- Post History
- Subscribe to RSS Feed
- Mark as New
- Mark as Read
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
yesterday
Executive Summary
Over the years, I’ve seen Service Level Agreements (SLAs) become one of the most misunderstood features in ServiceNow. Everyone wants them — leadership wants proof of accountability, process owners want measurable targets, and agents want clarity on expectations.
But too often, SLAs end up as stopwatches instead of signals of trust.
In this paper, I’ll share practical lessons learned from years of designing SLA frameworks for incidents and requests — the patterns that work, the traps that don’t, and how to build SLAs that actually mean something to the business.
1. Why SLAs Still Matter — and Why They Often Fail
SLAs are supposed to represent a promise between IT and the business. But in reality, many organizations treat them like configuration afterthoughts — “P1 = 4 hours, P2 = 8 hours,” copy-pasted across every process.
I’ve seen this play out repeatedly: metrics look great on dashboards, but users still complain about slow service. The problem isn’t the clock — it’s the context.
When SLAs don’t align with business impact or user perception, they lose their meaning. The goal shouldn’t be to “meet the SLA.” It should be to deliver value predictably and visibly.
2. The Role of SLAs in Modern ITSM
In ServiceNow, SLAs can measure almost anything — time to respond, resolve, approve, or fulfill. But the question I always ask teams is: “What story do you want this SLA to tell?”
For incidents, the story is about speed of restoration.
For requests, it’s about reliability of delivery.
The SLA framework should support that story — not just track how long a task was open. I’ve found that when SLAs are designed with intent, they stop being timers and start becoming trust indicators.
3. Define Your Services First — It’s the Prerequisite for Meaningful SLAs
Before you can build service-based SLAs, you need to actually define your services.
And that takes time.
Based on my experience, this is where most organizations struggle — they try to build SLAs without having a clear inventory of what services they deliver. Without that, there’s no foundation for alignment, reporting, or accountability.
Start by identifying a handful of critical business services — the ones that visibly impact productivity or revenue. Examples might be Email, Network Connectivity, or HR Onboarding.
Model them properly in the CMDB using CSDM principles (Business Service → Service Offering → Supporting CIs). Once that foundation is in place, you can begin tying SLAs to those services rather than to generic priorities.
You don’t have to boil the ocean. In fact, I recommend starting with three to five critical services, getting the SLA model right, validating reporting and governance, and then rolling out over time as the service portfolio matures.
It’s an iterative process — but it’s the only way to make SLAs truly meaningful.
4. Lessons Learned About Incident SLAs
After designing SLA models for dozens of enterprises, one pattern holds true: the simplest SLA models are the most sustainable.
- Align SLAs to business services and offerings, not just priority.
Don’t let “P1/P2” define what matters — your services should. A network outage isn’t the same as an HR portal issue, even if both are “P2.” - Keep separate SLAs for response and resolution.
This keeps teams accountable both for reacting quickly and for resolving effectively. - Use logical pause conditions.
Nothing frustrates teams more than SLAs ticking away while they’re waiting on users or vendors. Set pause rules thoughtfully, but don’t abuse them. I’ve seen organizations inflate compliance this way and lose credibility fast. - Add proactive alerts.
SLAs are meant to prevent surprises. I always recommend notifying teams at 75% of SLA time so they can act before the breach happens.
The key takeaway: design SLAs that reflect the reality of your operations, not the ideal you wish you had.
5. Designing Request SLAs That Build Trust
Requests behave differently from incidents. They’re predictable, planned, and often involve multiple fulfillment steps. I’ve learned that transparency matters more than speed for requests.
Best practices I’ve seen succeed:
- Define SLAs by catalog item or type.
A “Request Access to Salesforce” item doesn’t need the same target as “Request New Laptop.” - Track at the RITM level.
Each request item has its own lifecycle — don’t lump them together under one parent SLA. - Show estimated completion dates.
When users see “Expected by Thursday,” it changes everything. It builds confidence. Even if something takes five days, users stop chasing IT if they trust the process. - Include stage-based SLAs.
Split fulfillment into phases — approval, provisioning, delivery — and measure each.
A well-designed request SLA doesn’t just measure performance; it manages expectations.
6. Common Pitfalls I’ve Seen Over the Years
I’ve been pulled into more SLA “cleanup” projects than I can count. The same mistakes appear again and again:
What Happens | Why It Fails | Better Approach |
SLAs tied only to priority | Ignores business context | Anchor to business services |
Dozens of overlapping definitions | Hard to manage or report on | Standardize and consolidate |
Overuse of pause conditions | Inflates compliance | Review pause logic quarterly |
Generic breach alerts | Teams ignore them | Add targeted escalation rules |
No business ownership | IT-only view of success | Involve service owners in SLA design |
When SLAs stop being believable, they stop being useful. Governance fixes that.
7. The Governance Element Nobody Talks About
The best SLA frameworks I’ve seen didn’t start in the configuration console — they started with a conversation.
Before building, sit down with service owners and ask:
- What does “good” look like for your service?
- What are the typical pain points your users report?
- What’s a realistic target your team can meet 95% of the time?
Then form an SLA Council — a small group that meets quarterly to review metrics, retire outdated SLAs, and adjust targets based on real performance.
In one global client, just forming this council cut the number of SLA definitions from 240 down to 38 — and reporting accuracy skyrocketed.
8. Reporting That Tells a Story
One of my favorite parts of SLA design is showing teams how to use the data to tell a story. A dashboard should answer three questions:
- Where are we performing well?
- Where are we slipping?
- What’s driving the trend?
I always recommend breaking SLA reports down by service offering, not team.
Why? Because users care about services — “email,” “VPN,” “HR requests” — not which queue handled them.
The best SLA reports I’ve seen combine:
- Compliance % – how many met target.
- Mean Time to Resolve (MTTR) – average effort.
- Breach reasons – why issues missed the mark.
- CSAT/Experience overlays – how users felt about it.
That’s when SLAs stop being noise and start becoming insight.
9. Continuous Improvement: Keeping SLAs Honest
One truth I’ve learned: if you never breach an SLA, your targets are too generous.
SLAs should challenge the organization — not trap it, but stretch it.
Practical ways to keep them healthy:
- Review SLAs quarterly with service owners.
- Retire ones no one cares about or understands.
- Use historical data to refine targets.
- Keep educating new staff on what SLAs mean and how they’re calculated.
The goal isn’t to “never breach” — it’s to make sure that when you do, it’s meaningful, investigated, and learned from.
10. The Future: SLAs as a Language of Trust
I’ve realized that SLAs are really about language.
They translate operational performance into something the business can understand.
When you stop saying,
“We resolved 95% of P2 incidents within 8 hours,”
and start saying,
“Our core business services met user expectations 95% of the time this quarter,”
— that’s when you’ve arrived.
That’s when the business starts seeing IT as a partner, not a helpdesk.
Conclusion
Based on my experience, the best SLA frameworks aren’t the ones with the most precision or automation — they’re the ones that are understood, trusted, and acted upon.
SLAs are not clocks; they’re commitments. When aligned to services, governed thoughtfully, and tied to user experience, they stop being a metric and become a mirror of IT’s integrity.
But to get there, you must start with the basics: define your services, start small, and expand gradually. Over time, those few critical service SLAs evolve into a mature, data-driven model that reflects how well IT truly serves the business.
After all, the real measure of a good SLA isn’t the percentage of tickets met — it’s the level of confidence the business has in IT to deliver what it promises.
