Fluid Attacks logo
Contact Us
Young hacker smiling
Zero false positives

Expert intelligence + effective automation

Contact logo Contact Us

REQ.020 Set penalties for SLA infringements

This document contains the details of the security requirements related to service level agreements in the organization. This requirement establishes the importance of defining penalties for non-compliance of a service level agreement (SLA) according to the cost of the service contracted.


The organization must define penalties to be applied in case of non-compliance of the service level agreements


The failure to comply with the established agreements must be associated with a penalty that totally or partially compensates for the negative effects caused.


  1. Service level agreements must have support to enforce compliance, penalties should be representative of the cost of the service contracted.

  2. The penalties must be agreed and accepted at the contractual level and to be effective, they must have a periodic review of service compliance.


  1. A service breaches the established agreements, it is not possible to apply any penalty because it is not defined at the contractual level.


  • Layer: Resource Layer.

  • Asset: Information Assets.

  • Scope: Adherence.

  • Phase: Analysis.

  • Type of Control: Procedure.


  1. HIPAA Security Rules 164.308(a)(1)(ii)©: Sanction policy (Required). Apply appropriate sanctions against workforce members who fail to comply with the security policies and procedures of the covered entity or business associate.

  2. GDPR- 149 Penalties for infringements of national rules.

  3. GDPR- 150 Administrative fines.

Service status - Terms of Use