Skip to main content
OpasSecure Ltd
Skip to emergency number
24/7 EMERGENCY INCIDENT RESPONSE · 24/7

Breached? Call us. We answer.

+254 (0)70 163 2821

A human incident manager answers around the clock — no phone tree, no hold music. Call the moment you suspect an active compromise, even if you are not yet a client.

≤15 minutes

Retainer acknowledgement

≤60 minutes

Everyone else, acknowledged

≤4 hours

Containment target

Call now — or use another channel

If any of the signs on the left are happening, do not email. Pick up the phone.

CALL THE LINE NOW IF…
  • An attacker is active inside your network or on your endpoints
  • Ransomware is encrypting, or has encrypted, systems or data
  • Data exfiltration is suspected or confirmed
  • A denial-of-service attack is disrupting operations
  • A device holding sensitive data has been lost or stolen
  • Business email compromise with financial impact
  • A regulatory reporting deadline you cannot meet alone

The first 60 minutes

No hold, no hand-off. From the moment you dial, a qualified responder takes command with you.

  1. MINUTE 0–15

    Triage call

    You reach a qualified incident responder directly. We establish scope, confirm indicators of compromise, and assess whether the attacker is still active. We do not put you on hold.

  2. MINUTE 15–30

    Initial containment

    We walk you through immediate steps you can execute now — network isolation, credential revocation, stopping active replication — working with whatever you have on hand.

  3. MINUTE 30–60

    Deployment decision

    We confirm whether we respond remotely, on-site, or both. Retainer clients are formally engaged in this window; new clients get a clear proposal before sustained work begins.

  4. AFTER CONTAINMENT

    Forensics & report

    Full digital forensics with documented chain of custody, regulatory reporting support, and a written post-incident report suitable for the board and the regulator.

Retainer or not, we take the call

Triage always comes first. We do not negotiate commercial terms while you are dealing with a live incident.

≤15 minutes

Guaranteed acknowledgement, around the clock

Your retainer covers the triage call, initial containment, forensic investigation, and the written post-incident report. You hold reserved capacity — when you call, you are not competing for available engineers, and there are no surprise invoices for the core response.

  • Reserved response capacity — no queueing for engineers
  • Triage, containment, forensics, and the written report covered
  • Named emergency contacts and a pre-agreed engagement runbook
NON-RETAINER CLIENTS

≤60 minutes

Acknowledgement for a new-client emergency

We take the call. After the initial triage we provide a clear commercial proposal before proceeding to sustained engagement. The immediate situation is stabilised first; the paperwork follows as soon as it is safe to do it.

  • We take the call and triage immediately
  • A clear proposal before any sustained, chargeable work
  • The same forensic-grade method as retained clients

Containment target across engagements: ≤4 hours. A structured IR retainer guarantees the fastest acknowledgement and reserved capacity.

Method, not improvisation

Our incident response follows recognized international frameworks — so evidence is defensible, the case is auditable, and the report stands up to a regulator or a court.

ISO/IEC 27035

Applied across the incident lifecycle — from detection through containment and eradication to a written post-incident report.

NIST SP 800-61r2

Applied across the incident lifecycle — from detection through containment and eradication to a written post-incident report.

In practice that means documented chain of custody for digital evidence, formal case management, and reports suitable for regulatory submission and legal proceedings. Where an incident carries a compliance dimension, we handle regulator communication alongside the technical response.

Reporting a security issue

If you are a researcher who has found a vulnerability in an OpasSecure system or product — not a live breach — use our responsible disclosure channel instead of the hotline.

Before you call

Still have questions? Talk to our team

BE READY BEFORE THE NEXT ONE

Put a response plan in place

The best time to establish an incident-response retainer is before you need it. Talk to us about reserved capacity and the fastest SLA on the line.