Compliance & Certifications

Security posture

We follow recognized information security practices aligned with ISO/IEC 27001 controls. This includes:

• Encryption in transit (TLS 1.2+) and at rest (AES-256)
• Role-based access controls with least privilege
• MFA for all production system access
• Centralized audit logging and quarterly access reviews
• Documented incident response and disaster recovery procedures
• Annual third-party penetration tests on flagship systems

Donor and procurement compliance

We routinely work to the procurement, monitoring, and reporting standards of major donors and multilateral institutions, including:

• World Bank Procurement Framework
• European Union (EuropeAid, ECHO)
• USAID Federal Acquisition Regulation (FAR)
• UK FCDO Procurement Policy
• African Development Bank Procurement
• UN Procurement (UNGM-registered)

Data protection

We support compliance with applicable data protection regulations including the Kenya Data Protection Act, Somalia data sovereignty requirements, and EU GDPR for European partners. Data residency is selected per-engagement based on regulatory and donor requirements.

Documentation we can provide

For RFPs and procurement processes, we can supply:

• Statement of work templates
• Information security questionnaire responses
• Sample data processing agreement
• Reference architecture and hosting topology
• Sample audit logs and access review reports