Negotiating Salesforce SLA

Salesforce SLA Review Checklist: Key Points to Consider

Salesforce SLA Review Checklist

  • Review uptime guarantees and penalties for non-compliance.
  • Ensure support response and resolution times meet business needs.
  • Check data security and compliance provisions.
  • Verify service termination terms and refund policies.
  • Clarify the roles and responsibilities of both parties.
  • Assess disaster recovery and backup plans.
  • Confirm customization and integration support.
  • Align SLA metrics with business goals.

Salesforce SLA Review Checklist

Core SLA Components

1. Core SLA Components

Service Availability

Service availability is at the heart of your SLA. It defines how often the Salesforce system should be available and operational.

Key points to focus on include:

  • System Uptime Guarantees: What percentage of the time should the system be available? Often, companies aim for 99.9% uptime.
  • Response Time Commitments: What is the maximum acceptable response time for different services?
  • Performance Benchmarks: Set specific, measurable criteria for how Salesforce should perform.
  • Scheduled Maintenance Windows: Ensure these are communicated and planned during non-critical hours to minimize business disruption.

When reviewing, negotiate for higher availability during your key business hours and make sure limitations or exceptions are clearly defined.

Incident Management

Another crucial aspect of Service Availability is how incidents are managed. Include provisions for:

  • Incident Classification: Clearly define how incidents are classified by severity—critical, high, medium, and low.
  • Response Protocols: Document how Salesforce or your support team should respond to each type of incident.
  • Escalation Matrix: Establish an escalation path for unresolved issues. Make sure responsibilities are clear to reduce delays in resolution.
  • Root Cause Analysis (RCA): Ensure the SLA mandates RCAs for recurring or major issues and provides delivery timelines.

Notifications and Alerts

Your SLA should also include guidelines for Notifications and Alerts. Proper communication can significantly reduce the business impact of issues:

  • Incident Alerts: Ensure you receive timely alerts about incidents impacting system availability.
  • Maintenance Notifications should be provided well in advance, especially for scheduled maintenance. Ideally, they should also include an impact analysis.
  • Downtime Alerts: Notifications for scheduled and unplanned downtimes should include details on the expected impact and the estimated duration.

2. Data Management

Data Management

Effective Data Management provisions in your SLA ensure your organization’s information is protected and well-managed.

Here’s what you need to include:

  • Data Retention Policies: Understand how long Salesforce will keep your data and where it is stored.
  • Backup and Restore Processes: Clearly outline backup schedules and the time to restore data after an incident.
  • Development Instance Backups: Make sure your sandboxes or development instances are also covered under these policies.
  • Data Export Formats and Procedures: Confirm how to export your data, in which formats, and any costs involved.

Data Integrity and Security

Data Management is not just about storing data; it’s about keeping it secure and intact:

  • Encryption Standards: Encrypt all data at rest and in transit. Check the encryption protocols and confirm they comply with your organization’s security requirements.
  • Access Control: The SLA should include a detailed access control policy specifying who has access to which data types.
  • Audit Trails: Ensure audit trails are maintained for key data activities, such as who accessed the data and when, and that you can access these logs if necessary.

Disaster Recovery Protocols

In addition to backups, include Disaster Recovery Protocols:

  • Recovery Point Objectives (RPO): Establish how much data you could lose in a worst-case scenario.
  • Recovery Time Objectives (RTO): Define how quickly data recovery should be completed.
  • Regular Testing: Ensure that Salesforce conducts regular disaster recovery tests and requests that your team is included in the process or notified of the results.

3. Performance Monitoring

Performance Monitoring

Metrics and Reporting

Performance Monitoring is crucial to ensure your Salesforce setup works as expected and meets your business needs. The SLA should specify:

  • Quantifiable Performance Indicators: Examples include API response times, record creation rates, and system stability metrics.
  • Reporting Schedules: Define how often you’ll receive reports on these metrics. Monthly reports are common but may vary.
  • Monitoring Responsibilities: Identify who is responsible for monitoring and ensure your team can access these monitoring tools.
  • Verification Methods: Describe how you’ll verify whether Salesforce meets the metrics, such as through manual checks, automated tests, or third-party verifications.

