ITSM emphasis on aligning underpinning contracts with SLAs

Here's another sacred cow of ITSM that I'd like to turn into sausage: "the underpinning contract service level targets (SLTs) must align with our SLA's SLTs".

(Note the correct use of apostrophe: SLA's SLTs. One SLA's. Many SLTs. if you learn nothing else from this post please take that away with you)

This post came from an excellent discussion on facebook Back2ITSM where Kirsty Magowan asked:

Can someone tell me how you can write an SLA when the underpinning contract tells you that for Critical and Urgent calls "We will attempt to resolve within 2 days, if the issue cannot be resolved within this time frame best efforts will be used and we will advise you of an estimated date for resolution"....you can imagine what attention the lower priority calls are going to get.

The orthodoxy says you cant write an SLA with your customers that has tighter SLTs than you have with your suppliers. E.g. ITIL says (SD 4.3.5.9) talks about aligning them "back-to-back", "to ensure... aligned with and support targets agreed with the business".

Here's an idea ITIL doesn't talk about: Make the supplier's SLTs anything you like. Document the risk of an incident having to go to that supplier for level 3 support, and escalate the risk to the business. Keep a paper trail.
It won't happen that often. And mostly the supplier will perform, they just won't commit to it. So violations of SLT will be rare.

if there is a violation, either
(a) IT take it on the chin as one if those incidents that didn't meet SLT. (That's why we often say 90% or 95% of incidents will meet a SLT)
(b) IT wheedle for an exemption when it happens because the risk is documented.

I.e. in practical terms for most situations I don't think this is as big a deal as we in ITSM make it.

And the cost of insisting on higher SLT from the supplier may not be justified if the business accept the risk.

That's why it is the business's decision whether to accept the risk. Our role is to make sure they make an informed decision.

So I don't think our conventional ITSM reaction is correct, when we say a loose SLT with a supplier makes a tighter SLT for us "impossible".

John Windebank said

I'm going to go in a slightly different direction here. I'd start with the supplier conversation ... maybe, just maybe the service supplier's got it right. It's got to be worth checking whether there is some technology, configuration or constraint in the solution that that dictates that it just can't be resolved within a couple of days. Or, maybe the business just didn't want to pay for the cost of offsetting risk to the supplier when they negotiated the contract.

...and/or maybe they are just more realistic.

By the time you get to level 3 incident resolution, the idea that you can predict how long it is going to take to resolve is preposterous.
First the lines of communication are longer.
Second, the relationship between parties is now contractual not collegial. Everyone has to cover their arse.
Third and most important, almost every level 3 incident is a case not a standard response ( Standard+Case). Cases are unpredictable.

And so we see that perhaps it is time we in ITSM learnt to chillax and accept that our underpinning contracts will never be perfectly aligned with our SLA to the business. This is not the big deal that we have historically made it to be, if we understand how seldom the issue will actually arise; and if we have articulated to the business the impact and risk of the lack of perfect alignment; and they have understood and accepted that risk as a necessary economy in order to not pay excessive support fees to the provider for a higher level of service.