What Should Be Included in a Managed IT SLA
Use this checklist to turn vague promises into measurable targets, clear responsibilities, and predictable support.
Featured snippet: What should be included in a Managed IT SLA?
A strong Managed IT SLA should include service scope, hours of coverage, response and resolution targets by severity, escalation paths, uptime and maintenance windows, security and incident response responsibilities, backup and disaster recovery targets (RPO and RTO), change management rules, reporting cadence, exclusions, and remedies for missed targets.
- Service scope and what is excluded
- Support hours, after-hours rules, and holiday coverage
- Severity levels and response and resolution targets
- Escalation process and communication updates
- Uptime targets and maintenance windows
- Security coverage and incident response steps
- Backup, retention, RPO, and RTO
- Onboarding, offboarding, and asset management
- Reporting, reviews, and continuous improvement
- Service credits or remedies, plus termination terms
What a Managed IT SLA is (and why it matters)
A Managed IT SLA is the measurable part of your managed services agreement. It answers three questions: what support you get, how fast you get it, and how you will know it is working.
Without a clear SLA, it is easy to end up with confusion about what is included, slow ticket response, and disagreements during outages or security incidents. A good SLA sets expectations up front and reduces surprises later.
1- Scope, inclusions, and exclusions
Your SLA should list exactly what the provider manages and supports. It should also say what is not included, so there is no confusion when something becomes project work.
Include in the scope section
- Supported environments: endpoints, servers, network gear, cloud services, and line-of-business apps
- Included activities: help desk, patching, monitoring, backups, account management, and vendor coordination
- Client responsibilities: who owns licensing, hardware refresh, user training, and internal approvals
- Exclusions: software development, major migrations, after-hours projects, and special compliance audits (unless specified)
If your business relies on specific applications like case management, accounting, or EHR platforms, name them. If an application is not listed, assume it is out of scope until clarified.
2- Support hours and coverage windows
Support hours are often misunderstood. Many firms assume they have 24/7 coverage when they actually have business-hours support with emergency after-hours escalation.
- Business hours support window (time zone included)
- After-hours and weekend coverage rules
- Holiday schedule
- Emergency definition and what qualifies for after-hours response
- Preferred channels: portal, email, phone, chat, or on-site request process
3- Severity definitions and ticket priorities
Most SLA disputes start with severity. If you do not define what “critical” means, every ticket becomes critical.
Featured snippet: Example IT SLA severity levels
- Critical: business is down or major security incident affecting many users
- High: significant impact with no reasonable workaround
- Medium: limited impact with a workaround available
- Low: general request, minor issue, or how-to question
Add examples for your environment. For example, a law firm may consider email outage critical, while a single printer issue is usually medium or low.
4- Response time and resolution time targets
Response time is how quickly the provider acknowledges and starts triage. Resolution time is how quickly service is restored or the issue is fully fixed. Both should be defined by severity and by support window.
Featured snippet: Sample Managed IT SLA targets
| Severity | Response target | Resolution target | Status update frequency |
|---|---|---|---|
| Critical | 15 to 30 minutes | 4 to 8 hours (restore service), then root cause follow-up | Every 30 to 60 minutes |
| High | 1 hour | 1 business day | Every 2 to 4 hours |
| Medium | 4 business hours | 3 to 5 business days | Daily |
| Low | 1 business day | 5 to 10 business days | As needed |
Make targets enforceable
- Define business hours and time zone
- Define what stops the clock (waiting on user approval, third-party vendor, parts shipment)
- Define what counts as resolved (service restored, workaround accepted, or permanent fix)
- Require documented ticket notes and timestamps
5- Uptime SLA, maintenance windows, and dependencies
If your SLA includes uptime commitments, make sure the measurement method is defined. Uptime often depends on ISP performance, cloud vendor availability, and client-side issues.
- Uptime target (example: 99.9% for critical services)
- How uptime is measured and reported
- Planned maintenance windows and notification timelines
- Dependencies and exclusions (ISP outages, vendor outages, force majeure, client changes)
6- Security responsibilities and incident response
A modern Managed IT SLA should include cybersecurity expectations. Even if you have a separate security add-on, define who does what during an incident.
Security items to include
- Security tooling: endpoint protection, email security, MFA, vulnerability scanning, and logging
- Monitoring coverage: business hours or 24/7, and what systems are included
- Incident response steps: detect, contain, eradicate, recover, and lessons learned
- Notification timelines: who is notified and how quickly for confirmed incidents
- Evidence handling: log retention, chain of custody (if required), and reporting
- Clear boundaries: what is included versus billable incident response or forensic work
7- Backups, retention, RPO, and RTO
Backups are not just a checkbox. Your SLA should define how often backups run, how long data is retained, how restores are tested, and what the recovery targets are.
