Skip to main content
OpasSecure Ltd

We hold ourselves to the standard we sell

A live status page, a published disclosure policy, and an incident-response methodology built on recognised standards. This is what operational transparency looks like.

How we protect ourselves

Incident response, by the book

Our incident-response practice is built on internationally recognised standards — so the way we handle an incident is predictable, auditable, and consistent, whatever the scenario.

  • Information security incident management — the framework our detection, triage, and response workflow follows end to end.

  • Computer security incident handling guide — the lifecycle (preparation, detection, containment, eradication, recovery) our playbooks are built around.

How your data is handled

The controls below govern the personal and client data we hold. For the full detail, read the Privacy Policy.

  • Personal data is processed under the Kenya Data Protection Act, 2019, with OpasSecure registered as both controller and processor.

  • Data is encrypted in transit (TLS) and access is governed by identity-based controls with no standing privileged access.

  • We do not sell personal data and do not use third-party advertising trackers.

  • Subprocessors (e.g. cloud hosting, CRM, email delivery) are engaged only under data processing agreements and assessed through our vendor risk programme.

  • Data is not transferred outside Kenya except where adequate safeguards are in place.

Transparency, annually

Our annual report covers our own security posture, red-team findings, and progress against the standards we hold ourselves to — ISO/IEC 27035 and NIST SP 800-61r2. We publish it because we ask our clients to hold us to the same standard we hold them.