regulator-portal-service — Migration Plan

Version: 1.0 Status: Draft Owner: Regulator-facing + Legal + SRE Last Updated: 2026-04-21 References: SERVICE_OVERVIEW.md, SERVICE_READINESS.md

Greenfield service. Migration is partner-engagement + phased enablement of capabilities.

1. What Is Migrating

Input	Source	Notes
ATRA user certificates	Regulator Liaison engagement	Per-user via national-PKI
Auditor certificates	External audit firms	Per-engagement, time-boxed
Evidence catalog	Compliance team	Control families (ISO 27001, SOC 2)
SIEM destinations	ATRA + internal security team	Endpoint + auth config
LI procedure documentation	Legal + ATRA	Stored in runbooks

No data migration — service is new.

2. Migration Phases

Phase 0 — Pre-migration engagement (3 months)

Step	Owner	Output
ATRA MoU for portal access	Regulator Liaison + Legal	Signed MoU
Per-regulator-user PKI issuance	Security + Regulator Liaison	Certs for initial 5-10 ATRA staff
SIEM destination configuration (Splunk / QRadar / Logstash per ATRA preference)	Security + ATRA	Endpoints + auth
HSM provisioning + signing key generation	Security + SRE	Keys in HSM
Evidence catalog populated for ISO 27001 (control families + auto-collection jobs)	Compliance	Catalog complete
Auditor procedure + onboarding template	Legal + Compliance	Procedure doc
Service deployed to staging	SRE	Green

Phase 1 — Read-Only Reports (30 days)

Step	Owner	Output
Regulator login live (ATRA staff onboarded)	Service	Login metrics
Daily CDR submission status report generated + delivered	Service	Daily artefact
Monthly compliance summary report generated	Service	Monthly artefact
SIEM forwarding live to internal security SIEM first	Service	Event flow
LI workflow disabled (`REG_LI_WORKFLOW_ENABLED=false`)	SRE	—

Exit criteria. 30 consecutive days of successful reports + ATRA acknowledgement; 0 SIEM lag incidents > 5 min.

Phase 2 — Complaint ingest + scheduled reports (30 days)

Step	Owner	Output
Complaint POST endpoint live	Service	Complaints flowing
Admin-dashboard triage workbench (EP-ADMDASH-10) live	Frontend	UI
Ad-hoc report endpoint live	Service	Self-service reports
Regulator-user count increased	Regulator Liaison	More ATRA staff

Exit criteria. 50+ complaints processed; < 10 escalations.

Phase 3 — LI Workflow (30 days)

Step	Owner	Output
`REG_LI_WORKFLOW_ENABLED=true`	SRE	—
First real LI request processed end-to-end	Legal + Regulator Liaison	Delivered + ATRA ACKed
SLA tracking active	SRE	Dashboard
Dual-control bridge tested	Security + Legal	Phone + Slack operational

Exit criteria. 5 real LI requests handled within SLA; no SLA breaches; Legal sign-off.

Phase 4 — SIEM + Attestation (30 days)

Step	Owner	Output
SIEM forwarding to ATRA SIEM endpoint	Service	Cross-boundary flow
Full attestation catalog populated	Compliance	Catalog
Auditor portal live (read-only; time-boxed)	Service	Live
ISO 27001 annual bundle generation tested	Compliance	Bundle signed

Exit criteria. First auditor engagement completes successfully; ATRA SIEM receives events within SLA.

Phase 5 — External Auditor (ongoing)

Step	Owner	Output
External audit firm onboarded for ISO 27001 / SOC 2	Compliance + Legal	Engagement
Audit-access granted with time-box	Security	Provisioned
Audit completed	Compliance + Auditor	Report

Rollback flags. REG_LI_WORKFLOW_ENABLED, REG_SIEM_FORWARDING_ENABLED, REG_AUDITOR_PORTAL_ENABLED.

3. Regulator + Auditor PKI Onboarding

3.1 ATRA user

Regulator Liaison identifies ATRA staff member.
Staff member generates CSR with their national-PKI device.
CSR sent to Ghasi Security via secure channel.
Security signs cert with Ghasi Government Trust Anchor (or routes to national PKI when available).
Cert + private-key guidance delivered to staff via in-person or MoU-approved channel.
regulator.users row created with cert subject.
Staff tests login.

