Adaptive Cyber Assurance Framework (ACAF)

Trust is the currency
of the digital economy.

Establishing the premier cyber resilience standard for African enterprises. We are empowering Managed Service Providers to certify, protect, and elevate SMEs through rigorous, verifiable compliance. Because a green security dashboard is not the same as proven resilience.

Explore the Framework View Proof of Delivery
ACAF Standard Verified Resilience
05Active Security Domains
30Rigorous Controls
03Mapped Jurisdictions (KE, NG, ZA)
Kenya Data Protection Act AlignedNigeria NDPR CompliantSouth Africa POPIA MappedISO 27001 FoundationNIST Cybersecurity FrameworkCIS Critical Security ControlsKenya Data Protection Act AlignedNigeria NDPR CompliantSouth Africa POPIA MappedISO 27001 FoundationNIST Cybersecurity FrameworkCIS Critical Security Controls

African enterprises face a paradox: digital growth requires uncompromising security, but proving that security is fragmented, costly, and complex.

The cyber security industry produces an abundance of monitoring dashboards and compliance reports, yet organisations continue to discover—often during an actual incident—that their assumed protections do not hold under real conditions.

KonectIQ is being built to bridge the trust gap. Think of ACAF not as an impenetrable wall, but as an elite executive protection detail for your data—actively validating controls, continuously monitoring for drift, and ensuring your business is structurally prepared to survive the inevitable.

Telemetry Policies Scans ACAF VALIDATION VERIFIED RESILIENCE
For Enterprises (SMEs)

Unlock Growth & Capital

A KonectIQ certificate is designed to act as a passport to the enterprise economy. It works to replace assumption-based reporting with a binary certification model validating operational maturity to stakeholders who matter.

As the network scales, all active certifications are published to our portal, allowing third-party auditors and regulators to verify your status in real-time.

  • Supply Chain Passport: Satisfy rigorous corporate procurement requirements instantly.
  • Insurance Advantages: Position for optimized cyber insurance terms with recognizing underwriters.
  • Regulatory Defense: Demonstrate structural alignment with local data protection laws (DPA, NDPR).
  • Credit Signalling: Signal operational resilience to banking and credit institutions.
For Service Providers (MSPs)

A New Revenue Paradigm

KonectIQ is establishing a standards institution, not a competing service provider. We deliver our framework exclusively through authorised MSP partners, empowering you to own the certification relationship.

Gain Accredited Partner status through demonstrated delivery quality, measured by the Partner Performance Index.

  • Recurring Margin: Generate high-margin revenue through annual business certifications.
  • Market Differentiation: Differentiate your MSP in a crowded, highly commoditized technical market.
  • Project Generation: Drive necessary remediation project work by identifying critical framework gaps.
  • Rapid Execution: Utilize our automated platform to run formal assessments in under 45 minutes.
Certification Integrity

The Binary Model.

We've eliminated the ambiguity of Gold, Silver, and Bronze tiers. In cyber resilience, partial compliance is zero compliance. The lifecycle is transparent, enforceable, and strictly binary.

Status: Certified

Valid.

All controls in the domain are validated and operational. Annual certification is maintained with mandatory quarterly technical checkpoints.

Status: At Risk

Deviation.

A technical control has drifted. A strict remediation window (7-14 days) is currently active. The organization must restore integrity or face expiration.

Status: Expired

Invalid.

The organization has failed to remediate or validate controls. They cannot claim any level of ACAF compliance. Full re-validation is required.

Operational Flow

How it works.

The ACAF lifecycle is designed around a strict separation of powers. KonectIQ owns the standard. Accredited MSPs perform the implementation. Third parties verify the outcome.

01

Standardization

KonectIQ defines the 30 binary controls and evidence requirements, removing subjective maturity scoring.

02

Delivery

Authorised MSPs assess tenant environments, remediate gaps, and submit standardized artifacts for institutional review.

