we seek incentives for delivering better than the SLAs, and / or penalties for
breaching them?
Penalties are the absolute core to effective service levels! I believe that without penalties
there can be no effective way to enforce SLAs other than goodwill and learned behaviour.
Business today cannot and should not function on the basis of goodwill, good learned
behaviour and best efforts!
Service management will consistently fail Audits if effective penalties are not enforced and
stipulated in contracts.
I have a saying if its not in the contract, it doesnt exist!
Incentives:
Exceeding SLAs needs to be recognised by the provision of incentives.
Incentives need to be added to any SLA that has been exceeded by 10% (or by a % agreed to
by the business/and service provider) and consistently excided i.e. it cannot be a one off
event, but a pattern of consistent and measurable improvement.

Incentives can be in the form of recognition, monitory rewards (in particular for consistently
meeting and exceeding SLAs). With regular review the bar for SLA incentives is raised to
operational capacity, so in time the incentives will dissipate as they become Business as
Usual and part of the service DNA. It is then that the penalties that will really keep the
service level bar high as time goes on. And I have a lot to say about penalties!
The following is a seminal piece on penalties and my absolute belief that this topic is very
much left on the back burner in service management discussions. We learn from our
mistakes. Penalties enforce those learnings by burning them into our collective memory.
Though we do remember and celebrate success, it is basic human nature, perhaps a survival
mechanism, that we remember our failures. The key of course in remembering failure is to
extract the learning and move forward. This is why I feel that penalties are rarely spoken off.
The concern is that too much focus will be on finger pointing and not enough on lessons
learned. An impartial individual, company or auditor can assist in Lessons Learned
Workshops keeping the focus on continual improvement not on continual blame

Penalties:
Strangely enough penalties are my biggest focus as part of any of my service initiatives, in
particular penalties aimed at external vendors and service providers who provide services for
which the business pays for.
Believe it or not, the majority of contracts that I have reviewed from both big players to small
suppliers/vendors omit penalties.
Most dont even have SLAs either!
However even those who do stipulate SLAs, do not state what penalties are in place for nonconformance, and even if they do the penalties are minimal!
The service industry as a whole globally needs to do a lot more in relation to penalties, so
there might be an uphill battle.
However, I now have the GFC (Global Financial Crisis) to call upon. Business is tight and
companies are now begging to do business with the companies I consult for, especially
companies like mining and utilities (essential services) that are still spending and spending
big!
At the end of the day your company always holds all the cards in contract negotiations,
especially with offshore suppliers (i.e. from India). I am a master contract negotiator and
have worked on small contracts for supply to $100 million service IT contracts. We need to
remember that we cannot just leave the contracts with Lawyer or the legal team; they are
more concerned with other features of the contract and rarely look at service penalties.
What is the point of penalties?
To give you context let me give you this scenario:
A business is reliant on information technology to service their clients. They chose to do so
by the internet (SaaS based product), the product sits on a highly redundant servers with DR.