User Experience Metrics

In addition to technical metrics, include User Experience (UX) Metrics:

  • Page Load Times: Set benchmarks for how long Salesforce pages should take to load.
  • Transaction Speeds: Establish acceptable times for completing common actions, like creating or updating records.
  • User Satisfaction Surveys: We request that Salesforce periodically conduct user satisfaction surveys and share the results, especially regarding system performance.

4. Breach Management

Breach Management

Knowing what happens if Salesforce doesn’t meet SLA expectations is vital. Your SLA should address Breach Management:

  • Service Credits: Typically, customers receive credits if service fails to meet the agreed standards.
  • Penalty Payments: You may negotiate penalties for continued or serious breaches.
  • Resolution Timeframes: Define how quickly Salesforce should resolve incidents.
  • Escalation Procedures: Have clear steps for escalation if issues aren’t resolved promptly.

Escalation Pathways

Include Escalation Pathways that outline:

  • Primary Points of Contact: Who to contact in case of a breach, both on your team and within Salesforce.
  • Management Involvement: When and how higher management gets involved if breaches continue without proper resolution.
  • Service Reviews: Set up formal service review meetings after any breach to ensure accountability and prevent recurrence.

5. Legal and Compliance

Legal and Compliance

Contract Protection

Ensure your SLA provides Legal and Compliance protection for your investment:

  • Document Product Functionality: Salesforce’s features and capabilities should be documented as part of the SLA to prevent feature removals.
  • Intellectual Property Rights: Protect any IP, such as customizations, from your usage.
  • Contract Modifications: Include clauses that cover changes to the SLA over time.
  • Price Stability: Secure stable pricing for the duration of the SLA to prevent unexpected cost hikes.

Compliance with Regulations

If your organization is subject to specific regulations, make sure Compliance with Regulations is included:

  • GDPR/CCPA: Ensure Salesforce provides guarantees regarding data handling to meet regulatory requirements like GDPR or CCPA.
  • Audit Rights: You should have the right to audit Salesforce’s compliance with relevant regulations.
  • Documentation of Compliance: Request documented evidence that Salesforce meets all applicable regulatory requirements, which should be included in the SLA.

Security and Audit

Data security is non-negotiable. Make sure your SLA includes these key points:

  • Data Protection Requirements: Outline data encryption standards and other protections.
  • Self-Audit Rights: Your business should have the right to conduct self-audits to ensure compliance.
  • Third-Party Audits: Check if third-party audits are part of the agreement, adding an extra layer of transparency.
  • Incident Reporting: Specify the timeframe and method for Salesforce to notify you of any data breaches.

6. Technical Considerations

Technical Considerations

Code Quality Standards

Salesforce implementations often involve custom code. Ensure the SLA includes Code Quality Standards such as:

  • Code Reviews: Require periodic reviews for custom-developed features.
  • Testing Protocols: Specify unit testing, regression testing, and any other testing standards.
  • Performance Benchmarks: Establish standards for the code’s performance, such as loading times or query performance.
  • Documentation Standards: Customizations must be documented thoroughly to support future troubleshooting or changes.

Testing Environment Requirements

Include requirements for Testing Environments:

  • Sandbox Testing: Ensure adequate sandbox environments are available for different types of testing, such as UAT, performance, and integration testing.
  • Data Masking: For testing environments, ensure customer data is properly masked to maintain privacy.
  • Automated Testing: Automated testing is required for all significant customizations to ensure high quality and performance.

Best Practices Implementation

Salesforce is built for scalability. Best Practices Implementation helps keep it sustainable:

  • Bulkified Code Requirements: Code must handle large data sets efficiently.
  • Trigger Framework: Ensure customizations use a trigger framework that handles changes logically.
  • Test Coverage Minimums: Custom code is required to achieve high test coverage, typically above 80%.
  • SOLID Principle Adherence: Follow good coding practices to maintain flexibility and quality.

Integration Considerations

Many companies integrate Salesforce with other systems. Make sure the SLA covers Integration Considerations:

  • API Rate Limits: Specify rate limits for APIs, especially if you have many integrations.
  • Data Consistency: Set rules for maintaining data consistency across systems.
  • Error Handling: Ensure integration errors are logged, reported, and resolved within specified timeframes.