03

Verification

Upon passing, the tenant is recorded in the public registry, creating a verifiable credential for underwriters and supply chains.

The ACAF Standard

Five Pillars.
Verified Resilience.

The Adaptive Cyber Assurance Framework (ACAF) v1.0 distills global standards into 30 binary controls optimized for the African operational landscape.

ACAF is reviewed annually by the KonectIQ framework governance committee. Domain control sets are continuously updated to reflect regulatory changes and evolving threat intelligence.

01Data Backup & Recovery

Ensuring business continuity in the face of ransomware or hardware failure. We mandate verified, isolated recovery mechanisms. A backup job completing is not the same as a business being able to recover.

Mapped to: ISO 27001 A.12.3
  • Control 1.1: Immutable, off-site backup storage architecture enforced and tested.
  • Control 1.2: Documented and tested Recovery Point Objective (RPO) < 24hrs.
  • Control 1.3: Automated daily backup schedules without manual intervention or oversight dependencies.
  • Control 1.4: Bi-annual physical recovery simulation with signed executive sign-off.
02Network Security Perimeter

Defending the boundary between internal assets and external threats through strict traffic regulation and endpoint protection. Ensuring the edge is mathematically hardened against automated intrusion attempts.

Mapped to: CIS Controls 9, 12
  • Control 2.1: Next-Gen Firewall (NGFW) deployed at all physical perimeters with active IPS.
  • Control 2.2: EDR/XDR agents active and reporting on 100% of employee endpoints.
  • Control 2.3: Corporate Wi-Fi permanently segmented from guest networks via VLAN.
  • Control 2.4: Default deny-all ingress traffic policy mapped to business justification.
03Identity & Access Management

Verifying the human element. Securing credentials to prevent unauthorized lateral movement and data exfiltration. Identity is the new perimeter in the cloud-first enterprise.

Mapped to: NIST PR.AC
  • Control 3.1: Multi-Factor Authentication (MFA) strictly mandated for all external access points.
  • Control 3.2: Principle of Least Privilege formally enforced via Role-Based Access Control matrices.
  • Control 3.3: Automated offboarding script executing within 4 hours of HR termination notice.
  • Control 3.4: Elimination of shared administrative service accounts across the domain.
04Vulnerability Management

Proactive identification and mitigation of software flaws before they can be exploited by threat actors. Moving from reactive patching to structural software hygiene.

Mapped to: CIS Control 7
  • Control 4.1: Automated patch management pipelines for OS and critical 3rd party applications.
  • Control 4.2: Quarterly internal and external vulnerability scanning covering all subnets.
  • Control 4.3: Defined internal SLA for critical zero-day patching (enforced under 48 hours).
  • Control 4.4: Decommissioning policy for End-of-Life (EOL) hardware and operating systems.
05Incident Response & Policy

Governance, culture, and readiness. Ensuring the organization knows exactly how to act when a breach occurs. Translating technical controls into legal and regulatory defensibility.

Mapped to: Regional Data Protection Acts
  • Control 5.1: Documented Incident Response Plan (IRP), updated annually and accessible offline.
  • Control 5.2: Mandatory bi-annual security awareness training for 100% of staff including executives.
  • Control 5.3: Formal data privacy policy aligned directly with local jurisdiction (e.g., DPA).
  • Control 5.4: Defined communication protocol for regulatory breach notification (within 72 hours).
Proof of Delivery

Real world delivery.
Verifiable ACAF standing.

KonectIQ is built to turn cyber resilience into something structured, reviewable, and externally verifiable. Through authorised delivery partners, organisations can move from baseline assessment to remediation, evidence review, and formal standing.

Authorised Delivery Partner

DesignX Studio

DesignX serves as an authorised KonectIQ delivery partner, using the framework in live client environments to assess resilience, coordinate remediation, prepare evidence, and move organisations toward verified ACAF standing.

