What Is an SLA? A Small Business Owner's Guide

Updated April 19, 2026

An SLA is a service level agreement. It's a contract between your business and a service provider that defines what level of service you're paying for, what happens when the provider fails to deliver, and what you're entitled to when they do.

If you use cloud software, internet service, hosted email, VoIP phones, or managed IT services, you have SLAs governing those relationships right now. Most small business owners have never read them. That's a problem, because when your systems go down and the provider points to the fine print, you'll wish you had.

This guide explains what SLAs are, what the numbers actually mean, where the fine print hurts, and how to use SLAs to protect your business instead of just accepting whatever the vendor sends over.

What an SLA actually covers

At its core, an SLA defines three things: what the provider promises to deliver, how performance is measured, and what happens when the promise is broken.

For most small business IT services, the SLA covers some combination of these:

Uptime guarantee. The percentage of time the service will be available. This is the number most people focus on. A 99.9% uptime guarantee means the provider commits to no more than 8 hours and 46 minutes of downtime per year.

Response time. How quickly the provider acknowledges your support request. "Response time" is not the same as "resolution time." A 4-hour response time means they'll acknowledge the problem within 4 hours. It says nothing about when the problem gets fixed.

Resolution time. How long the provider commits to actually fixing the issue. Many SLAs don't include resolution time guarantees at all. If yours doesn't, the provider has no contractual obligation to fix problems within any specific timeframe.

Remedies. What you get when the provider misses their commitments. Usually this means service credits, a discount on next month's bill. Rarely does it mean actual compensation for your losses.

Exclusions. What doesn't count as downtime under the SLA. This is where the fine print matters most, and we'll cover it in detail below.

What the uptime numbers actually mean

The difference between 99% and 99.99% sounds small. It isn't. Here's what each uptime level translates to in real downtime per year:

99% uptime: 87.6 hours of downtime per year. That's more than 3.5 full days. Almost no business can absorb that.

99.5% uptime: 43.8 hours per year. Nearly two full days. This is the floor for most SaaS vendors.

99.9% uptime: 8 hours and 46 minutes per year. This is the most common guarantee for business-critical cloud services. It sounds good until you realize that's an entire business day of potential downtime.

99.99% uptime: 52 minutes and 36 seconds per year. Ten times less downtime than 99.9%. This is typical for payment processing, authentication systems, and core infrastructure.

99.999% uptime: 5 minutes and 15 seconds per year. "Five nines" is the gold standard. Extremely expensive to deliver and rarely offered to small business customers.

The jump from each level to the next requires exponentially more infrastructure, redundancy, and engineering. That's why the price difference between 99.9% and 99.99% is significant, and why most small businesses operate with 99.9% or less.

Here's the question that matters: if your most critical system went down for 8 hours this year, what would it cost you? If you don't know, the downtime cost calculator will give you a number in about two minutes. That number tells you whether your current SLA is adequate or whether you need to negotiate for better terms.

Why SLA service credits don't protect you

This is the part most business owners don't understand until after an outage.

When a provider misses their uptime guarantee, the standard remedy is a service credit. That's a percentage discount on your next bill. Typical structures look like this: if uptime drops below 99.9%, you might get 10% off that month's fee. Below 99%, maybe 25%. Below 95%, possibly 100% of that month's fee credited back.

Sounds reasonable until you do the math.

Say you pay $500 per month for a hosted business application. The provider has a major outage that takes your team offline for a full business day. Your actual losses, based on lost productivity and revenue, might be $8,000 to $15,000. Your service credit? Somewhere between $50 and $500.

That's the gap. SLA credits are designed to limit the provider's liability, not to compensate your actual losses. Over half of significant outages cost businesses more than $100,000, according to Uptime Institute data. The average SLA breach penalty covers 5 to 25% of the monthly service fee. For a small business paying a few hundred dollars a month, that credit is meaningless against a five-figure loss.

This isn't an argument against SLAs. It's an argument for understanding what they actually protect and planning for what they don't.

The fine print that matters

The exclusions section of an SLA is where providers reduce their obligations. Every SLA has them. The question is how aggressive they are.

Watch for these common exclusions:

Scheduled maintenance windows. Most SLAs exclude planned maintenance from uptime calculations. If the provider takes the system offline for 4 hours every month for maintenance, those hours don't count as downtime. Your team is still unable to work, but contractually the provider hasn't violated anything.

"Force majeure" definitions. Standard force majeure covers natural disasters and acts of war. Some providers expand this to include "internet disruptions," "third-party failures," or "circumstances beyond our control." The broader the definition, the more excuses the provider has.

How downtime is measured. Some providers only count downtime when their own monitoring detects it. If your service is down but their monitoring system says it's up, you may have to prove the outage occurred. Check whether the SLA uses provider-side monitoring, third-party monitoring, or customer-reported incidents as the measurement standard.

Claim filing requirements. Many SLAs require you to file a credit claim within a specific window, sometimes as short as 7 days after the incident. If you don't file in time, you forfeit the credit, even if the outage was the provider's fault.