However the SaaS solution is provided by a local software development house that uses
resources in India. Your company services 1000 customers daily via their SaaS portal
generating $100K per day in revenue.
The site is a global site and needs to be up 24x7x365, which is no problem as it is on a highly
redundant servers and infrastructure.
However the point of failure in this scenario is the software developer, which is using
proprietary software solution and work from 9am to 5pm with minimal out of hours support,
however in this instance they offered your company 24x7x365 service this is great
however the developers in India only work from 10am to 7pm Mon to Friday and are
potentially in a different time zone. This is where the biggest losses can (and do) occur
The application, if it has a considerable defect that causes severe service disruption and needs
specialist development expertise, and none of the local developers can help then it will need
to go back offshore for the right resource to assist, chasing down that person could be
difficult.
Let me go further there is only one specialist resource that can help you it is now two
days that your system is down and $200k loss is the least of your problems as the user base
has dropped from 1000 to 800 and they are angry! and then it gets worse the singular
specialist and subject matter expert, who is located in India, all of a sudden is taken violently
ill and goes to hospital in a coma you are now without a specialist and the contract that you
have with your local supplier/vendor has no provisions inbuilt to service your needs in this
respect and have a best efforts clause. In this instance even legal action is of little
consequence as they can prove that they have made every effort to resolve the issue (This
scenario is based on a true experience that I had about 10 years ago and completely changed
my service management focus and business consultancy!!)
The art of service levels is to understand the underlying risk to the business of not providing
the service rather than setting service levels and reporting on them
It is of the most critical nature that you look at worst case scenarios for each service and
follow the trail of operational service to the actual individual performing the task (micro level
task performance). Here in Australia for example there are many providers of cheap
telecommunication services, however there are only 3 telecommunication companies that
provide and own the physical infrastructure (lets call them wholesalers) who then sell their
services to the vendors you engage. It is not your vendor that actually provides the physical
communication service, they just on-sell them. This is great when it comes to the sell but
is problematic when it comes to repairs and resolution of complex issues. It is these complex
issues, especially in remote areas and suburbs in Australia that cost the most money to fix,
cause the biggest delays and account for the largest losses in revenue and business goodwill.
Penalties also lead to questions of serviceability from vendors and questions if the vendor has
adequate insurance or funds to cover potential losses and legal action.
Penalties need to include losses incurred not just from revenue loss, but loss of goodwill, loss
of market share, long term vs. short term losses etc quite a mine field

However I have a motto any service level is better than none. Any penalty is better than
none you need to start somewhere and you need to inform the business of the potential risks.
As long as you have done this (in writing) and they (the Business) have accepted the risks (in
writing), then you have done the best that you can.
Sometimes for business to succeed they need to take risks, they need to engage up-andcoming companies who are young and dynamic and create services in an Agile way to be
first to market, so there is room for risk, including high risk; but it is always worth discussing
those risks and agreeing to the potential results of non-compliance of SLAs.
What processes do we want service desk/the customer to follow?
The question should be more to what processes that we can establish that need to be
followed?
Business processes and service processes can be defined and agreed. This is a critical
learning. Do not create processes in isolation.
Dont just follow what ITIL says that you should do to in the context of a Service Centre
management, ITIL should be a guide, ITIL should be a minimum and they should be
modified to specifically reflect your unique business drivers.
If you and the business agree on a process, the expectation is that both parties will follow the
process. If this is found NOT to be the case, then the business process is not valid or not
appropriate and should be re-developed.
Keep in mind that Change is the only constant and just because you have created a process
or defined a role or service that it is set in stone. My interpretation of lean processes is that
the process itself does not become the blocker to getting things done.
I believe in Kinetic Principals of the Enterprise (or business)
1. Serve the individual customer
2. Act in zero time
There are many sub elements of Corporate Kinetics, but they all point to the ability to be able
to adapt to change (be it business demands, market forces, forces beyond your control) and
react in an instant to those changing demands.
The process of defining and redefining SLAs never stops changing, it should NEVER stop
evolving and everyone involved both business and technology, need to accept that fact, and
be supportive and prepared, and understand that this is just the beginning of a long journey!
This journey concept needs to be sold to the business as they need to accept that for the
service they receive that allows them to do business, that there is an expense involved, and a
commitment to them from a people availability perspective.
Most of my engagements for service levels and service support is all about talking to the
business what is it that we are trying to achieve from the service centre, that it is more than
just good customer (or improved) service it is a philosophy and discipline of support that
we are providing to the business.

Bob Panic Principal Consultant

Mob: +61 (0) 424 102 603 (24x7x365)
Email: bob_panic@me.com
Web: www.bobpanic.com
Blog: http://www.rockstarconsultinggroup.com/blog.html
LinkedIn: http://www.linkedin.com/pub/bob-panic/6/185/62a
LinkedIn Groups:
Bob's Box - Skills Board & People for Hire!
The Ethical Anarchist Group
Twitter: @Panic_4aDay