Skip to main content

Production Ownership Policy

Owner: Anchor MSP Operations Lead Last reviewed: 2026-04-04

Purpose

Define what Anchor owns, what development teams own, and where the boundary sits.

Scope

All systems accepted into Anchor managed production. All Anchor operators. All development teams (EGI, Mast) handing off systems.

Policy

  1. Anchor owns all production infrastructure from the moment of handoff acceptance.
  2. Anchor is the sole authority for production monitoring, logging, alerting, backups, secrets management, security operations, and incident response.
  3. Development teams (EGI, Mast) own application code, feature development, pre-production environments, and application-level testing.
  4. Application teams deploy their own code to production. Anchor owns the production environment those deploys target.
  5. Anchor can halt any deploy if production stability is at risk.
  6. Runtime truth lives in the operational stack (Grafana, Prometheus, Loki, Wazuh, Vault). CI/CD metadata and repo configs are not authoritative for production state.

Responsibility Matrix

DomainAnchorEGI / Mast
Production monitoringOwns
Alerting and escalationOwnsReceives alerts for app-level issues
Log aggregationOwns infrastructureProduces structured logs
Backups and restoreOwnsIdentifies backup-eligible data
Secrets managementOwns Vault, rotation, accessDeclares secrets during handoff
Security (host, network, edge)Owns
Incident responseOwns triage, resolutionProvides app-level expertise when escalated
DNS and CloudflareOwnsRequests changes via Anchor
Deploys to productionProvides the environmentExecutes deploys
Application codeOwns
Pre-production environmentsOwns
Application testingOwns

Exceptions

No exceptions to production ownership boundaries without written approval from Anchor Operations Lead. Temporary exceptions (e.g., granting a developer direct production access for debugging) must be time-boxed, logged, and revoked when complete.