SLA and Escalation

Overview

Service Level Agreements (SLAs) ensure that approval requests are handled within defined timeframes. When an approver fails to respond within the SLA window, the system automatically escalates the request to backup approvers, preventing bottlenecks and ensuring business continuity.

Escalation rules can be configured per workflow, with different timeouts for different risk levels.

Key Features

• Configurable Timeouts: Set SLA windows per workflow (1-24+ hours)
• Automatic Escalation: Route to backup approvers on timeout
• Multi-Level Escalation: Define escalation chains
• Stage-Specific SLAs: Different timeouts per approval stage
• Notification System: Alert approvers before and at SLA breach
• Reassignment: Automatic routing when approvers are unavailable
• Audit Trail: Complete history of escalation events

How It Works

SLA Monitoring Flow

Approval Request Created
         |
         v
+-------------------+
| SLA Timer Started |
| Deadline: T + N   |
+-------------------+
         |
    +----+----+
    |         |
Approved   Timer Running
    |         |
    v    +----+----+
Complete |         |
       Warning   Deadline
       (T-10min) Reached
         |         |
    Notify    Escalate to
    Approver  Backup Approver
                   |
              +----+----+
              |         |
          Approved   Timer Running
              |         |
              v    (Repeat escalation)
           Complete

Default SLA Configuration

Risk Level	Workflow	Total Timeout	Escalation Trigger
Critical (90-100)	risk_90_100	2 hours	30 minutes
High (70-89)	risk_70_89	4 hours	60 minutes
Medium (50-69)	risk_50_69	8 hours	120 minutes
Low (0-49)	risk_0_49	24 hours	480 minutes

Configuration

Set SLA Timeouts

curl -X POST "https://api.ascend.ai/api/authorization/workflow-config" \
  -H "Authorization: Bearer $TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "workflow_id": "risk_70_89",
    "updates": {
      "timeout_hours": 6,
      "escalation_minutes": 90
    }
  }'

Configure Escalation Chain

curl -X POST "https://api.ascend.ai/api/authorization/workflow-config" \
  -H "Authorization: Bearer $TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "workflow_id": "risk_90_100",
    "updates": {
      "approvers": [
        "security@company.com",
        "security-lead@company.com",
        "ciso@company.com"
      ],
      "escalation_chain": [
        {
          "level": 1,
          "approvers": ["security@company.com"],
          "escalation_minutes": 30
        },
        {
          "level": 2,
          "approvers": ["security-lead@company.com"],
          "escalation_minutes": 30
        },
        {
          "level": 3,
          "approvers": ["ciso@company.com"],
          "escalation_minutes": 30
        }
      ]
    }
  }'

Configure Notifications

curl -X POST "https://api.ascend.ai/api/authorization/workflow-config" \
  -H "Authorization: Bearer $TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "workflow_id": "risk_70_89",
    "updates": {
      "notifications": {
        "warning_before_sla_minutes": 15,
        "notify_on_escalation": true,
        "notify_original_approver": true,
        "channels": ["email", "slack"]
      }
    }
  }'

Usage Examples

Check SLA Status

curl -X GET "https://api.ascend.ai/api/actions/123/sla-status" \
  -H "Authorization: Bearer $TOKEN"

Response:

{
  "action_id": 123,
  "workflow_id": "risk_70_89",
  "current_approver": "security@company.com",
  "sla_status": "warning",
  "created_at": "2026-01-20T14:00:00Z",
  "sla_deadline": "2026-01-20T18:00:00Z",
  "time_remaining_minutes": 12,
  "escalation_countdown_minutes": 12,
  "next_escalation_to": "security-lead@company.com",
  "escalation_history": []
}

View Escalation History

curl -X GET "https://api.ascend.ai/api/actions/123/escalations" \
  -H "Authorization: Bearer $TOKEN"

Response:

{
  "action_id": 123,
  "escalations": [
    {
      "escalation_number": 1,
      "from_approver": "security@company.com",
      "to_approver": "security-lead@company.com",
      "reason": "SLA timeout (60 minutes)",
      "escalated_at": "2026-01-20T15:00:00Z",
      "original_deadline": "2026-01-20T15:00:00Z"
    }
  ],
  "current_approver": "security-lead@company.com",
  "current_sla_deadline": "2026-01-20T16:00:00Z"
}

Manual Reassignment

If an approver is unavailable, admins can manually reassign:

curl -X POST "https://api.ascend.ai/api/actions/123/reassign" \
  -H "Authorization: Bearer $TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "new_approver": "backup-security@company.com",
    "reason": "Original approver on PTO"
  }'

Timeout Handling

What Happens on Timeout

1. First Escalation: Route to next approver in chain
2. Second Escalation: Route to emergency approvers
3. Final Timeout: Auto-deny with timeout reason (configurable)

Configure Final Timeout Behavior

curl -X POST "https://api.ascend.ai/api/authorization/workflow-config" \
  -H "Authorization: Bearer $TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "workflow_id": "risk_50_69",
    "updates": {
      "timeout_behavior": {
        "action": "auto_deny",
        "reason": "Approval request timed out after exhausting escalation chain",
        "notify_requester": true,
        "allow_resubmission": true
      }
    }
  }'

Alternative Timeout Actions

Action	Description	Use Case
auto_deny	Automatically deny the request	Default for most workflows
auto_approve	Automatically approve (use with caution)	Low-risk operations only
hold	Keep pending indefinitely	Requires manual intervention
escalate_manager	Escalate to requester's manager	Business-critical actions

Escalation Rules

Approver Unavailability

The system handles unavailable approvers:

# Unavailability triggers escalation
def reassign_on_unavailable(action_id, unavailable_email):
    """
    Reassign to backup approver if primary is unavailable
    """
    # Get action details
    action = get_action(action_id)

    # Get new approvers, excluding unavailable one
    approvers = select_approvers(
        risk_score=action.risk_score,
        approval_level=action.required_level
    )

    # Filter out unavailable approver
    available = [a for a in approvers if a.email != unavailable_email]

    # Assign to next available
    new_approver = available[0]
    assign_to_action(action_id, new_approver)

    return new_approver

Workload-Based Routing

When escalating, the system considers approver workload:

• Pending Count: Number of items awaiting approval
• Average Response Time: Historical performance
• Availability Status: Online/offline/vacation

Monitoring and Alerts

SLA Dashboard Metrics

Track SLA performance across your organization:

• SLA Compliance Rate: % of approvals within SLA
• Average Response Time: Mean time to approval
• Escalation Rate: % of requests that required escalation
• Timeout Rate: % of requests that timed out
• By Approver: Individual approver performance

Configure SLA Alerts

curl -X POST "https://api.ascend.ai/api/alerts/create" \
  -H "Authorization: Bearer $TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "SLA Breach Alert",
    "type": "sla_breach",
    "conditions": {
      "sla_compliance_rate_below": 90,
      "timeframe_hours": 24
    },
    "notification_channels": ["slack", "email"],
    "recipients": ["security-ops@company.com"]
  }'

Best Practices

1. Match SLAs to Risk: Critical actions need shorter SLAs
2. Plan for Time Zones: Consider global team availability
3. Monitor Compliance: Track SLA metrics weekly
4. Adjust Based on Data: Tune timeouts based on actual performance
5. Communicate Changes: Notify approvers when SLAs change
6. Test Escalation Paths: Verify backup approvers can act

Related

• Approval Workflows Overview - Understanding workflows
• Workflow Configuration - Setting up workflows
• Multi-Stage Approvals - Multi-level approval chains
• Emergency Override - Bypassing SLA constraints