Responsabilite operationnelle
Document de preuve - INV-IAM-10
1. Organisation
1.1 Entite responsable
| Attribut | Valeur |
| Organisation | ProbatioVault SAS |
| Departement | Infrastructure & Operations |
| Localisation | France |
1.2 Perimetre de responsabilite
ProbatioVault est pleinement responsable de :
- L'hebergement et la maintenance des serveurs
- L'installation et la configuration de Keycloak
- La securite de l'infrastructure IdP
- La disponibilite du service d'authentification
- La conformite aux exigences de securite
2. Matrice de responsabilite (RACI)
| Activite | Infrastructure | Security | Dev | Direction |
| Provisionnement serveurs | R/A | C | I | I |
| Configuration Keycloak | R/A | C | C | I |
| Gestion des secrets | R | A | C | I |
| Monitoring | R/A | C | I | I |
| Reponse incidents | R | A | C | I |
| Audit securite | C | R/A | C | I |
| Backup/Restore | R/A | C | I | I |
Legende: R=Responsable, A=Approbateur, C=Consulte, I=Informe
3.1 Equipe Infrastructure
| Role | Contact | Disponibilite |
| Lead Infra | infra@probatiovault.fr | Heures ouvrables |
| Astreinte | astreinte@probatiovault.fr | 24/7 (incidents critiques) |
3.2 Escalade
| Niveau | Delai | Contact |
| L1 - Support | < 1h | support@probatiovault.fr |
| L2 - Infrastructure | < 4h | infra@probatiovault.fr |
| L3 - Management | < 24h | direction@probatiovault.fr |
4. Engagements de service
4.1 Disponibilite cible
| Environnement | SLA | Maintenance planifiee |
| PROD | 99.9% | Dimanche 02:00-06:00 |
| STAGING | 99.0% | Flexible |
| DEV | Best effort | Flexible |
4.2 Temps de reponse incidents
| Severite | Description | Temps reponse | Temps resolution |
| P1 - Critique | Service indisponible | 15 min | 4h |
| P2 - Majeur | Degradation importante | 1h | 8h |
| P3 - Mineur | Impact limite | 4h | 24h |
| P4 - Faible | Amelioration | 24h | Best effort |
5. Gestion des incidents
5.1 Classification
| Categorie | Exemples |
| Disponibilite | Keycloak down, erreurs 5xx |
| Securite | Tentatives intrusion, fuite credentials |
| Performance | Latence elevee, timeouts |
| Configuration | Erreurs realm, clients invalides |
5.2 Procedure de gestion
- Detection : Monitoring, alertes, signalement utilisateur
- Qualification : Severite, impact, perimetre
- Communication : Notification parties prenantes
- Resolution : Action corrective
- Post-mortem : Analyse cause racine, actions preventives
6. Maintenance
6.1 Maintenance preventive
| Activite | Frequence | Responsable |
| Mises a jour securite | Hebdomadaire | Infra |
| Rotation secrets | Trimestrielle | Security |
| Revue configurations | Mensuelle | Infra |
| Tests backup/restore | Trimestrielle | Infra |
6.2 Maintenance corrective
- Correctifs critiques : deploiement immediat
- Correctifs majeurs : < 48h
- Correctifs mineurs : prochaine maintenance planifiee
7.1 Audits internes
| Type | Frequence | Responsable |
| Revue acces | Trimestrielle | Security |
| Revue logs | Mensuelle | Security |
| Test intrusion | Annuelle | Security (externe) |
7.2 Documentation
Tous les documents operationnels sont maintenus dans : - Repository Git : probatiovault-infra - Documentation : docs/artifacts/, docs/runbooks/
8. Historique des modifications
| Date | Auteur | Modification |
| 2025-01 | Equipe Infra | Creation initiale |