Founding Partner Kenya Focus MSP Led Delivery ACAF Readiness
Why organisations start here
  • A practical path from assessment to action.
  • Support from an operating partner that understands implementation, not just reporting.
  • A clearer route into ACAF review and verified standing.
  • A delivery model designed to turn framework requirements into real operational change.
Illustrative client journey

Dekso Enterprises

A regional distribution company operating across multiple sites, with Microsoft 365, an ERP system, warehouse and office connectivity, endpoint fleets, shared data flows, and growing pressure to strengthen operational resilience as customer, supplier, and compliance expectations increase.

Backup & Recovery Perimeter Security Identity & Access Vulnerability Mgmt Incident Response
01

DesignX begins with a resilience baseline

Dekso Enterprises engages DesignX for managed cyber resilience support. DesignX uses KonectIQ from the start to structure the initial assessment and identify where recoverability, access control, perimeter protection, and response readiness need attention.

02

KonectIQ defines the working scope

Using the KonectIQ framework, DesignX maps the client environment into scope, covering Microsoft 365, user identities, warehouse and office endpoints, firewall perimeter, backup environment, and core policy controls.

03

DesignX uses KonectIQ to surface priority gaps

The baseline highlights the main weaknesses inside the KonectIQ control model, including incomplete restore testing, inconsistent Multi-Factor Authentication coverage, patching discipline gaps, and an underdeveloped breach response path.

04

DesignX delivers remediation in the live environment

Working as the MSP, DesignX helps Dekso Enterprises close the gaps identified by tightening identity controls, improving backup and recovery testing, strengthening endpoint and perimeter coverage, and formalising response workflows.

05

KonectIQ becomes the evidence and review path

Once the operating improvements are in place, DesignX uses KonectIQ to assemble the evidence pack, linking screenshots, logs, policy outputs, restore records, scan summaries, and scope notes into a reviewable submission.

06

Dekso Enterprises reaches verified standing

After review, KonectIQ records the outcome against the scoped environment. This turns the work delivered by DesignX into a clearer external standing that can be referenced in customer, procurement, or governance conversations.

Sample Verification Record

ACAF Certificate ID: ACAF-KE-2026-000184

Prepared through DesignX MSP delivery and recorded through KonectIQ verification.

Active Standing
Legal Entity
Dekso Enterprises
Country
Kenya
Issuing Partner
DesignX Studio
Status
Verified Active
Assessed Scope
Microsoft 365, ERP system, warehouse and office connectivity, endpoint fleets, backup environment, firewall perimeter, regional branch connectivity, policy set.

Open the client facing outputs

Explore the certificate, executive summary, and reviewed evidence inside a cleaner interactive modal flow.

The KonectIQ Network

A Standard
With Leverage.

A certificate is only as valuable as the institutions that recognize it. KonectIQ is working to replace fragmented compliance with a singular standard, forging direct integrations with the African financial and enterprise ecosystem.

Cyber Insurance

Underwriters can leverage ACAF status to confidently assess risk, streamlining traditional questionnaires. This positions certified entities for optimized premiums and smoother claims processing.

Premium OptimizationRisk Assessment API

Banking & Credit

Built for financial institutions to treat ACAF certification as a clear signal of operational maturity. It is designed to influence B2B lending terms and integrate into institutional credit risk models.

Due DiligenceLoan Approvals

Enterprise Procurement

Large telecoms, banks, and multinationals can increasingly look to ACAF certification for SMEs entering their vendor supply chains, providing a verified mechanism to mitigate third-party cyber risk.

Vendor OnboardingSupply Chain Risk

Legal & Regulatory

Rigorous framework mappings provide a highly defensible posture against regional data protection audits, demonstrating proactive duty of care to mitigate potential regulatory fines.

Kenya DPANigeria NDPR
Governance Intelligence

Delivery Quality Intelligence (DQI).

Certification validates tenant controls; DQI evaluates how consistently those controls are delivered across the entire ecosystem. It is the board’s continuous view of partner reliability.

