cisa-d4-operations-resilience-it-service-level-management

IT Service Level Management

isaca-cisa · framework · Gold standard

Drawn fromCISA Review Manual · ISACA peer-reviewed case sets·Reviewed May 4, 2026

How this was built ▾

Every cubelet runs through five agent passes before publishing. Each stage's output is recorded so we can trace how a claim got here.

01 · RESEARCHSource synthesisClaude Haiku
02 · WRITERSix-face draftingClaude Sonnet
03 · EDITORCoherence + clarity passClaude Sonnet
04 · QAQuality gate scoringClaude Opus
05 · PUBLISHERCatalog + graph commitClaude Haiku

This runcourse-factory-pipeline-v1

1

Face 1 of 6 · WHAT

What is IT Service Level Management

IT Service Level Management (SLM) is the governance framework that defines, negotiates, monitors, and continuously improves the agreed quality of IT services delivered to business stakeholders. It operates through a hierarchy of formal agreements: Service Level Agreements (SLAs) establish contractual commitments between IT and the business; Operational Level Agreements (OLAs) govern internal IT team interdependencies; and Underpinning Contracts (UCs) hold third-party vendors to the performance standards required to meet SLAs. SLM also employs Service Level Indicators (SLIs) — measurable proxies for service quality (e.g., request latency, error rate, availability percentage) — and Service Level Objectives (SLOs) — internal performance targets set more stringently than SLA thresholds to provide an early-warning buffer before contractual breach. SLM is not a real-time monitoring tool, an incident management process, or a helpdesk ticketing system; those are operational mechanisms that supply data to SLM. SLM is the governance layer that sets targets, tracks compliance, drives accountability, and closes the improvement loop.

Where it stops · what it isn't

—SLM IS: The governance framework for defining, agreeing, measuring, reporting, and improving IT service quality commitments.
—SLM IS NOT: Incident management (which resolves individual service disruptions) or problem management (which eliminates root causes) — though both feed SLM reporting.
—SLM IS NOT: A monitoring platform (e.g., Datadog, Prometheus) — these tools supply SLI data to SLM processes.
—SLM IS NOT: Capacity management or availability management — these are sibling IT operations disciplines that provide inputs to SLA target-setting.
—SLM IS: Directly coupled to Business Impact Analysis (BIA) — SLA tier assignments must reflect BIA criticality rankings.
—SLM DOES NOT replace change management — but every change affecting service availability must be assessed against active SLA commitments.
—SLM scope covers both internal IT services (e.g., email, ERP, network) and externally sourced services (cloud providers, ISPs, SaaS vendors).

Connected concepts in the graph

Every cubelet sits in a knowledge graph. Here's what this one connects to.

PART OF

Information Systems Operations and Business Resilience (CISA Domain 4)

REQUIRES

Business Impact Analysis (BIA)Incident and Problem ManagementIT Change Management

RELATED TO

Systems Availability and Capacity ManagementIT Asset Management

ENABLES

Business Continuity and IT ResilienceVendor and Third-Party Risk Management

CONSTRAINS

IT Operations Delivery (sets performance floors for all operational activity)

Practice this judgment ↗

Adaptive, ~8 min

Sit in the practitioner's chair ↗

Live simulator

06 · APPLYSign up to enter the judgment simulator →

Watch your judgment grow on this concept

Create a free account to unlock all 6 faces, the judgment simulator, and a mastery score that updates with every attempt.