Trust & compliance
A complete compliance posture, available on request.
We are audited annually under ISO 27001 and ISO 9001, hold a Tier-1 contractor license from the Communications Authority of Kenya, and maintain authorized-partner status with the equipment vendors we deploy. Procurement teams can request the full evidence pack, NDA optional.
Certifications
Independently verified.
ISO 27001:2022
Information security management system. Last audit 2025-Q4. Next surveillance Q4 2026.
ISO 9001:2015
Quality management. Recertified 2025-Q2. Process and delivery audited end to end.
CA Kenya Tier-1
Communications Authority of Kenya. Highest-tier contractor authorization.
Cisco Premier Partner
Authorized partner. Specializations in infrastructure, security, collaboration.
Schneider Elite
APC Elite Partner. Authorized integrator for power and cooling.
Uptime Institute
Tier III certified design professionals on staff. Three engineers ATD-credentialed.
Frequently asked
Procurement and security questions.
Is the ISO 27001 certificate available for download?
Yes. Email compliance@techsource.co.ke from a verifiable corporate domain and we will share the most recent certificate, the statement of applicability, and the audit summary within one working day. NDA is optional but available on request.
Where is customer data stored, and under what jurisdiction?
For Kenyan customers, data is stored within Kenya at our Tier III facility in Athi River, governed by the Kenya Data Protection Act 2019. For pan-African deployments, data residency is configured per customer requirement. We support sovereign deployment models for ministries and DFIs that require in-country data residency.
What is your incident response time, and what does it cover?
Our standard SLA tier provides 30-minute response for P1 incidents, 4 hours for P2, 8 hours for P3, and next-business-day for P4. Premium tiers reduce P1 to 15 minutes with on-site engineer dispatch. The full incident playbook is shareable under NDA.
Do you support customer-led penetration testing?
Yes. We support black-box, grey-box, and white-box engagements with customer-nominated testers, subject to a written rules-of-engagement document. Findings are remediated within agreed timelines and a remediation report is provided.
How are subcontractors and third parties vetted?
Our default model removes subcontracted seams: the engineer who designs the network is the same one who supervises the install. Where third-party labour is used (typically civil works for fiber routes), the third party is vetted, contracted under our security requirements, and supervised by a Techsource lead engineer at every site visit.
What audit logs and reporting do you provide?
Standard reporting includes monthly uptime and incident summaries, quarterly compliance posture reports, and annual penetration test summaries (where applicable). Real-time access to operational dashboards is available for enterprise customers. Audit logs are retained for seven years per KRA and CA Kenya guidance.
Request the pack
A full compliance evidence pack, on request.
Includes ISO certificates, statement of applicability, security policy excerpts, incident response procedure, and a recent independent audit summary. Available within one working day to verifiable corporate domains.
Email: compliance@techsource.co.ke
Phone: +254 20 207 7600
Hours: 08:00–18:00 EAT, Mon–Sat
Request received.
A compliance officer will respond within one working day. For urgent procurement timelines, call +254 20 207 7600.
A compliance officer will respond within one working day. For urgent procurement timelines, call +254 20 207 7600.