R020. Set penalties for SLA infringements

Requirement

The organization must define penalties to be applied in case of non-compliance of the service level agreements

Description

The failure to comply with the established agreements must be associated with a penalty that totally or partially compensates for the negative effects caused.

Implementation

  1. Service level agreements must have support to enforce compliance, penalties should be representative of the cost of the service contracted.

  2. The penalties must be agreed and accepted at the contractual level and to be effective, they must have a periodic review of service compliance.

Attacks

  1. A service breaches the established agreements, it is not possible to apply any penalty because it is not defined at the contractual level.

Attributes

  • Layer: Resource layer

  • Asset: Information assets

  • Scope: Adherence

  • Phase: Analysis

  • Type of control: Procedure

References

  1. GDPR. Recital 149: Penalties for infringements of national rules.

  2. GDPR. Recital 150: Administrative fines.

  3. HIPAA Security Rules 164.308(a)(1)(ii)©: Sanction policy (Required). Apply appropriate sanctions against workforce members who fail to comply with the security policies and procedures of the covered entity or business associate.

Copyright © 2020 Fluid Attacks, We hack your software. All rights reserved.

Service status - Terms of Use - Privacy Policy - Cookie Policy