Genmar IT
Insights & GuidesGuide

How to Evaluate an IT Provider's SLAs

A vendor-neutral guide to Service Level Agreements in UK IT support. What to expect, what to negotiate, and how to spot the difference between marketing claims and contractual commitments.

8 min read

Key Takeaways

  • 1SLAs should define response times by priority level — not just an "average" response time
  • 2Contractual commitments matter far more than marketing claims about speed and uptime
  • 3Service credits are the test of a provider's confidence — be wary of SLAs without financial penalties for missed targets
  • 4Reasonable SLAs at the £40-60/user tier include 15-minute P1 response, 99.9% uptime, and quarterly business reviews

This guide is vendor-neutral and applies to any UK IT provider. Curious about Genmar's specific SLA commitments? See our SLA page

What an SLA Actually Is

A Service Level Agreement (SLA) is a written, enforceable document that defines the service standards a provider commits to delivering. It's important to distinguish between marketing statistics ('average response under 15 minutes') and contractual commitments that carry consequences when missed. Many IT providers talk about response times on their websites but don't actually have a formal SLA document. Others have SLAs buried in contract appendices that differ significantly from their marketing claims. Before signing with any provider, ask to see their full SLA document — if they can't or won't provide one, that tells you something important.

Priority Levels: The Foundation of a Good SLA

Effective SLAs define response and resolution times by priority level, not as a single average. This ensures critical issues get immediate attention while routine requests are handled appropriately. Good SLAs document the criteria for each priority level so there's no ambiguity about how issues are classified. Priority should be determined by genuine business impact — not by who's complaining loudest or who has the most senior title. Look for SLAs that use objective criteria rather than leaving classification to the provider's discretion.
  • P1 (Critical): Site down, server failure, ransomware, no one can work
  • P2 (High): Single user blocked, key application broken
  • P3 (Medium): Non-urgent issue with workaround available
  • P4 (Low): Requests, password resets, software installs, new starters

Response Time Expectations by Tier

What you should expect depends on what you're paying. Here's a rough guide to reasonable response times at different price points in the UK market:
  • Budget tier (£25-35/user): P1 response 1-2 hours, often best-effort only
  • Standard tier (£40-60/user): P1 response 15-30 minutes, P2 within 1 hour, P3 within 4 hours, P4 within 1 business day
  • Premium tier (£60-80/user): P1 response under 15 minutes, dedicated escalation paths, 24/7 included
  • Enterprise tier (£80+/user): Custom SLAs, dedicated engineers, 4-hour onsite anywhere in UK

What 'Response' Should Mean

A critical point that's often overlooked: 'response time' should mean an engineer actively working on your ticket — not an automated acknowledgement email saying 'we've received your request'. Some providers game their response time statistics by counting automated replies. When evaluating SLAs, ask specifically: does your response time measure when a human starts working on the issue, or just when the system acknowledges receipt?

Uptime Commitments

Uptime percentages sound impressive but mean different things in practice. Here's what the numbers actually translate to in annual downtime:
  • 99% = 3.65 days downtime/year (poor)
  • 99.5% = 1.83 days/year (acceptable for non-critical)
  • 99.9% = 8.76 hours/year (industry standard)
  • 99.99% = 52 minutes/year (premium, often unrealistic for SME pricing)

What Uptime Commitments Cover

Important caveat: uptime SLAs only cover what the provider directly manages. They can't contractually guarantee uptime for third-party cloud services like Microsoft 365 (which has its own SLA from Microsoft), your ISP connection, or any other systems outside their control. A good provider will monitor these services and respond to incidents, but their uptime SLA applies to the infrastructure they operate — servers they manage, networks they control, monitoring platforms they run.

Onsite Response SLAs

For businesses within a provider's local coverage area, reasonable onsite response expectations are: • P1 onsite within 4 business hours • P2 onsite next business day • P3/P4 onsite by mutual scheduling, typically within 3 business days • No travel charges within stated coverage area • Clear definition of 'local' vs 'extended' geography Watch for providers who advertise 'unlimited onsite' but bury travel charges or exclusion zones in the contract. If onsite support is important to you, get the geographic coverage and any exceptions in writing.