7. Flexibility and Scalability

Flexibility and Scalability

Business Changes

Your organization may change over time—your Salesforce setup should evolve too. Look for flexibility provisions like:

  • M&A Provisions: Make sure the SLA can accommodate mergers or acquisitions.
  • Affiliate Coverage: Include coverage for subsidiaries or newly formed business units.
  • User Count Flexibility: Your SLA should accommodate fluctuating numbers of users without penalty.

Implementation Phases

Salesforce projects are often implemented in phases:

  • User Subscription Scaling: Define the process for scaling user subscriptions as phases roll out.
  • Phase-Specific Requirements: Each implementation phase may have its own SLA needs—ensure these are specified.
  • Transition Period Accommodations: Allow some flexibility during the transition from one phase to the next.

Capacity Management

Scalability isn’t just about adding users; it’s about making sure the system can handle increased load effectively:

  • System Load Metrics: Define acceptable limits for system load as usage scales.
  • Scaling Protocols: Outline the steps Salesforce will take to ensure scalability, such as increasing server capacity or adding new instances.
  • Performance Reviews: Regularly review how Salesforce handles growth to prevent performance degradation.

8. Service Delivery

Service Delivery

Support Levels

Support is an essential aspect of the SLA. Include details on:

  • Response Times: Specify how long it takes for a support representative to respond to issues.
  • Resolution Timeframes: Set deadlines for resolving different issues based on severity.
  • Support Channel Availability: Which channels are available—phone, email, corhat? Specify availability times.
  • Escalation Procedures: Outline what happens if a problem can’t be resolved at the initial support level.

Proactive Support and Monitoring

Consider including Proactive Support clauses:

  • System Health Checks: Salesforce is required to perform regular system health checks and share the results.
  • Performance Alerts: Set up alerts for issues that may impact performance, even if they haven’t yet led to a problem.
  • Optimization Recommendations: Salesforce should provide periodic recommendations for optimizing system performance based on their monitoring.

Maintenance Windows

Planned maintenance is a part of any cloud service. Your SLA should cover:

  • Scheduled Downtime: Agree on when maintenance will happen, ideally outside peak business hours.
  • Emergency Maintenance Procedures: Have guidelines for how emergency maintenance is handled.
  • Communication Requirements: Establish how far in advance Salesforce will notify you about planned maintenance.
  • Impact Minimization Strategies: To minimize the effect of maintenance on your business, you can provide alternate solutions or additional support during downtime.

9. Exit Strategy

Exit Strategy

At some point, you may need to switch systems or end your Salesforce use. Make sure there is an Exit Strategy:

  • Notice Period Requirements: Clearly define how much notice is required to terminate the SLA.
  • Data Extraction Procedures: Ensure Salesforce will assist in securely extracting your data.
  • Transition Assistance: If moving to another platform, request help to smooth the transition.
  • Knowledge Transfer: Include provisions for transferring relevant knowledge and documentation during exit.

Third-Party Vendor Transition

If you switch vendors, your Exit Strategy should cover:

  • Vendor Cooperation: Ensure Salesforce cooperates with the new vendor for a smooth transition.
  • Data Integrity During Transition: Confirm that all data is kept intact and errors are minimized during migration.
  • Support Overlap: Plan for a support overlap period where Salesforce and the new vendor are available to resolve post-transition issues.

10. Risk Management

Risk Management

Contingency Planning

Things don’t always go as planned, and having a Risk Management section is critical:

  • Disaster Recovery: Ensure the SLA outlines Salesforce’s responsibilities for disaster recovery.
  • Business Continuity: Include requirements that ensure your Salesforce solution continues running during crises.
  • Failover Testing: Request regular testing of failover systems to ensure readiness.
  • Incident Response Protocols: Define how Salesforce should respond in the event of an incident.

