Cloud Security Alliance 2011 (†594)Cloud Security Alliance. Security Guidance for Critical Areas of Focus in Cloud Computing v. 3.0 (Cloud Security Alliance, 2011).
- service level agreement (p.16): Service levels, security, governance, compliance, and liability expectations of the service and provider are contractually stipulated, managed to, and enforced, when a service level agreement (SLA’s) is offered to the consumer. There are two types of SLA’s, negotiable and non-negotiable. In the absence of an SLA, the consumer administers all aspects of the cloud under its control. When a non-negotiable SLA is offered, the provider administers those portions stipulated in the agreement. In the case of PaaS or IaaS, it is usually the responsibility of the consumer’s system administrators to effectively manage the residual services specified in the SLA, with some offset expected by the provider for securing the underlying platform and infrastructure components to ensure basic service availability and security. It should be clear in all cases that one can assign/transfer responsibility but not necessarily accountability. (†1362)