Do you think protection-level agreements (PLAs) are more effective than service-level agreements (SLAs) when it comes to updating the board?

Security & GRCSecurity Strategy & Roadmap

Much more effective12%

Somewhat more effective49%

Neither21%

Somewhat less effective12%

Much less effective5%

Unsure for now1%

77 PARTICIPANTS
490 viewscircle icon2 Comments
Sort by:
CISO in Insurance (except health)a year ago

I plan to use PLA next year. I will share the results with my board and executive committee. 

Fractional CIO in Services (non-Government)a year ago

It depends on what you are updating the board on. It isn't necessarily a one size fits all solution, each quarter may have a different focus which will change how you present to the board.

I'd also question whether this is a level of detail the board needs to see. If the update is "here's all the PLAs we have in place, and here are the gaps" then that's risk based, but if it's "here's how we're performing to PLA" then it is starting to get more operational. Granted, I am looking at this from an NZ perspective, so other jurisidictions may be different, but the focus of a board should be on oversight and governance, not management. 

Content you might like

The use of Generative AI in the textile and industrial sectors — for instance in fashion companies or in the creation of marketing content — carries significant risks if not supported by adequate detection and risk management tools. Generative models may unintentionally incorporate elements protected by intellectual property rights, such as registered styles, patented designs, or content belonging to other fashion houses.

A notable example is the “Studio Ghibli” case, where AI-generated works reproduced distinctive, protected features.

In this context, how should Risk Managers equip themselves to prevent and mitigate such risks, ensuring innovation while avoiding legal violations and reputational damage?

When it comes to digital forensics and incident response, are you mostly relying on internal or external resources to conduct forensics?

External54%

Internal45%

Not sure

View Results

What were your org’s biggest motivations for implementing a cloud native application protection platform (CNAPP)? Pick the top 2.

Improve container security1%

Improve app security24%

Improve cloud security posture overall28%

Streamlining security operations15%

DevSecOps integration24%

Compliance needs6%

Reduce complexity1%

Something else

View Results

Can you share any tips for new security leaders to identify blind spots in their organization? How have you approached this when starting a new role in the past?

Read More Comments

We’re evaluating a new ERP. Our company, PROENERGY is a vertically integrated power partner (gas plant design/build, O&M, manufacturing including our PE6000 turbine, and 2.6 GW ERCOT operations).

Considering: SAP Public Cloud, Oracle Fusion Cloud, Microsoft Dynamics, IFS, and Infor Construction Cloud.

Key needs: manufacturing, complex structure with built-in consolidation/reporting, long-range planning, procurement/inventory, and core accounting.

We use Microsoft Dynamics today for CRM/Field Service. Biggest concerns: implementation partners and support resources.

Would love your thoughts.

Do you think protection-level agreements (PLAs) are more effective than service-level agreements (SLAs) when it comes to updating the board? | Gartner Peer Community