Everything your procurement team will ask for.
On one page.
Every claim below is either independently verifiable or backed by an artifact we’ll send you under NDA. No badge soup, no self-issued logos, and a clear distinction between what we’re certified in versus what we operate to.
9 frameworks, three honest levels.
Most MSP sites slap every compliance logo onto one strip and imply they’re certified in all of them. We don’t. Each framework below is tagged Certified (audit completed), Aligned (operationally in place, no external audit), or Client support(we help your team maintain it; you’re the certified entity).
Aligned
We follow the framework operationally; external audit not yet completed.
3- ISO 27001global
Full ISMS aligned to ISO 27001 Annex A controls
Legal · Financial Services · Manufacturing · SaaS
- CIS Controls v8global
Every engagement maps to CIS v8 IG1/IG2 baseline
Healthcare · Manufacturing · Non-Profit · Education
- NIST CSFUS
Identify / Protect / Detect / Respond / Recover, operationalized
Manufacturing · Oil & Gas · Financial Services
Client support
We help your team achieve and maintain this; we are not the certified entity.
6- SOC 2global
Evidence collection + audit prep built into the engagement
SaaS · Financial Services · Professional Services · Healthcare
- HIPAAUS
PHI-compliant backup, access controls, and audit logging
Healthcare · Dental Practices
- PHIPACA
Ontario health-sector privacy compliance support
Healthcare · Dental Practices
- PIPEDACA
Canadian federal personal-information handling
Legal · Financial Services · Healthcare · Retail
- PCI-DSSglobal
Cardholder-data environment scoping + ongoing readiness
Retail · Hospitality · Financial Services
- GDPREU
Data-subject request handling + processor obligations
SaaS · Professional Services · Legal
8numbers we’ll be measured against.
Every value below has an internal substantiation note (the queue setting, the dispatch rule, the monitor). If we miss one for a client, the agreement provides remedy. Public values; the proof is in the contract.
- 93%tickets touched within 15 minresponse
- <1 hrcritical incident responseresponse
- 99.9%monitored-infra uptimeuptime
- ~2 hron-site arrival GTA + Metro Vancoverage
- 100%same-day message callbacksresponse
- 96%year-over-year client retentionrelationship
- 1:1named primary engineer per clientrelationship
- 10 biz daystypical onboarding to go-livecoverage
Measured monthly · Rolling 90-day window · Remedy structure spelled out in the master service agreement.
Fetched from Google in real time.
The badge below pulls live from Google Places API. No caching, no doctoring, no “cherry-picked five-stars” sidebar. For consent-cleared full quotes, see our case studies.
“What stood out was the named-engineer model. We never get bounced through a queue — same person, every conversation.”
No ticket pool. No L1 queue. Named senior engineer per client.
Every Kootechnikel client gets a primary and secondary engineer named on the master service agreement before signing. The proposal includes their photo, certifications, and the metro they sit in. Want to meet them before committing? Book a 30-minute intro on the same call as your free health check.
Primary engineer
Owns your account day-to-day: roadmap, escalations, vCIO cadence, monthly scorecard. Same person on month one and month thirty-six.
Secondary engineer
Same context, same access, same accountability — backup for vacation / on-call coverage. You never get a stranger.
vCIO oversight
Quarterly review with a fractional CIO who isn’t the engineer doing the day-to-day work. Independent eyes, strategic horizon.
Need the signed evidence?
Procurement teams: we send SOC 2 Type II letters, ISO 27001 statement of applicability, certificate of insurance, and our standard MSA on request, under NDA, within one business day.
Request the evidence packet