Security erodes
A vulnerability discovered yesterday in a component you use becomes an entry point tomorrow. Without regular patches, the site that was secure on delivery day gradually becomes vulnerable.
Development, cloudA delivered site
Maintenance, managed services, TMA
A delivered site
is not a finished site.
CONCILIUM maintains, monitors and evolves your sites and applications over time. Security updates, ransomware-proof backups, 24/7 monitoring and contractual service commitments. Sovereign hosting and code you own.
Why maintain
A site lives, so it needs upkeep.
On launch day, your site or application is at its best. From then on, without upkeep, everything degrades slowly: security, stability, performance.
Maintenance is not an optional cost. It is what protects the investment already made and keeps your tool available, secure and useful, year after year.
Outages happen
A traffic spike, an expired certificate, a failing dependency, a full disk: an incident always ends up occurring. Without monitoring, you learn about it from your users, at the worst moment.
Obsolescence looms
Languages, frameworks and libraries evolve and stop being maintained. A frozen tool becomes costly to evolve, then impossible to fix in an emergency.
Needs evolve
Your volumes grow, your usage changes, new expectations appear. A delivered site is not a finish line: it is a living asset that must grow with your activity.
What we offer
Three levels, matched to your stakes
Not all sites require the same level of service. We offer clear plans, from the essential security baseline to full third-party application maintenance. You move up a level when your activity demands it, without starting over.
Essential
Maintenance and security
The indispensable baseline to keep a site healthy: updated, backed up, monitored.
- Security updates and patches
- Regular, tested backups
- Availability monitoring
- Support during business hours
Managed services
Full operations
Infrastructure managed end to end, with measured service commitments.
- Real-time monitoring 24/7
- Contractual availability SLAs
- 3-2-1-1-0 ransomware-proof backups
- First and second level support
Evolving TMA
Growing the application
Everything in Managed services, plus continuous evolution capacity built into the plan.
- Monthly evolution allowance
- Progressive modernization of the foundation
- Performance optimization
- Regular steering meetings
We also take over the maintenance of a site we did not build. Audit of the existing system, updated documentation, fixing of critical issues, then handover to us. The architecture remains reversible and maintainable by others than us.
Day to day
Monitor, fix, back up
Maintenance is first and foremost invisible, regular work. Here is concretely what we monitor and what we fix so your service stays available, secure and fast, without you having to think about it.
Real-time monitoring
Availability, response times, certificates, disk space, application errors: your services are monitored continuously. The alert fires before the visible incident, not after.
Security updates
Patches for the system, the application foundation and dependencies, applied according to criticality. Critical vulnerabilities are handled without delay, on a test environment first, then in production.
3-2-1-1-0 backups
Three copies, two media, one off-site, one immutable and offline copy, zero restoration errors thanks to real monthly tests. A backup that has never been restored is only a hypothesis.
Fixes and recovery
Issues fixed according to severity, traced from report to resolution. In case of an outage, a documented recovery plan and tested restoration to get back to normal quickly.
Commitments
Promises written down and measured
A service commitment only has value if it is quantified, contractual and verified. Here are our availability levels and fix times, presented every month in a transparent report.
CriterionStandardPremium
Guaranteed availability99.9%99.99%
Annual downtime≈ 8 hours≈ 52 minutes
Time to recovery4 hours1 hour (critical)
Maximum data loss1 hour5 minutes (critical)
Fix times
- Blocking outage (service down)Emergency handling
- Major malfunctionWithin 24 hours
- Minor issueWithin 72 hours
Support that knows your file
French-speaking assistance, first and second level support, from technicians who know your architecture. No anonymous tickets: one contact, one history, one follow-up.
In figures
What maintenance really changes
99.99%
premium availability
That is about 52 minutes of downtime per year, contractual and measured every month.
3-2-1-1-0
backup rule
One immutable, offline copy, out of ransomware’s reach, tested every month.
24/7
continuous monitoring
Real-time monitoring of your services, by your team or by a center we operate.
18 to 35%
lower costs
Average saving observed on hosting and operations budgets, audit and optimization included.
Frequently asked questions
Getting it exactly right
What is TMA (third-party application maintenance)?+
TMA means entrusting the maintenance of your site or application to an external provider, over time. It covers corrective maintenance (fixing what breaks), preventive maintenance (updates, monitoring, backups) and evolutionary maintenance (growing the tool as your needs evolve). At CONCILIUM, it comes with measured service commitments and a contact who knows your file.
What is the difference between maintenance, managed services and operational readiness?+
Maintenance refers to fixes and evolutions of the application itself. Managed services cover the broader operation of the infrastructure: hosting, monitoring, backups, security, support. Operational readiness (MCO) and security readiness (MCS) are the goal of the whole: keeping your service available, performant and protected over time. We cover these three dimensions in a coordinated way.
Do you take over the maintenance of a site you did not build?+
Yes, that is actually the majority of our engagements. We start with an audit of the existing system: code, dependencies, security, backups, hosting. We document what needs documenting, fix the critical issues, then take over. The architecture remains reversible and maintainable by others than us, with no artificial dependency.
What service level agreements (SLAs) do you offer?+
99.9% availability as standard (about 8 hours of downtime per year), 99.99% on premium (about 52 minutes). In case of a major incident, recovery is guaranteed within 4 hours on standard and 1 hour for critical services, with data loss limited to 1 hour on standard and 5 minutes on critical. Everything is contractual, measured and presented in a monthly report.
How quickly do you fix an issue?+
Fixes are prioritized by severity. A blocking outage is handled as an emergency by our support team, a major malfunction within 24 hours, a minor issue within 72 hours. Critical security patches are applied without waiting for the next maintenance window. Every request is traced, from report to resolution.
How do you protect our backups against ransomware?+
We apply the 3-2-1-1-0 rule: 3 copies of the data, on 2 different media, including 1 off-site and 1 immutable copy, fully isolated and offline, with 0 restoration errors thanks to real monthly tests. Ransomware that locks your production data cannot reach that immutable copy, which lets you recover with confidence.
What happens in case of a security incident?+
Our support team follows a proven protocol: alert, isolation of what is affected, investigation, remediation, communication. For incidents that go beyond the technical perimeter, we bring in our legal partners for notifications to the CNIL and crisis communication. The reporting obligations under NIS2 are met if you are a covered entity.
Does maintenance create a dependence on CONCILIUM?+
No, that is a founding principle. The code belongs to you, your data is fully exportable at any time, and documentation is kept up to date. We build and maintain reversible architectures, designed to be taken over by another team. The relationship lasts because it has value, never because you are locked in.
Free audit of your site and its maintenance level
Your site deserves proper upkeep.
Entrust us with your site or application, even if built by a third party. We audit the existing system, secure the essentials and take over, with clear commitments and a dedicated contact.