3.2 External auditor

Audit firm contracted (Compliance + Legal).
Auditor certs issued by firm's own CA (or Ghasi auditor CA for small firms).
Time-boxed access granted via POST /v1/admin/regulator/auditor-access (default 30 d).
Auditor tests login + evidence download.
Access expires + auto-revokes.

4. SIEM Destination Bootstrap

4.1 Internal SIEM first (Phase 1)

Internal security team operates Splunk / ELK.
Ghasi forwarder starts with internal-only destination.
Validates event volume, schema, latency.

4.2 ATRA SIEM (Phase 4)

Regulator Liaison confirms ATRA SIEM endpoint details.
Credentials exchanged (mTLS client cert preferred).
Schema dry-run: 1 day of events forwarded to ATRA test endpoint.
ATRA feedback on schema → adjustment.
Production cutover.

4.3 Multi-destination fan-out

Destinations configured in regulator.siem_destinations with auth + format.
Each destination ACKs independently.
One-off or scheduled reconciliation: count per destination should match NATS event count (within tolerance).

5. Downstream Integration Migration

Integration	Phase	Notes
compliance-engine `compliance.audit.v1` consumer	Phase 1	Read-through for reports
consent-ledger `consent.*` consumer	Phase 1	Read-through
sender-id-registry `sender.id.*` consumer	Phase 2	Read-through
cdr-mediation CDR submission-status reader	Phase 1	Daily report
analytics-service ClickHouse cold-tier reader	Phase 2	Long-range queries
admin-dashboard complaint workbench	Phase 2	UI integration

6. Success Metrics

Metric	Target	Measurement
ATRA staff active on portal	≥ 5 by end Phase 1	Login metrics
Daily reports generated + delivered	100% by end Phase 1	Daily
LI SLA attainment	100% within 24 h (Phase 3 on)	Per request
Complaint SLA attainment	95% within 5 business days (Phase 2 on)	Monthly
SIEM event loss	0	Continuous
Auditor engagement completion	≥ 1 successful by end Phase 5	Per engagement
Evidence freshness	≥ 95% CURRENT (Phase 4 on)	Daily

7. Rollback Plan

Per-phase flags revert behaviour. Catastrophic path:

mTLS compromise: revoke all ATRA certs + re-issue.
HSM compromise: rotate signing key (key in HSM not usable directly; regenerate on recovery).
Data breach: Regulator Liaison + Legal + Security tri-party incident procedure.

8. Dependencies

National-PKI or interim Ghasi Government Trust Anchor.
HSM operational (per ADR-0004 §11).
All read-through upstream services operational (compliance-engine, consent-ledger, sender-id-registry, cdr-mediation, analytics-service).
Admin-dashboard EP-ADMDASH-10 (regulator workbench UI).
regulator-portal-service infra: Postgres, Redis, NATS, S3, HSM, disk-WAL PVC.

9. Post-Launch Refinement

Quarterly regulator-user survey (portal UX).
Monthly SLA review with ATRA.
Annual compliance-attestation cycle; refine evidence catalog based on audit findings.

1. What Is Migrating​

2. Migration Phases​

Phase 0 — Pre-migration engagement (3 months)​

Phase 1 — Read-Only Reports (30 days)​

Phase 2 — Complaint ingest + scheduled reports (30 days)​

Phase 3 — LI Workflow (30 days)​

Phase 4 — SIEM + Attestation (30 days)​

Phase 5 — External Auditor (ongoing)​

3. Regulator + Auditor PKI Onboarding​

3.1 ATRA user​

3.2 External auditor​

4. SIEM Destination Bootstrap​

4.1 Internal SIEM first (Phase 1)​

4.2 ATRA SIEM (Phase 4)​

4.3 Multi-destination fan-out​

5. Downstream Integration Migration​

6. Success Metrics​

7. Rollback Plan​

8. Dependencies​

9. Post-Launch Refinement​