Sla
S4E provides built-in SLA tracking tools that help partners monitor their response and resolution performance against defined service level targets. These tools are essential for partners who include SLA commitments in their managed service agreements.
SLA Concepts
| Term | Definition |
|---|---|
| Response Time | Time from finding detection to the first analyst acknowledgment or triage action. |
| Resolution Time | Time from finding detection to verified remediation or accepted risk. |
| SLA Target | The maximum allowed time for response or resolution, typically defined per severity level. |
| SLA Compliance | The percentage of findings that are addressed within the defined SLA targets. |
| Breach | A finding that exceeds the SLA target without being addressed. |
| At-Risk | A finding approaching the SLA deadline (configurable threshold, default 80% of target elapsed). |
Configuring SLA Targets
Partner-Level Defaults
Set default SLA targets that apply to all customers unless overridden:
- Navigate to Settings > SLA Configuration.
- Define response and resolution targets by severity:
| Severity | Default Response Target | Default Resolution Target |
|---|---|---|
| Critical | 1 hour | 24 hours |
| High | 4 hours | 72 hours |
| Medium | 24 hours | 14 days |
| Low | 72 hours | 30 days |
| Informational | N/A | N/A |
- Save the configuration.
Customer-Level Overrides
Override SLA targets for specific customers to reflect individual service agreements:
- Switch to the target customer using the Customer Switcher.
- Navigate to Settings > SLA Configuration.
- Toggle Custom SLA to On.
- Modify the response and resolution targets as needed.
- Save.
Informational findings
Informational findings are excluded from SLA tracking by default. If your service agreement includes SLAs for informational findings, enable tracking under Settings > SLA Configuration > Include Informational.
SLA Dashboard
The SLA Dashboard provides a real-time view of SLA performance across your customer portfolio.
Accessing the Dashboard
- Portfolio view -- navigate to Reports > SLA Dashboard from the "All Customers" context.
- Customer view -- switch to a specific customer and navigate to Reports > SLA Dashboard for tenant-specific metrics.
Dashboard Metrics
| Metric | Description |
|---|---|
| Overall Compliance | Percentage of all findings addressed within SLA across the portfolio or customer. |
| Response Compliance | Percentage of findings triaged within the response time target. |
| Resolution Compliance | Percentage of findings resolved within the resolution time target. |
| Active Breaches | Number of findings currently past their SLA deadline. |
| At-Risk Findings | Number of findings approaching their SLA deadline. |
| Mean Response Time | Average time from detection to first triage action. |
| Mean Resolution Time | Average time from detection to resolution. |
| Compliance Trend | SLA compliance percentage over time (daily, weekly, monthly). |
Filtering
- Filter by customer, customer group, severity, finding type, or date range.
- Compare SLA performance across customers side by side.
SLA Alerts
Configure alerts to receive proactive notifications about SLA performance:
| Alert Type | Trigger |
|---|---|
| At-risk warning | A finding reaches the configurable at-risk threshold (default: 80% of SLA elapsed). |
| SLA breach | A finding exceeds the SLA target. |
| Compliance drop | Overall compliance falls below a configurable threshold (e.g., 95%). |
| Daily digest | A summary of SLA status sent at a configured time each day. |
Alerts are configured under Settings > Notifications > SLA Alerts and can be delivered via email, Slack, Microsoft Teams, or webhook.
Escalation chains
Configure multi-level escalation: send at-risk alerts to the assigned analyst, breach alerts to the Partner Admin, and compliance drop alerts to partner leadership. This ensures issues are escalated appropriately.
SLA Reports
Generate formal SLA reports for customer delivery or internal review:
SLA Performance Report
- Reporting period overview.
- Compliance percentages by severity level.
- Breach count and details.
- Mean response and resolution times.
- Trend charts comparing current period to previous periods.
- Specific findings that breached SLA with root cause and corrective action notes.
Generating an SLA Report
- Navigate to Reports > Generate Report.
- Select SLA Performance Report as the report type.
- Configure the date range and customer scope.
- Apply white-label branding if desired.
- Generate and download.
Tracking SLA in Practice
Acknowledging Findings
When an analyst triages a finding (e.g., changes status from "New" to "In Progress" or "Accepted"), the system records this as the response action and stops the response time clock.
Resolving Findings
When a finding is marked as "Resolved" or "Mitigated" with verification, the system records this as the resolution action and stops the resolution time clock.
Accepted Risk
If a finding is marked as "Accepted Risk", it is excluded from SLA resolution tracking but included in SLA reports for transparency. The accepted risk must include a justification note.
Clock does not pause
The SLA clock runs continuously from the time of detection. It does not pause for weekends, holidays, or blackout windows unless your SLA configuration explicitly defines business-hours-only tracking. Enable business-hours mode under Settings > SLA Configuration > Clock Mode.
Best Practices
- Align SLA targets with your service agreements -- ensure the targets configured in S4E match what you have contractually committed to your customers.
- Review at-risk alerts daily -- address at-risk findings before they breach to maintain high compliance rates.
- Use SLA reports in QBRs -- include SLA performance in quarterly business reviews with customers to demonstrate value.
- Configure business-hours mode if your service agreements exclude nights and weekends from SLA calculations.
- Document breach root causes -- when an SLA breach occurs, add a note explaining the cause and corrective action. This creates a defensible record.