"AI enhances governance. It never replaces deterministic certification logic. DQI provides the continuous visibility needed to maintain true resilience across scale."

Validation Consistency

Tracks adherence to scheduled validation windows across all tenants. Eliminates silent drift between formal audits.

Remediation Speed

Measures the time from "At Risk" detection to "Certified" restoration, surfacing operational bottlenecks early.

Anomaly Detection

AI-assisted monitoring for unauthorized configuration shifts or behavioral drifts across tenant environments.

RTO Accuracy

Compares actual measured recovery performance against declared business requirements in real-time.

Ecosystem Defense

Algorithmic Integrity.

Certification is only the baseline. KonectIQ is deploying proprietary AI models continuously across the registry to detect behavioral drift, quantify real-time risk, and proactively mitigate certification fraud.

Anomaly Detection

Our telemetry engine establishes a baseline for standard operational rhythms within certified environments. Any architectural drift or unauthorized control modifications trigger immediate algorithmic quarantine.

Dynamic Risk Assessment

We map emerging regional threat intelligence directly against tenant architecture profiles. The AI calculates continuous probability vectors, giving B2B underwriters a live risk score.

Fraud Prevention

We prevent the gamification of compliance. Machine learning models analyze evidentiary artifacts submitted by MSPs for inconsistencies, metadata tampering, or recycled proof-of-work.

Intelligent Assessment

Natural Language
Gap Analysis.

Describe your current IT infrastructure in plain English. Our proprietary model maps your architecture against the 30-control ACAF baseline to instantly identify critical certification gaps.

0 / 1000
acaf-model-v2.0
// System Idle// Awaiting environment description...

Ready to formally certify this architecture?

Connect with an Accredited MSP
Public Verification Portal

Real-Time Registry.

The foundation of our real-time registry. As the network scales, all active ACAF certifications are published here allowing third parties to instantly verify an organisation's resilient status.

Testing? Use sample code: ACAF-KE-2026-0921
The Architects

Forged by the Ecosystem.

KonectIQ is developed with the collective intelligence of an interdisciplinary team of cyber experts, the majority of whom are active Managed Service Provider (MSP) operators. This collaborative approach ensures our standard is not just theoretical, but deeply practical and battle-tested in the reality of the African digital landscape.

01.
Cloud Architecture

Expertise in secure edge operations across AWS and Azure.

02.
MSP Operations

Built by the people scaling tech services on the ground.

03.
Regulatory Law

Aligning technical controls with the DPA and NDPR.

04.
Underwriting

Structuring risk models for the cyber insurance industry.

MSP Partner Program

Building the network.

Transparent SaaS licensing for Registered MSP Partners. Charge your clients for the certification process and implementation; keep 100% of your service margin.

Boutique Partner
$49/mo
For emerging IT providers looking to formalize and build their security practice.
  • Up to 10 Active Client Profiles
  • Full ACAF Assessment Engine
  • Standard PDF Certificates
  • Public Registry Listing
Apply for Status
Accredited Partner
$149/mo
For established providers running operational security as a core business service.
  • Up to 50 Active Client Profiles
  • White-labeled Assessment Portal
  • Automated Evidence Collection
  • Jurisdictional Mapping Reports
  • Priority Underwriter Referral API
Scale Your Practice
Distributor Hub
Custom
For large-scale aggregators managing multiple downstream sub-MSPs.
  • Unlimited Client Profiles
  • Multi-tenant MSP Management
  • Full Assessment API Access
  • Dedicated Institutional Success Manager
Contact Alliance Team

*Local currency billing available in KES, NGN, and ZAR based on partner domicile.

Get in touch

Start a conversation.

Partnership & Inquiries

Apply for MSP Partner status or inquire about enterprise requirements.

Received.

Our partnership team will review and respond shortly.

Platform Feedback

Help us refine the KonectIQ experience. We value your UX impressions.

Thank You.

Your insights shape the future of the standard.