As I begin to write this at 20:08 PT on February 14, 2019, Toodledo has been down for over four hours.

Although I have a Toodledo subscription ($19.99/yr), and theoretically that might suggest a certain level of service, in practice there is no way I can change or correct Toodledo's level of service. And in fact, even if I were a company paying a SaaS vendor a lot of money for a service, service contracts are often written to allow emergency maintenance, last minute maintenance, or no notice for maintenance, and they have many other loopholes such as not defining when a service is so slow as to be unusable.

I have a fair bit of background in service level management; I've been an IT service management practitioner and consultant for over ten years. And yet, the service level agreements I've seen in formal contracts as well as in less formal intra-organization memoranda of understanding have huge gaps in them. The longest service level agreemeents I've seen are between groups that have a rocky relationship. From this I've concluded that service level agreements can't cover up a lack of trust.

On one front, service level agreements could be better defined. Language could be made more precise; test cases could be included. Even so, service level reviews measure past performance. Would the IT business continuity promised in the SLA really be delivered in the event of a disaster? Would the service still be maintained after acquisition (as happened in the case of Toodledo in 2018)? It's very hard to know whether service level targets can be met short of very through audits, an actual disaster, or an initiative like Netflix's Chaos Monkey.

On another front, service levels should be aspirational. It's understandable to have a target of 100% uptime even if practically speaking you'll be nearer to 99.9%. No one has a goal of taking down production. If you don't set a high bar, people can think you're trying to pull one over on them or you're not going to try your hardest.

But no matter what you say in a service level agreement, if you can't consistently deliver evidence of quality service, your clients will lose trust in you. In higher education risk management planning, a significant risk is "loss of reputation." This is very similar to loss of trust: as the word gets out, you get a poor reputation, and the default mode for a new customer becomes "don't trust" rather than "trust."