IT Compliance teams have to put controls in place and provide compliance reports for controls and SLAs.
this can be fairly easily supported by combining
1) Control Self-Assessments or Tests with
2) SLA Metrics
What is missing is the appropriate reporting that combines both elements. Specifically, we need a report that lists on a monthly basis the status of each control (with evidence) and the SLA Metrics
For example,
a) Control: if a contract prescribes that all personnel on a customer project have to have a given level of background checks the corresponding control would list any new staff and attach the appropriate background check documentation as evidence
b) SLA Metric: if the contract prescribes ticket resolution times of 24h, the metric would list the threshold and actual performance (based on manual input or integration with a ticketing system)