Physical Security & Office Infrastructure
Our Westlands facility operates ISO 27001-aligned controls built for regulated industries. Biometric access, 24/7 CCTV, dual-ISP redundancy, and business continuity systems.
Overview
What Physical Security Controls Are in Place?
Treba's operational office in Westlands, Nairobi, implements physical security controls aligned to ISO 27001 Annex A.11 (Physical and Environmental Security).
These controls are designed for organisations processing regulated UK data — including personal data under UK GDPR, financial data under FCA requirements, and health data under NHS IG standards. Physical security is not an add-on. It is a baseline condition of every Treba engagement. No client data is processed outside the secured office environment, and no personal devices are permitted in production areas for sensitive engagements.
The facility is a dedicated commercial office in Westlands, Nairobi — not a coworking space, not a serviced office. It is exclusively occupied by Treba staff working on Treba client engagements, with biometric entry, 24/7 CCTV, network segmentation, and clean desk enforcement as baseline conditions.
Addressing concerns
The office you cannot see.
Audit it any time.
Treba's Westlands facility is a dedicated commercial office — not a coworking or serviced space — exclusively occupied by Treba staff under Treba's direct management. We invite every prospective and current client to verify it in person or by live video walkthrough before signing.
What the audit covers
Entry points
Biometric · mantrap
Workstations
CCTV · clean-desk
Server room
Segmentation · logs
Common areas
Visitor logs
CONTROLS
Security controls, layer by layer.
Physical access, network isolation, and personnel vetting — each independently auditable.
Book a facility tourAccess control
Biometric entry at building and floor level. Mantrap entry — no tailgating. Staff badges with photo ID. Visitor logs maintained with escorted access only.
Surveillance
24/7 CCTV across entry points, workstations, and common areas. 90-day footage retention. Remote viewing available for client audits.
Network & data isolation
Client-segmented VLANs with firewall rules. USB ports disabled. VPN/VDI-only access. No local storage. No cross-client data access.
Personnel & workspace
DCI background checks and project-specific NDAs before any data access. Clean-desk policy enforced daily. No personal devices in production areas.
Resilience
Business Continuity & Disaster Recovery
Redundancy built into every layer. No single point of failure for connectivity, power, or incident response.
Connectivity
Dual ISP
Safaricom + Zuku fibre on independent last-mile routes
Failover
Automatic, under 30 seconds
Uptime SLA
99.9%, backed by dual-ISP architecture
Power
UPS + generator
Immediate battery backup, diesel generator on automatic transfer switch
Fuel reserve
48 hours on-site, refuelled before drawdown
Testing
Monthly UPS and generator tests, logged
Incident Response
Notification
Client notified within 72 hours (UK GDPR aligned)
Escalation
24/7 on-call lead; management paged within 1 hour
Exercises
Annual tabletop simulations + post-incident RCAs
Economics
Physical Security Infrastructure Included in Every Engagement
Toggle items to see what you'd pay to build this yourself. With Treba, every control is included — no add-ons, no separate invoices.
7/7 selected
Treba: All included
£0
extra
DIY Cost
£0
With Treba
£0 extra
Junior KYC Analyst
£38,640 → £10,800/yr
Customer Support Agent
£34,260 → £8,400/yr
Data Annotator
£32,460 → £8,400/yr
DIY costs are mid-range estimates for Nairobi commercial office infrastructure. UK loaded cost = base salary + 13.8% employer NI + office/equipment + recruitment/compliance. See role-by-role pricing →
FAQ
Frequently asked questions
Ready to See the Facility?
Start with a scoping call. We'll walk you through the security controls, answer your compliance team's questions, and schedule a virtual or in-person tour.