6clicks GRC Certifications
From cyber risk management to AI governance, see how 6clicks helps organizations stay secure, compliant, and resilient.
-
ISO/IEC 27001:2022
Information Security Management System (ISMS)
ISO/IEC 27001 is the international standard for establishing, implementing, maintaining, and continually improving an Information Security Management System (ISMS), using a risk-based approach to protect information assets and manage security controls across people, process, and technology. This certification provides independent assurance that 6clicks’ security management practices are systematically designed and externally audited.
Date achieved: See ISO27001 certificate in the Certification Audits and Reports repository (certificate contains the certification and validity dates) -
ISO/IEC 42001:2023
AI Management System (AIMS)
ISO/IEC 42001 is the international standard for implementing an AI Management System (AIMS) to govern the responsible, transparent, and auditable use of AI, including management of AI risks, controls, oversight, and continual improvement. This certification provides independent validation that 6clicks has a structured governance system for AI use within the platform (including AI capabilities).
Date achieved: See ISO42001 audit artefacts in the Certification Audits and Reports repository (audit report/certificate contains the relevant dates). -
ASD IRAP Assessment
Australian Government ISM alignment
IRAP (Information Security Registered Assessors Program) is an Australian Government assessment program where an ASD-endorsed assessor evaluates a system’s security controls against the Australian Government Information Security Manual (ISM). 6clicks maintains an external IRAP assessment for its government instance, providing independent assurance of alignment to ISM control expectations.
Date achieved: March 2025 -
UK Cyber Essentials Plus
Assessed compliance
Cyber Essentials Plus is a UK government-backed scheme that validates an organisation’s implementation of baseline cyber security controls to defend against common internet-based attacks, with “Plus” including an external technical verification component. This provides independent assurance that core security hygiene controls are implemented and effective.
Date achieved: 31 Jan 2025 (certificate date). -
Australian Defence Industry Security Program (DISP)
Membership / annual reporting
DISP is an Australian Department of Defence program for organisations that require access to Defence security practices and requirements when operating within Defence industry supply chains. Participation supports assurance around protective security, personnel security expectations, and ongoing compliance activities (including annual reporting).
Date achieved: See DISP evidence pack in the Certification Audits and Reports repository (DISP documentation contains the relevant dates). -
Dubai Electronic Security Center (DESC)
Cloud Service Provider (CSP) Security Standard
The Dubai Electronic Security Center (DESC) developed the Cloud Service Provider (CSP) Security Standard to define mandatory cloud security requirements for cloud service providers supporting Dubai government, semi-government, and critical information infrastructure (CII) entities, including controls and an associated certification scheme. This standard provides a structured assurance mechanism for cloud security in the Emirate of Dubai and is used to validate that CSPs meet DESC’s baseline security expectations.
Date achieved: April 2026
Sovereign GRC infrastructure. Built for your environment.
From certified hardware to AI-native software. Built for government, defense, and critical infrastructure operators.
