What an SLA actually is (and where it lives)
An SLA converts the vague promise of “reliable service” into numbers a court can enforce: how available the service will be, how fast the provider must react when something breaks, and what the customer gets when the provider falls short. Everything else in the service contract describes what is being delivered; the SLA describes how well — and attaches consequences.
Despite the name, an SLA is rarely a standalone agreement. In SA commercial practice it almost always appears as a schedule to a parent contract — a SaaS subscription agreement, a master service agreement, an outsourcing contract, or a software support and maintenance agreement. That placement matters: the SLA inherits the parent contract’s liability caps, remedy limitations and termination machinery, so the two must be drafted to work together rather than against each other.
A standalone SLA does make sense in two situations: where the underlying relationship is informal or legacy (a long-standing supplier with no proper written contract), or where one operations team needs an internal SLA with another. For everything else, draft it as a schedule — it is cheaper and avoids the conflict-of-documents problem.
The numbers that matter
Uptime percentages compress badly into intuition — the difference between 99% and 99.9% sounds trivial and is anything but. The table below converts the common tiers into what they actually permit: allowed downtime per month, before any exclusions for maintenance windows or force majeure are added on top.
| Uptime commitment | Allowed downtime per month | What it means in practice |
|---|---|---|
| 99% | ~7.3 hours | Entry-level or internal tooling. Rarely acceptable for anything customers depend on during business hours. |
| 99.5% | ~3.65 hours | Common SME SaaS tier. Tolerable for non-critical systems; painful for anything revenue-facing. |
| 99.9% | ~43.8 minutes | The market norm for serious B2B SaaS. The default ask for production systems. |
| 99.95% | ~21.9 minutes | Enterprise tier, usually at premium pricing or on a higher subscription plan. |
| 99.99% | ~4.4 minutes | Mission-critical. Requires genuinely redundant architecture — be sceptical of anyone offering it cheaply. |
Two drafting points hide behind the percentage. First, the measurement period: 99.9% measured monthly allows ~43.8 minutes in any month, but 99.9% measured annually allows nearly 8.8 hours that could all land in one disastrous week — insist on monthly measurement. Second, the exclusions: every minute carved out as scheduled maintenance, customer-caused or force majeure is downtime the percentage never sees.
The eight SLA components
Service description + measurement boundary
Precisely what service is covered and — just as importantly — what is excluded from downtime: scheduled maintenance windows, force majeure events, customer-caused incidents, and failures in third-party dependencies the provider does not control. The exclusions often decide more disputes than the headline percentage.
Uptime commitment + measurement method
The percentage itself, the measurement period (monthly is the customer-friendly standard; annual measurement lets a terrible month disappear into the average), what counts as "down" (full outage vs degraded performance), and whose monitoring data is authoritative.
Severity classification + response/resolution targets
Defined severity levels (typically P1–P4) with response and resolution targets for each. Response means a human has engaged; resolution means the problem is fixed. A 15-minute response target is worthless if resolution is open-ended.
Service credits
The standard remedy for breach: a credit against fees, calculated on a sliding scale keyed to how far the provider missed the target, usually capped at 10–25% of the monthly fee. Watch for "sole and exclusive remedy" wording — it can lock you out of damages and termination for even catastrophic failures, and customers should resist it or carve out chronic failure.
Reporting + transparency
Monthly availability reports, a public status page, incident post-mortems for P1 events, and a right to query or audit the underlying monitoring data. Credits that depend on data only the provider can see are credits you will struggle to claim.
Escalation paths
Named contacts and defined escalation timelines: who gets engaged when an incident is not resolved within target, and at what point it reaches senior management on both sides. Escalation clauses turn an SLA from a scorecard into an operational tool.
Chronic-failure termination right
A defined trigger — for example, three SLA breaches in any six-month period, or any single month below a hard floor — that gives the customer the right to terminate without penalty. Without it, a persistently failing provider just keeps paying small credits while you stay locked in.
Review + benchmark mechanism
A periodic (usually annual) review of the service levels against actual performance and market norms, with a mechanism to adjust targets. Service levels set in year one of a five-year deal should not be frozen while the market moves.
SLAs and SA law
No South African statute prescribes what an SLA must contain, or that a service contract must have one at all. An SLA is pure contract — which cuts both ways. It means the parties have complete freedom to set the standards and remedies that fit the deal; it also means there is no statutory safety net to fall back on if the SLA is badly drafted or missing. The document is the entire source of your service-level rights.
Two qualifications. First, where the Consumer Protection Act applies — consumers and small juristic persons below the asset/turnover threshold — section 54 gives the consumer a right to quality service: timely performance, completion, and goods and workmanship of a quality persons are generally entitled to expect. That is a baseline, not an SLA; it does not give a B2B customer uptime percentages or service credits.
Second, regulated buyers change the game. Banks, insurers and FSPs operate under operational-resilience and outsourcing requirements imposed by their regulators, and they cascade those obligations into vendor SLAs: recovery time and recovery point objectives, incident-notification deadlines, audit and regulator-access rights, and exit assistance. If you sell technology services into financial services, expect your SLA to be a procurement battleground — and architect your service so you can honestly sign what they send you.
