Do you think protection-level agreements (PLAs) are more effective than service-level agreements (SLAs) when it comes to updating the board?

Much more effective12%

Somewhat more effective49%

Neither21%

Somewhat less effective12%

Much less effective5%

Unsure for now1%

76 PARTICIPANTS
488 viewscircle icon2 Comments
Sort by:
CISO in Insurance (except health)a year ago

I plan to use PLA next year. I will share the results with my board and executive committee. 

Fractional CIO in Services (non-Government)a year ago

It depends on what you are updating the board on. It isn't necessarily a one size fits all solution, each quarter may have a different focus which will change how you present to the board.

I'd also question whether this is a level of detail the board needs to see. If the update is "here's all the PLAs we have in place, and here are the gaps" then that's risk based, but if it's "here's how we're performing to PLA" then it is starting to get more operational. Granted, I am looking at this from an NZ perspective, so other jurisidictions may be different, but the focus of a board should be on oversight and governance, not management. 

Content you might like

Not making improvements currently3%

DevOps41%

Infrastructure-as-code39%

Automation55%

Asset inventory improvements28%

Coordinated test procedures27%

Test lab environment6%

Scanning improvements23%

New tools7%

Something else (I’ll explain in the comments)1%

View Results

Genuine strategy in cybersecurity.59%

Purely a marketing gimmick.33%

Unsure.7%

View Results