Security Incident Response SLAs

Security incident response is increasingly important and should have separate, faster SLAs than general IT support. If your provider includes MDR (Managed Detection and Response) or EDR (Endpoint Detection and Response), the security SLA should be distinct from the helpdesk SLA.
  • Suspected breach response: 15 minutes, 24/7
  • Active threat containment: within 1 hour of detection
  • Critical security patch deployment: within 72 hours of vendor release
  • Standard security patches: within 14 days
  • Written post-incident reports: within 5 business days

Reporting and Reviews

How providers report on their SLA performance reveals a lot about their confidence in their delivery. Look for:
  • Monthly service reports showing SLA compliance percentage
  • Quarterly business reviews with strategic discussion (not just account management)
  • Annual IT roadmap and risk review
  • Clear, accessible documentation of all systems they manage

Why Compliance Percentage Matters

Watch for providers who report 'average' response times rather than SLA compliance percentage. The average can be misleadingly good if most tickets are low-priority. What matters is the compliance figure — how often they actually hit their contractual commitments for each priority level. A provider might have an 'average response time of 12 minutes' while still missing 30% of their P1 commitments. The compliance percentage tells the real story.

Service Credits: The Real Test

Service credits are financial penalties applied when SLAs are missed. They're the mechanism that gives SLAs teeth — without them, commitments are just marketing. Many UK MSPs resist service credits or cap them heavily. Their willingness to negotiate here reveals their confidence in their own delivery. A flat refusal to include any service credits is a significant red flag. Reasonable service credit structures include:
  • 5% monthly fee credit per missed P1 response SLA
  • 10% credit for sustained SLA failure (3+ breaches in a month)
  • Right to terminate without penalty after 3 consecutive months of failure
  • Automatic application — you shouldn't have to claim credits

Coverage Hours

Standard coverage for the £40-60/user tier is business hours — typically 8am-6pm Monday to Friday, sometimes including Saturday morning. 24/7 coverage typically adds 20-40% to the monthly cost, or comes bundled with MDR/SOC services that require round-the-clock monitoring anyway. Out-of-hours emergency support should be explicitly priced and SLA'd. Be wary of vague 'we'll do our best' arrangements — you need to know exactly what happens when something breaks at 10pm on a Sunday.

Red Flags in IT Provider SLAs

Warning signs that suggest an SLA isn't worth the paper it's written on:
  • 'Average' response times instead of priority-tiered commitments
  • No service credits for missed SLAs
  • Vague language ('reasonable efforts', 'where possible', 'subject to availability')
  • No defined priority criteria — provider unilaterally decides priority level
  • Onsite response excluded or charged separately despite 'unlimited onsite' marketing
  • No written SLA document, only marketing copy
  • SLA buried in contract appendices and not freely available before signing
  • Refusal to share their SLA document during the sales process
  • Long contract lock-ins with weak SLA commitments

Questions to Ask Before Signing

Before committing to any IT provider, get clear answers to these questions:
  • Can I see your full SLA document before signing?
  • How do you define each priority level?
  • What service credits apply when you miss SLA targets?
  • How do you report SLA compliance, and how often?
  • What's your average SLA compliance percentage over the past 12 months?
  • Are onsite visits included within my geography?
  • What's covered out-of-hours, and at what cost?
  • How quickly will you respond to a suspected security incident?
  • Who do I escalate to when something goes wrong?
  • What's your termination clause if you persistently miss SLAs?

What to Expect at the £40-60/user Tier

For UK SMEs paying £40-60/user/month — the standard tier for quality managed IT support — these are reasonable SLA expectations. If a provider in this price range can't or won't commit to most of the below, ask why.
  • P1 response: 15 minutes business hours
  • P2 response: 1 hour
  • P3 response: 4 hours
  • P4 response: 1 business day
  • 99.9% uptime on managed infrastructure
  • First-call resolution rate above 70%
  • Helpdesk answer time under 60 seconds
  • Onsite response within 4 hours for P1 in local area
  • Service credits with teeth
  • Monthly SLA compliance reporting
  • Quarterly business reviews

Related Services

IT Support ServicesView Our SLA CommitmentsSee Pricing

Related Guides

How Much Managed IT Costs

UK pricing benchmarks and what to expect at different price tiers

How to Choose an IT Support Provider

A practical guide to evaluating and selecting IT partners

What Good Managed IT Should Include

Essential services that should be in any managed IT package

Free Consultation

Want to discuss your IT needs?

Get in touch today for a free, no-obligation conversation about how we can help your business.

Let's talkView all guides