Skip to content

Legal · SLA targets

SLA targets

Last updated: 13 May 2026 · Version 0.1

Published publicly because we measure ourselves against them. Targets below apply to clients on a signed MSA. Specific overrides (e.g. Premium-tier after-hours coverage) live in the signed agreement.

1. Severity definitions

We classify incoming tickets and incidents into four severity levels. The classification determines response and resolution targets.

2. Response targets

"Response" means the first substantive engagement with the issue — acknowledgement of receipt, initial diagnosis, and either resolution or a plan to resolve. It's not just a "we got it" auto-reply.

Severity Description Business hours response After-hours response
P1 — Critical Production outage affecting majority of users; data-loss in progress; active security incident 1 hour Premium tier: 4 hours best-effort; Standard and below: next business day
P2 — High Single-user outage; degraded performance affecting business operations; potential security issue 4 business hours Next business day
P3 — Standard Service request; non-urgent issue; question about a system we manage 1 business day Next business day
P4 — Low Cosmetic issue; nice-to-have request; planned-work scheduling 3 business days Next business day

3. Resolution targets

"Resolution" means the issue is fixed (or, where it can't be fixed by us, escalated to and being actively worked by the responsible vendor with us coordinating).

  • P1 — Critical — Restored within 4 business hours of acknowledgement (where the issue is within our control)
  • P2 — High — Resolved within 1 business day for issues within our control
  • P3 — Standard — Resolved within 3 business days
  • P4 — Low — Resolved within 10 business days or scheduled at a mutually agreed time

4. Business hours

Business hours: Monday-Friday, 8am-5pm AEST, excluding Queensland public holidays.

After-hours response (per tier):

  • Monitor / Solo Secure / Essentials / Standard: next business day for any non-critical issue raised after hours
  • Premium tier: after-hours best-effort response — typically within 4 hours during Saturday 9am-5pm and Sunday 1pm-5pm; outside those windows, triaged to next business day unless escalated as P1
  • 24×7 Critical Retainer ($500/month add-on for Premium clients): 30-minute response SLA for genuine P1 emergencies, 24/7

5. What's outside the SLA

  • Vendor-controlled outages — e.g. Microsoft 365 outage, Cloudflare outage, Pax8 platform outage — are outside our resolution targets. We coordinate the vendor escalation and provide updates.
  • Hardware lifecycle issues — a 4-year-old laptop needing replacement is a P3 (standard) not a P1, regardless of how inconvenient the timing.
  • Out-of-scope requests — requests for systems we don't manage, training, custom development, or work beyond the documented scope of your tier are handled as project-quote items, not service tickets.
  • Force majeure — natural disasters, internet backbone failures, denial-of-service against vendors, war, civil unrest. We respond as best able; we don't carry SLAs through these scenarios.

6. How we measure

Every ticket in NinjaOne records its received-time and first-response time. Resolution time is recorded at ticket closure. Both are reviewed:

  • Internally weekly for trend monitoring
  • With each client monthly at the Monthly Business Review (Standard+ tier) — actual response and resolution times for the previous 30 days vs target
  • Group-wide quarterly for fleet performance — published in our Decision Log when patterns require strategic response

7. SLA breaches

We don't pretend SLAs are never breached. They occasionally are — when complexity exceeds the diagnostic window, when a vendor outage runs longer than expected, when an emergency at one client cascades capacity to another.

When we breach an SLA, we notify the affected client in writing within one business day, explain the cause, and document any process change required to prevent recurrence. Where the breach is material and within our control, we credit the affected client's next monthly invoice — typically a percentage credit proportional to the severity (e.g. 5-10% for a clearly-our-fault P1 resolution that took 8 hours when 4 was the target).

Credits are a small dollar amount — they're a signal that we're taking the breach seriously, not a financial remedy.

8. Exclusions to the credit policy

Credits don't apply where the breach was caused by:

  • Client action or inaction (failure to provide access, refusal to apply requested patches, requested overrides)
  • Third-party vendor failure (Microsoft, Cloudflare, etc. outage)
  • Force majeure events
  • Out-of-scope work being requested as in-scope

9. Changes to SLA targets

We update SLA targets occasionally. Material changes are communicated to active clients in writing with at least 30 days notice. The current targets are always at outlawit.com.au/sla.

10. Contact

SLA questions or breach reports: info@outlawit.com.au.