Featured snippet: What are RPO and RTO in an IT SLA?
- RPO (Recovery Point Objective) is the maximum acceptable data loss measured in time, such as 4 hours.
- RTO (Recovery Time Objective) is the maximum acceptable time to restore service, such as 8 hours.
Backup and DR items to include
- Backup frequency and schedule
- Retention policy (example: 30 days, 12 months, 7 years as needed)
- Restore testing cadence and documentation
- Encryption at rest and in transit
- Offsite or immutable backups to reduce ransomware risk
- Disaster recovery runbook and who approves failover
8- Change management and approvals
Change control protects you from surprise outages caused by unapproved modifications. It also protects the provider by setting a clear approval and scheduling process.
- Standard changes versus emergency changes
- Approval roles and how approvals are recorded
- Maintenance scheduling rules and blackout periods
- Rollback expectations and testing requirements
- Documentation updates after changes
9- Reporting, reviews, and accountability
A good SLA includes reporting so you can verify performance. Monthly service reviews are where you catch recurring issues, capacity problems, and security gaps before they become major incidents.
- Monthly metrics: ticket volume, response and resolution performance, and backlog
- Uptime reporting (if applicable)
- Security reporting: patch compliance, alerts, and vulnerability trends
- Asset inventory and lifecycle recommendations
- Quarterly business review cadence and agenda
10- Commercial terms, remedies, and exit plan
The SLA should define what happens when targets are missed and how either side can exit cleanly. This reduces risk during provider transitions and helps maintain business continuity.
- Service credits or remedies for chronic SLA failures
- Termination terms and notice periods
- Offboarding support: documentation handoff, admin access transfer, and data export
- Ownership of accounts, passwords, and cloud tenants
- Data retention and secure disposal expectations
Want a Managed IT SLA you can actually enforce?
We can help you build an SLA that matches your risk level, business hours, and compliance needs, then align the tools and processes to meet it. Talk to our experts.
Sample SLA checklist you can copy
Use this checklist as a starting point when comparing Managed IT providers or updating your current agreement.
| SLA section | What to define | Common pitfalls to avoid |
|---|---|---|
| Scope | Supported users, sites, devices, apps, cloud services, and what is excluded | Vague language like “general support” without specific systems listed |
| Support hours | Business hours, after-hours rules, holidays, and emergency definition | Assuming 24/7 when it is actually best-effort after hours |
| Ticket severity | Clear priority tiers with real examples | Everything classified as critical with no standards |
| Response and resolution | Targets per severity, stop-the-clock rules, update frequency | No definition of “resolved” and no escalation requirements |
| Uptime | Targets, measurement method, maintenance windows, dependencies | No exclusions or unclear measurement method |
| Security | Tooling, monitoring coverage, incident response steps, notifications | Security implied but not defined, especially during incidents |
| Backups and DR | Backup schedule, retention, restore testing, RPO and RTO | No restore testing and no clear recovery targets |
| Change management | Approvals, scheduling, emergency process, rollback expectations | Unapproved changes and unclear responsibilities for outages |
| Reporting | Monthly KPIs, QBR cadence, security metrics, asset inventory | Reports promised but not delivered or not measurable |
| Remedies and exit | Credits, termination, offboarding, access transfer, data handling | Vendor lock-in and unclear ownership of accounts and data |
FAQs
What is a Managed IT SLA?
A Managed IT SLA is the measurable part of a managed services contract. It defines what services are included, when support is available, and the targets for response, resolution, uptime, communication, and accountability.
What are good response and resolution times for an IT SLA?
Good targets depend on severity and business hours. Many organizations use a tiered approach such as: Critical issues responded to within 15 to 30 minutes, High within 1 hour, Medium within 4 hours, and Low within 1 business day, with clearly defined resolution targets for each tier.
Should a Managed IT SLA include cybersecurity responsibilities?
Yes. The SLA should specify security tooling, monitoring coverage, incident response steps, escalation paths, notification timelines, and what is considered billable project work versus included service.
What is the difference between uptime SLA and support SLA?
An uptime SLA covers availability of systems or services like networks, cloud apps, and backups. A support SLA covers help desk performance such as response time, resolution time, and escalation procedures.