Anchor MSP — Standard Operating Procedures
This is the internal field manual for Anchor MSP operations. It covers every system and process Anchor owns once a system enters managed production.
What Anchor Owns
Anchor's responsibility begins at handoff acceptance. When a development team (EGI or Mast) declares a system ready for production, Anchor takes ownership of:
- Monitoring and alerting — Uptime Kuma, Prometheus, Alertmanager, Grafana
- Logging — Loki, structured log aggregation
- Backups — Restic orchestration, restore testing
- Secrets — Vault, rotation, access control
- Security — Wazuh, CrowdSec, Cloudflare administration
- Incident response — detection, triage, resolution, post-incident review
- Change management — production change approval and logging
What Anchor Does Not Own
- Application code and feature development (EGI, Mast)
- Pre-production environments (EGI, Mast)
- Application-level testing (EGI, Mast)
Development teams deploy their own code. Anchor owns the production environment those deploys target. Anchor can halt deploys if production stability is at risk.
Operational Stack
| Tool | Role |
|---|---|
| Grafana | Dashboards and visualization |
| Prometheus | Metrics collection |
| Loki | Log aggregation |
| Alertmanager | Alert routing |
| Uptime Kuma | Uptime monitoring |
| Wazuh | Host intrusion detection, file integrity |
| CrowdSec | Threat intelligence, automated blocking |
| PostHog | Product analytics |
| Restic | Backup orchestration |
| Vault | Secrets management |
| Slack | Alert channels, team communication |
| Twilio | SMS escalation |
Principle
Runtime truth lives in the operational stack — Grafana dashboards, Prometheus metrics, Wazuh alerts, Vault audit logs. Not in CI/CD metadata. Not in repo configs. If the stack says it's down, it's down.