IT Examiner School eBook May 2025

Internal Use Only

Contract Issues & Considerations

Service Level Agreements (SLAs)

Pricing Methods

Exit Strategies / Data Deconversion

Contract Inducement

Internal Use Only

Ongoing Monitoring & Reassessment

Periodic re-assessment of all vendors regardless of risk or criticality

Monitoring of key SLAs Consideration of performance outliners, such as security incidents such as Crowdstrike

Monitoring of provider’s financial condition

Periodic re-evaluation of provider’s general control environment and policies (including cybersecurity, business continuity, and insurance coverage)