Technology Services Glossary: Key Terms and Definitions

The technology services sector operates across a dense landscape of technical, contractual, and regulatory terminology that carries precise meaning in professional and legal contexts. Misapplication of core terms — such as confusing a managed service with a professional service, or conflating uptime guarantees with availability SLAs — generates procurement errors, contract disputes, and compliance gaps. This page defines the foundational terms used across the Technology Services Glossary reference set, organized by functional domain and bounded by classification rules that reflect industry-standard usage from named standards bodies.

Definition and scope

Technology services terminology draws from at least four overlapping standards frameworks: the IT Infrastructure Library (ITIL), maintained by Axelos; ISO/IEC 20000, the international service management standard; NIST Special Publication 800-145, which formally defines cloud computing models; and the Federal Acquisition Regulation (FAR), which governs how technology services are defined in US government procurement contexts.

Service — In the ITIL 4 framework, a service is defined as a means of enabling value co-creation by facilitating outcomes that customers want to achieve without the customer having to manage specific costs and risks. This distinguishes services from products: services are inherently relational and outcome-oriented, not asset-ownership transfers.

Technology Service — A technology service is any service in which the primary delivery mechanism involves information technology infrastructure, software, networks, data systems, or technical expertise. The scope spans IT infrastructure services, cloud technology services, managed technology services, software-as-a-service, cybersecurity as a technology service, and helpdesk and technical support services.

Managed Service — A managed service transfers operational responsibility for a defined set of IT functions from the client to a third-party provider (MSP) under a recurring contract. This differs from project-based professional services, which are time-bounded and deliverable-specific, not operationally continuous.

Professional Service — Project-scoped engagements that deliver defined technical outputs: system implementation, migration, security audit, or architecture design. Professional services are governed by statements of work (SOWs) rather than ongoing SLAs.

SLA (Service Level Agreement) — A formal contract component defining measurable performance commitments. SLAs typically specify availability targets (expressed as a percentage, e.g., 99.9%), response time windows, resolution time obligations, and penalty or credit structures for non-compliance. The structure of SLAs in government contracts is further shaped by FAR Part 37 (48 CFR Part 37), which governs service contracting standards for federal acquisitions.

How it works

Glossary terms in the technology services sector are operationalized through three mechanisms: contractual definition, standards body publication, and regulatory codification.

  1. Contractual definition — Terms such as "downtime," "incident," "change request," and "service window" receive their binding meaning within individual service contracts. ITIL 4 provides a reference vocabulary, but the contract controls in disputes.
  2. Standards body publication — NIST SP 800-145 formally defines the 5 essential characteristics of cloud computing (on-demand self-service, broad network access, resource pooling, rapid elasticity, measured service), 3 service models (SaaS, PaaS, IaaS), and 4 deployment models (public, private, community, hybrid). These definitions govern how agencies classify cloud procurements under federal frameworks including FedRAMP (fedramp.gov).
  3. Regulatory codification — Sector-specific regulators impose their own definitional frameworks. The Health Insurance Portability and Accountability Act (HIPAA), administered by HHS, defines "business associate" in a way that encompasses technology service providers handling protected health information. The Payment Card Industry Data Security Standard (PCI DSS), maintained by the PCI Security Standards Council, defines scope boundaries for technology services that process cardholder data.

Common scenarios

Technology services terminology creates practical friction in 4 recurring professional scenarios:

SaaS vs. PaaS misclassification — Organizations procuring cloud-based platforms often misclassify a Platform-as-a-Service (PaaS) offering as SaaS. Under NIST SP 800-145, SaaS delivers a complete application to the end user; PaaS delivers a development and deployment environment. The distinction determines which party holds security configuration responsibility under shared-responsibility models — a materially different compliance posture under technology services compliance and regulations.

Managed service vs. staff augmentation — Managed services transfer accountability for outcomes; staff augmentation places workers under client direction without transferring responsibility. Misclassifying an augmented staff arrangement as managed services can affect co-employment liability under IRS rules distinguishing employees from independent contractors.

Uptime vs. availability — Uptime measures whether a system is running; availability measures whether it is usable for its intended purpose. A system may register 100% uptime while delivering degraded performance that violates availability SLAs. Contracts should specify measurement methodology, as this distinction is commonly addressed in technology services benchmarks and metrics.

Outsourcing vs. managed servicesOutsourcing technology services typically refers to transferring entire internal IT functions — including personnel and assets — to an external provider. Managed services are a structured subset of outsourcing focused on recurring operational delivery without asset or personnel transfer.

Decision boundaries

Applying technology services terminology correctly requires resolving classification boundaries across 3 axes:

Delivery model boundary — Whether a service is cloud-delivered, on-premises, or hybrid determines which regulatory frameworks apply and which security controls are mandatory. FedRAMP applies to cloud services used by US federal agencies; it does not govern on-premises deployments. The boundary between cloud and on-premises is formally defined at the infrastructure layer by NIST SP 800-145.

Scope boundary — The boundary between in-scope and out-of-scope components under standards like PCI DSS is determined by data flow, not by system function. A technology service that never touches cardholder data may still fall in scope if it is connected to systems that do, under PCI DSS network segmentation rules.

Contractual vs. standards-body authority — Where a contract definition contradicts an ITIL or ISO 20000 definition, the contract governs in disputes. Standards-body definitions serve as interpretive defaults and negotiation baselines, not as overriding legal authorities. This is the central reason technology services contracts and SLAs require explicit term definitions rather than reference to external frameworks by name alone.

For professionals navigating technology services procurement or vendor qualification, the Knowledge Graph Authority index provides cross-referenced entry points to related reference domains. Additional context on how service categories are structured appears in types of technology services and key dimensions and scopes of technology services.

References

📜 1 regulatory citation referenced  ·  🔍 Monitored by ANA Regulatory Watch  ·  View update log

Explore This Site

Services & Options Key Dimensions and Scopes of Technology Services Tools & Calculators Website Performance Impact Calculator FAQ Technology Services: Frequently Asked Questions Overview Technology Services: What It Is and Why It Matters