Credit caps. Most SLAs cap the total credits you can receive in a given period. A common cap is 100% of one month's fees per year. Even if you experience multiple major outages, you'll never get back more than one month of service cost.

The more exclusions an SLA contains, the less meaningful the uptime guarantee becomes. Read the exclusions before you sign. If they're excessive, that tells you something about how the provider expects to perform.

What to look for in a good SLA

Not all SLAs are equal. Here's what separates a meaningful agreement from a marketing checkbox:

Clear uptime definition. The SLA should specify exactly what "uptime" means. Is it the ability to log in? The ability to complete core functions? Partial degradation that makes the system unusable should count as downtime, not just total outages.

Specific response and resolution times. Response time alone is insufficient. Look for resolution time commitments, or at minimum escalation procedures with defined timelines. A 15-minute response time means nothing if resolution takes 3 days.

Reasonable exclusions. Some exclusions are fair. Scheduled maintenance with advance notice, customer-caused issues, and genuine force majeure are standard. Broad, vague exclusions are a red flag.

Proactive notification. The provider should commit to notifying you when an incident occurs, not wait for you to discover the problem yourself. The SLA should specify notification timelines and channels.

Transparent reporting. Monthly or quarterly reports showing actual uptime performance against the SLA target. If a provider won't share this data, they either don't track it or don't want you to see it.

Meaningful remedies beyond credits. The best SLAs include escalation paths, root cause analysis requirements after incidents, and termination rights if the provider repeatedly fails to meet commitments. Credits alone leave you subsidizing poor service.

How to actually use your SLAs

Having an SLA is only useful if you actively manage it. Most small businesses sign the agreement and never look at it again. Here's what to do instead:

Read your current SLAs. Every cloud service, ISP, VoIP provider, and managed IT service you use has one. Collect them. Read the uptime guarantees, the exclusions, and the credit claim process. This takes an afternoon and it's the single highest-leverage step.

Track actual performance. You can't hold a provider accountable if you don't know when they missed their targets. Basic uptime monitoring tools exist at every price point, including free. Set them up for your critical services.

File claims when providers miss their commitments. Most businesses never file SLA claims, even when they're entitled to credits. The provider isn't going to volunteer the money. You have to ask. And you have to ask within the filing window specified in the SLA.

Use SLA performance in vendor reviews. When a contract comes up for renewal, SLA performance data is leverage. A provider who missed their uptime guarantee 4 times last year is either going to improve their terms or lose your business. Without the data, you have no negotiating position.

Negotiate before you sign, not after an outage. The time to push for better SLA terms is during the sales process, when the provider wants your business. After you've signed, your leverage drops significantly. Ask for higher uptime commitments, shorter resolution times, and broader remedies. The worst they can say is no.

Third-party provider failures account for 39% of network outage causes, according to the Uptime Institute. That means roughly 4 out of 10 times your business goes down, it's because a vendor you're paying failed to deliver. Your SLAs are the only contractual tool you have to manage that risk.

SLAs for common small business services

Here's what you should expect from the services most small businesses use:

Internet service (ISP). Business-class internet typically offers 99.9% uptime with 4-hour response for outages. Residential plans rarely have meaningful SLAs. If your business runs on a residential internet plan, you have no contractual uptime guarantee at all. This is why a second connection from a different provider matters.

Cloud email and productivity (Microsoft 365, Google Workspace). Both offer 99.9% uptime for their core services. The fine print differs. Microsoft measures uptime as user-minutes, meaning partial availability to some users may count as "up." Google measures at the service level. Both offer credits starting at 10% for falling below 99.9%.

VoIP and phone systems. Business VoIP providers typically guarantee 99.99% uptime. Phone downtime is especially visible to customers, so providers tend to set higher targets here. Check whether the SLA covers call quality or just call connectivity.

Managed IT services (MSPs). SLAs from managed service providers vary widely. Look specifically for response time, resolution time, and whether proactive monitoring is included. An MSP that only reacts to problems you report is not providing managed service.

Cloud hosting and SaaS applications. Most SaaS vendors guarantee 99.5% to 99.9%. Check whether the guarantee applies to the specific features you depend on or just to "the platform" as a whole. A platform that's technically "up" but whose reporting module is broken for 3 days may still be meeting its SLA.

The bottom line

An SLA is not a guarantee that things won't break. It's a contract that defines what the provider owes you when they do. The uptime number on the sales page is marketing. The SLA document is the commitment.

Most small business owners accept default SLA terms without reading them, never track performance, and never file claims when providers miss their targets. That means they're absorbing the full cost of vendor failures with no recourse.

Start by reading the SLAs you already have. Track actual uptime for your critical services. File claims when providers fall short. Use the data when contracts come up for renewal.

If you want to understand what vendor downtime actually costs your business, run the free downtime cost calculator. It puts a dollar amount on every hour of downtime, which is exactly the number you need when you're deciding whether a 99.9% guarantee is good enough or whether you need to push for more.

And if you want a structured way to identify all the gaps in your IT resilience, including vendor dependencies, take the free Downtime Risk Self-Assessment.