Service Level Agreements (SLA) are agreements that a provider is committed to deliver the service that they are contracted for within certain parameters.  It also often specifies the penalties for failing to meet this commitment. 

The parameters specified in an SLA usually include uptime specification in the form of total availability and hours of operation, allowing for maintenance. The penalties for failing to meet the SLA range from service credits to termination of the contract.

Customers require SLAs from providers to ensure that they get the service for which they contracted. Failure to deliver the prescribed service at the level specified can lead to loss of revenue by the customer, as this may interrupt normal business operations.

Copies of the standard SLA may be requested from the vendor to ensure that parameters of the service meet the expectations and that the penalties are sufficient to encourage the vendor to deliver at the committed level of service.

Internal vulnerability scanning is the use of a vulnerability scanner to scan the internal networks for vulnerabilities. The vulnerability scanner uses a set of rules to look for vulnerabilities caused by software weaknesses or misconfigured services.

The regular use of vulnerability scanners can help to detect vulnerabilities before they are  exploited by malicious users or external parties. Vulnerability scanning is part of a comprehensive security policy.

They expect regular, automated scans by an updated vulnerability scanner. This should be part of the security policies and procedures. The procedures should include updating the scanner and ruleset on a frequent basis to ensure that the latest vulnerabilities are detected.