Negotiating an SLA: provider vs customer playbook
The same eight components get pulled in opposite directions depending on which side of the table you sit. Knowing the other side’s playbook is half the negotiation.
If you are the provider
Commit only to what your architecture can actually deliver — a marketing-driven 99.99% on single-region infrastructure is a standing breach. Define downtime narrowly and exclude what you genuinely cannot control: maintenance windows, customer-caused incidents, force majeure, upstream cloud failures. Cap service credits, make them the customer’s remedy of first resort, and issue them as credits against future fees rather than cash. Resist resolution-time guarantees for P1 incidents you cannot bound — commit to response and continuous effort instead. And keep one SLA per tier, not a bespoke SLA per customer, or your operations team ends up tracking fifty different promises.
If you are the customer
Insist on monthly measurement and interrogate the exclusions — an unlimited maintenance-window carve-out can swallow the entire commitment. Make credits automatic rather than claim-based: short claim windows (“notify within 5 days or forfeit”) are designed to go unexercised. Push back on sole-remedy wording, or at minimum carve out chronic failure so credits do not become a licence to fail cheaply. Demand the chronic-failure termination right with a concrete trigger, a status page plus monthly reporting so breaches are visible without a fight, and named escalation contacts. Finally, check the parent contract: a liability cap or remedies clause in the master agreement can quietly neuter everything the SLA schedule appears to give you.
Frequently asked
What is a service level agreement (SLA)?
A service level agreement is the contractual commitment to measurable service standards: how available the service will be (uptime percentage), how quickly the provider will respond to and resolve problems (by severity level), and what happens when those standards are missed (usually service credits). It is most often a schedule to a SaaS subscription, master service agreement, outsourcing or support contract rather than a standalone document — but it is where the abstract promise of "reliable service" becomes an enforceable number.
What uptime percentage should I ask for?
For production B2B systems, 99.9% measured monthly is the reasonable default ask — that allows roughly 43.8 minutes of downtime per month. 99.5% (about 3.65 hours per month) is tolerable for non-critical systems. Be wary of headline figures measured annually rather than monthly: 99.9% annual allows nearly 8.8 hours of downtime that could all land in one catastrophic week. And be sceptical of 99.99% offered at commodity pricing — that level requires genuinely redundant infrastructure.
What are service credits typically worth?
Typically 5–25% of the monthly fee, on a sliding scale keyed to how badly the target was missed, and almost always capped. That means a service credit is compensation in name only — it rarely approaches the actual loss a business suffers from an outage. This is why the "sole and exclusive remedy" wording matters so much: if credits are your sole remedy, you cannot claim damages or terminate no matter how bad the failure. Customers should resist sole-remedy clauses or, at minimum, carve out chronic failure and the right to terminate.
Is an SLA legally required in South Africa?
No. No SA statute prescribes that a service contract must contain an SLA or what one must say — it is pure contract. The Consumer Protection Act gives consumers a right to quality service under section 54 where the CPA applies, but for ordinary B2B technology contracts the SLA is the only source of enforceable service standards. That makes it commercially essential even though it is not legally mandatory: without one, "the service was slow all month" is a complaint, not a claim.
What is the difference between an SLA and a support agreement?
They overlap but answer different questions. The SLA defines measurable standards for the service itself — availability, response and resolution times, and remedies for missing them. A support agreement (or support schedule) defines the support service: channels, support hours, what is included versus billable, named contacts, and maintenance arrangements. In practice the two are often combined into a single schedule, but the SLA components carry the remedies and need the most careful drafting.
Can I terminate a contract for chronic SLA failure?
Only reliably if the contract says so. A well-drafted SLA includes a chronic-failure termination right with a defined trigger — for example, three breaches in six months, or any month below a hard floor like 98%. Without that clause, you are left arguing that repeated SLA breaches amount to a material breach of the whole agreement, which is uncertain and expensive to litigate — especially if a sole-remedy clause says credits are all you get. Negotiate the exit before you need it.
How do regulated industries change SLA requirements?
Regulated buyers — banks, insurers, FSPs and other financial institutions — operate under operational-resilience and outsourcing requirements imposed by their regulators, and they cascade those requirements into vendor contracts. Selling into that market typically means accepting stronger SLA terms: defined recovery time and recovery point objectives, incident-notification deadlines, audit and regulator-access rights, exit assistance, and sometimes step-in rights. Providers should price and architect for this rather than discovering it during procurement.
What does SLA drafting cost in South Africa?
From R7,500 to draft an SLA as a schedule to an existing agreement (the most common scenario — attached to a SaaS subscription, MSA or support contract), and from R12,000 for a standalone service level agreement. Reviewing and negotiating a counterparty's SLA is typically less. The cost is small against what is at stake: the SLA is the clause set that determines what you can actually do when the service fails.