A method for facilitating construction of an agreement between a client and a service provider. An example method includes determining a business process to be performed by a service provider of a client-service provider relationship on behalf of a client; employing a description of the business process to reference to a library of risks and controls to ascertain one or more risks associated with performance of the business process and one or more predetermined controls for mitigating the one or more risks; providing a first user option to select from a set of one or more controls; and incorporating a description of the one or more selected controls in a proposed agreement to characterize the client-service provider relationship. In an illustrative embodiment, the proposed agreement includes a Service Level Agreement (SLA). The illustrative method further includes providing a second user option to view an SAS-70 certificate associated with the service provider. The SAS-70 certificate certifies that the service provider has one or more controls in place to mitigate the one or more risks associated with the performance of the business process.
展开▼