Call us. We answer.
Retainer clients acknowledged in 15 minutes. All others within 60 minutes.
Is this an incident?
Call us now if...
- Active intrusion — attacker is inside your network or endpoints
- Ransomware is encrypting or has encrypted systems or data
- Data exfiltration is suspected or confirmed
- DDoS is disrupting operations
- Device with sensitive data is lost or stolen
- Business email compromise with financial impact
- Regulatory deadline you cannot meet alone — CBK, ODPC, IRA, SASRA
What happens when you call
Minute 0–15
Triage call
You reach a qualified incident responder directly. We establish scope, confirm indicators of compromise, and assess whether the attacker is still active. We do not put you on hold.
Minute 15–30
Initial containment
We walk you through immediate containment steps you can execute now: network isolation, credential revocation, stopping active replication. We work with what you have on hand.
Minute 30–60
Deployment decision
We confirm whether we respond remotely, on-site, or both. Retainer clients are formally engaged in this window. Non-retainer clients receive a commercial proposal before we continue.
What to have ready
If you have 60 seconds before you dial, collect these. If not, call anyway — we will gather them together on the triage call.
- Your organization name and your role
- When you first noticed something wrong — date and time
- Which systems or data appear to be affected
- Who else inside your organization already knows
- Containment steps already taken, if any
- Whether the attacker appears to still be active
- Whether law enforcement has been contacted
- Whether you have a cyber insurance policy
How the engagement works
Retainer clients
Your retainer covers the triage call, initial containment, forensic investigation, and the written post-incident report. You have reserved capacity — when you call, you are not competing for available engineers. No surprise invoices for the core response. Extended work scope is agreed after the immediate situation is contained.
Non-retainer clients
We take the call. After the initial triage, we provide a clear commercial proposal before proceeding to sustained engagement. We do not negotiate terms while you are dealing with an active incident. Triage comes first. Paperwork follows as soon as the immediate situation allows.
Containment target: 4 hours · IR retainer from KES 600,000 / year
How we work
Our incident response process follows the frameworks of ISO/IEC 27035 and NIST SP 800-61r2. This means documented chain-of-custody for digital evidence, formal case management, and written post-mortem reports suitable for regulatory submission and legal proceedings.
We provide regulatory liaison for ODPC breach notifications (required within 72 hours under the Kenya Data Protection Act), CBK incident reporting, and sector-specific obligations under IRA and SASRA. If your incident has a compliance dimension, we handle regulator communication alongside the technical response.
Reporting a vulnerability
If you are a security researcher who has found a vulnerability in an OpasSecure system or product, use the form below. This section is for researchers, not active incidents. Read our Disclosure Policy before submitting.
PGP key available on request — support@opassecure.com
After containment: full digital forensics with chain-of-custody documentation, regulatory reporting support, and a written lessons-learned report within 14 days. Suitable for board presentation and regulator submission.