Risk Identification and Mitigation

Your SLA should include specific provisions for Risk Identification:

  • Periodic Risk Assessments: Schedule regular assessments to identify new risks related to changes in your business or Salesforce’s capabilities.
  • Mitigation Strategies: Establish strategies for mitigating identified risks, such as changes in backup procedures or additional training.
  • Communication Plans: Ensure that everyone in your organization understands the risk management protocols and their role during a contingency event.

Continuous Improvement

Your business and Salesforce both evolve. Include a Continuous Improvement clause:

  • Regular Review Schedules: Schedule regular SLA reviews, annually or bi-annually.
  • Performance Metric Adjustments: Allow for metrics to evolve as your usage and needs change.
  • Service Level Modifications: Modify service levels to align with changing business demands.
  • Technology Updates: Ensure your SLA considers future Salesforce releases and technology changes.

Regular Training and Skill Updates

Continuous improvement also means that people must keep pace with the technology:

  • Salesforce Updates: Ensure that Salesforce provides training sessions whenever significant system updates occur.
  • Staff Training Requirements: Include provisions for ensuring your internal staff maintains relevant Salesforce certifications and skill sets.
  • Knowledge Sharing: Request that Salesforce provides access to knowledge bases or other materials to help your team keep skills up-to-date.

FAQs – Salesforce SLA Review Checklist: Key Points to Consider

What should I prioritize when reviewing a Salesforce SLA?
Focus on uptime guarantees, response and resolution times, support availability, and data security. For example, ensure the SLA promises at least 99.9% uptime and quick response times for critical issues.

How can I confirm Salesforce’s uptime guarantees are reliable?
Look for specifics in the SLA, such as the guaranteed uptime percentage (usually 99.9% or higher) and any exclusions, such as scheduled maintenance. Uptime guarantees that your operations will be minimally disrupted.

What penalties apply if Salesforce doesn’t meet its SLA obligations?
Penalties often include service credits or refunds. For instance, if Salesforce’s uptime drops below the agreed percentage, you might receive a discount on your next billing cycle.

Are response times for issues clearly defined in Salesforce SLAs?
Yes, response times are typically categorized based on issue severity. Critical issues may have a one-hour response time, while lower-priority problems might take longer.

Does Salesforce offer support for customized solutions in its SLA?
Standard SLAs usually do not cover customizations. If your Salesforce instance is heavily customized, you might need a separate support agreement or partner assistance.

Are integrations with third-party apps included in the SLA?
No, Salesforce SLAs exclude issues caused by third-party apps or integrations. You are responsible for managing and troubleshooting external connections.

What security measures are covered in Salesforce SLAs?
SLAs often detail data encryption, compliance with regulations like GDPR, and measures for safeguarding sensitive information. These guarantees ensure your data remains protected.

What disaster recovery terms are typically included in Salesforce SLAs?
Salesforce specifies recovery time objectives (RTO) and recovery point objectives (RPO). For example, the RTO might commit to restoring service within a few hours after an outage.

How do I negotiate better SLA terms with Salesforce?
Enterprise customers can often negotiate improved terms, like faster response times or higher uptime guarantees. Work with your Salesforce account manager to address your specific needs.

What exclusions should I watch for in Salesforce SLAs?
Common exclusions include issues caused by third-party apps, customer-side problems, and events beyond Salesforce’s control, such as natural disasters.

How can I monitor Salesforce’s SLA compliance?
Use Salesforce’s built-in performance tracking tools or third-party monitoring services to ensure they meet SLA commitments. Keep detailed records of any incidents.

What is the process for reporting SLA violations?
Document the issue, including timestamps and detailed descriptions, then file a report with Salesforce support. Follow the process outlined in the SLA for resolution or compensation.

How does Salesforce define critical issues in its SLA?
Critical issues typically involve service outages, severe performance degradation, or inaccessible core features. These problems are usually prioritized with faster response times.

What are some examples of SLA metrics that align with business goals?
If uptime is crucial for customer support, prioritize high availability guarantees. If rapid issue resolution is important, ensure response and resolution times meet your needs.

How often should I review my Salesforce SLA?
Review the SLA annually or whenever your business undergoes significant changes, such as scaling operations or adopting new Salesforce features. Regular reviews ensure the SLA remains aligned with your objectives.

Author