Breached? Call us. We answer.
+254 (0)70 163 2821A human incident manager answers around the clock — no phone tree, no hold music. Call the moment you suspect an active compromise, even if you are not yet a client.
≤15 minutes
Retainer acknowledgement
≤60 minutes
Everyone else, acknowledged
≤4 hours
Containment target
IS THIS AN INCIDENT?
Call now — or use another channel
If any of the signs on the left are happening, do not email. Pick up the phone.
- An attacker is active inside your network or on your endpoints
- Ransomware is encrypting, or has encrypted, systems or data
- Data exfiltration is suspected or confirmed
- A denial-of-service attack is disrupting operations
- A device holding sensitive data has been lost or stolen
- Business email compromise with financial impact
- A regulatory reporting deadline you cannot meet alone
WHAT HAPPENS WHEN YOU CALL
The first 60 minutes
No hold, no hand-off. From the moment you dial, a qualified responder takes command with you.
MINUTE 0–15
Triage call
You reach a qualified incident responder directly. We establish scope, confirm indicators of compromise, and assess whether the attacker is still active. We do not put you on hold.
MINUTE 15–30
Initial containment
We walk you through immediate steps you can execute now — network isolation, credential revocation, stopping active replication — working with whatever you have on hand.
MINUTE 30–60
Deployment decision
We confirm whether we respond remotely, on-site, or both. Retainer clients are formally engaged in this window; new clients get a clear proposal before sustained work begins.
AFTER CONTAINMENT
Forensics & report
Full digital forensics with documented chain of custody, regulatory reporting support, and a written post-incident report suitable for the board and the regulator.
HOW THE ENGAGEMENT WORKS
Retainer or not, we take the call
Triage always comes first. We do not negotiate commercial terms while you are dealing with a live incident.
≤15 minutes
Guaranteed acknowledgement, around the clock
Your retainer covers the triage call, initial containment, forensic investigation, and the written post-incident report. You hold reserved capacity — when you call, you are not competing for available engineers, and there are no surprise invoices for the core response.
- Reserved response capacity — no queueing for engineers
- Triage, containment, forensics, and the written report covered
- Named emergency contacts and a pre-agreed engagement runbook
≤60 minutes
Acknowledgement for a new-client emergency
We take the call. After the initial triage we provide a clear commercial proposal before proceeding to sustained engagement. The immediate situation is stabilised first; the paperwork follows as soon as it is safe to do it.
- We take the call and triage immediately
- A clear proposal before any sustained, chargeable work
- The same forensic-grade method as retained clients
Containment target across engagements: ≤4 hours. A structured IR retainer guarantees the fastest acknowledgement and reserved capacity.
HOW WE WORK
Method, not improvisation
Our incident response follows recognized international frameworks — so evidence is defensible, the case is auditable, and the report stands up to a regulator or a court.
ISO/IEC 27035
Applied across the incident lifecycle — from detection through containment and eradication to a written post-incident report.
NIST SP 800-61r2
Applied across the incident lifecycle — from detection through containment and eradication to a written post-incident report.
In practice that means documented chain of custody for digital evidence, formal case management, and reports suitable for regulatory submission and legal proceedings. Where an incident carries a compliance dimension, we handle regulator communication alongside the technical response.
FOUND A VULNERABILITY?
Reporting a security issue
If you are a researcher who has found a vulnerability in an OpasSecure system or product — not a live breach — use our responsible disclosure channel instead of the hotline.
BE READY BEFORE THE NEXT ONE
Put a response plan in place
The best time to establish an incident-response retainer is before you need it. Talk to us about reserved capacity and the fastest SLA on the line.