Do you deliver ISO 27001 certification?

We provide gap assessments, remediation guidance, and program design. Certification audits are performed by accredited bodies; we prepare you to pass with fewer surprises.

Can you review our Data Protection Act compliance?

Yes. We assess governance, notices, rights handling, breach readiness, and vendor arrangements against Kenya DPA expectations and help you prioritise remediation.

GRC Consulting

Information Security & Data Protection

Assess and uplift your security and data protection posture against the standards your clients and regulators expect.

Security and privacy expectations now sit alongside prudential regulation. Customers, partners, and regulators ask for evidence—not policy documents alone.

We assess your program against ISO 27001, SOC 2, and NIST-aligned criteria where relevant, and against Kenya Data Protection Act obligations for local processing and governance.

Business continuity, vendor risk, and resilience planning are integrated so your security story is coherent for board and external stakeholders.

Who this is for

Institutions pursuing ISO 27001 or SOC 2 readiness
Data controllers responding to ODPC and privacy obligations
Teams strengthening third-party and vendor risk programs

Typical deliverables

ISO 27001, SOC 2, and NIST-aligned gap assessments
Kenya Data Protection Act compliance reviews
Business continuity and operational resilience planning
Third-party and vendor risk management

Outcome: A security and resilience program you can evidence with confidence.

How we work

01
Assess
We map your current governance structures, obligations, risks, and controls against the regulators and frameworks that apply to you, then surface the gaps that matter most.
02
Design
We define the operating model: governance roles, risk appetite, policy architecture, control libraries, and reporting lines, sequenced into a practical roadmap.
03
Implement
We help you stand up the frameworks, write the policies, build the registers, and configure Trigarc so the model runs in real tooling rather than spreadsheets.
04
Sustain
We embed the rhythm: train your teams, set review cadences, and prepare your board and regulator reporting so the program keeps working after we step back.

Frequently asked questions

Do you deliver ISO 27001 certification?: We provide gap assessments, remediation guidance, and program design. Certification audits are performed by accredited bodies; we prepare you to pass with fewer surprises.
Can you review our Data Protection Act compliance?: Yes. We assess governance, notices, rights handling, breach readiness, and vendor arrangements against Kenya DPA expectations and help you prioritise remediation.

Discuss this engagement

Book a discovery session to scope security & privacy for your institution and agree the first phase of work.

Book a discovery session All consulting services