Young hacker smiling

Zero false positives

Expert intelligence + effective automation

REQ.020 Set penalties for SLA infringements

This document contains the details of the security requirements related to service level agreements in the organization. This requirement establishes the importance of defining penalties for non-compliance of a service level agreement (SLA) according to the cost of the service contracted.

Requirement

The organization must define penalties to be applied in case of non-compliance of the service level agreements

Description

The failure to comply with the established agreements must be associated with a penalty that totally or partially compensates for the negative effects caused.

Implementation

  1. Service level agreements must have support to enforce compliance, penalties should be representative of the cost of the service contracted.

  2. The penalties must be agreed and accepted at the contractual level and to be effective, they must have a periodic review of service compliance.

Attacks

  1. A service breaches the established agreements, it is not possible to apply any penalty because it is not defined at the contractual level.

Attributes

  • Layer: Resource Layer.

  • Asset: Information Assets.

  • Scope: Adherence.

  • Phase: Analysis.

  • Type of Control: Procedure.

References

  1. HIPAA Security Rules 164.308(a)(1)(ii)©: Sanction policy (Required). Apply appropriate sanctions against workforce members who fail to comply with the security policies and procedures of the covered entity or business associate.

  2. GDPR- 149 Penalties for infringements of national rules.

  3. GDPR- 150 Administrative fines.


Service status - Terms of Use