Skip to main content

TCM steering

Keep operated services running over time. — TCM, Trust Condition Maintenance of operated services over time

Observability, operational security, compliance held and continuous adaptation. New services stay operable, supervised and governed over time.

Talk to the workshop Discover our approach

Operations observation

Maintaining is no longer enough.

Silence is not a health indicator

A system with no apparent incident can hide unpatched CVEs, obsolete dependencies and invisible configuration debt.

The system holds, but you no longer really know why

Incidents are rare, yet debt, patches, changes and recovery points are no longer steered calmly.

Compliance moves faster than the reviews

AI Act, GDPR, NIS2 evolve continuously. Without active review or a designated owner, a compliance snapshot ages in a few months.

Your teams absorb shocks instead of moving forward

RUN eats build capacity, security topics stay queued, prioritisation happens under pressure.

Operations discipline

Availability

Continuous supervision, incident handling, documented escalation. SLAs defined and measured. Impact drives priority, not ticket number.

Security

Ongoing watch, CVE management, progressive hardening. Each fix documented, verified and capitalised.

Compliance

AI Act, GDPR, NIS2 continuously, not as an annual snapshot. Dedicated lead, traceability by default, audit-ready at any moment.

Evolvability

Backlog prioritised by real impact, regular reviews, evolutions integrated without loss of mastery. The system absorbs new capabilities instead of stagnating.

From suffered RUN to mastered MCC

Availability, security, compliance: piloted with explicit criteria and readable governance.

BEFORE Common situation
  • Reactive maintenance We fix when it breaks, with no visibility or anticipation.
  • Fuzzy SLAs No measured objective, nor shared with the client.
  • Untracked incidents No post-mortem, the same problems keep coming back.
  • Security as catchup CVEs patched weeks, sometimes months, after publication.
AFTER With REELIANT
  • 24/7 supervision Real-time alerts, shared dashboards, anticipated incidents.
  • Measured & shared SLAs Co-defined objectives, transparent monthly reporting.
  • Proactive detection Incidents identified and resolved before user impact.
  • CVEs patched within 72h Continuous monitoring, patches tested and deployed quickly.

What we deliver

The steering tools often missing from RUN.

01

Initial trust assessment

Snapshot of risks, technical surface, vulnerabilities and governance points to address first.

02

Shared indicators and governance

SLAs, security, compliance, backlog, incidents and arbitrations tracked at a clear cadence, readable by business and IT teams.

03

Prioritised remediation backlog

Fixes, hardening, technical debt and evolvability topics ordered by real impact, not by background noise.

04

Runbook and operating procedures

Escalation, recovery, updates, supervision and decisions traced. The system becomes more operable, not just more monitored.

Operations

The RUN of AI systems.

Performance degradations are detected before they impact users. This is the minimum operating condition for AI in production.

Drift monitoring

Monitoring of models over time. Quality indicators measured continuously, alerts before business impact.

Update management

Impact control during model evolutions. No silent regression after an update.

Guardrails in production

Behaviour filter and anomaly tracking. Guardrails stay effective over time.

Continuous compliance

AI Act, GDPR, NIS2 continuously, not as annual snapshot. Audit-ready at any moment.

Proof in production

Systems taken over and sustained over time.

The value of TCM is measured in continuity, readability and the ability to absorb change without crisis.

Higher Education & Research

Application Engineering and Maintenance - ENS Paris-Saclay

Multi-year framework contract won in 2025 for the IT department of ENS Paris-Saclay (Université Paris-Saclay). REELIANT runs Lot 1 (Application Engineering): MCO of the ERP and ENS-specific business applications, development of new services and APIs, DevOps toolchain, student enrolment management. Scope covered over time, without changing the team at every evolution.

  • framework contract won in 2025
  • ERP + business apps
  • DevOps and CI setup
See all referencesDiscuss your RUN

Frequently asked questions.

What is TCM (Trust Condition Maintenance)?

An operations contract structured around 4 axes : availability (measured SLAs), security (patches, CVE), compliance (GDPR, AI Act, NIS2 continuously) and evolvability. Unlike classic managed services, TCM includes ongoing compliance responsibility.

How do you monitor AI model drift in production?

Through an LLMOps framework that continuously measures response quality indicators, detects regressions after each model update and triggers alerts before drift impacts users.

How do you stay GDPR, NIS2 and AI Act compliant over time?

Compliance is not a state but a process : regular reviews, decision traceability, up-to-date processing register, scheduled internal audits. We designate a dedicated compliance lead, always ready for an audit.

Is a system with no apparent incidents necessarily healthy?

No. Unpatched CVEs, obsolete dependencies or invisible configuration debt can coexist with a complete absence of incidents — until they don't. TCM supervision detects these silent drifts.

What do you deliver when taking over an operations scope?

A TCM takeover must make the system readable. We deliver a risk inventory, governance indicators, a prioritised remediation backlog, operational procedures and a shared governance framework with your teams.

Browse the technical glossary →

Related articles

  1. LLMOps: operating an LLM in production, not just deploying it

Need to regain control over your RUN?.

A long-running operated system or AI modules in production: a first diagnostic can be set up quickly.

Assess my system's trust level