# Contracts, SLAs, OLAs, MOUs One-sentence definition: Legal/operational agreements defining obligations, service levels, responsibilities, and remedies. ## Key Facts - Contract: enforceable terms; includes security/privacy addendums. - SLA: performance metrics/targets (uptime, response, resolution). - OLA: internal agreements supporting SLAs across teams. - MOU/MOA: mutual intent; less enforceable; clarify expectations. - Include breach notification, right-to-audit, data ownership/return. - Align with risk, compliance, and business continuity needs. - **Verify:** check official (ISC)² CBK and current exam outline. ## Exam Relevance - Select missing/critical clauses for a scenario. **Mnemonic:** “**SLA out, OLA within**.” ## Mini Scenario Q: Vendor objects to 24h breach notice—risk? A: Delayed response and regulatory noncompliance. ## Revision Checklist - Differentiate SLA vs OLA vs MOU. - List 3 key security clauses. - Tie SLA to KPI reporting. ## Related [[Third-Party Risk Management (TPRM)]] · [[SCRM]] · [[Compliance and Regulatory Concepts]] · [[Cyber Insurance and Risk Financing]] · [[Security Audits and Assessment Types]] · [[Domain 1 - Index]]