Dubai, United Arab Emirates – 16 January 2026. Sovereign GRC infrastructure, 6clicks, is now officially certified under the Dubai Electronic Security Center (DESC) Cloud Service Provider (CSP) Security Standard. This means the platform is fully authorised to support Dubai’s government and semi-government entities in their mission to stay secure and resilient.
As a pioneer in AI-powered GRC (Governance, Risk, and Compliance), this certification marks a significant milestone in our commitment to the Middle East. It reinforces our mission to provide a secure, resilient, and compliant platform for government organisations across the Emirate of Dubai.
What is the DESC CSP Standard?
The Dubai Electronic Security Center (DESC) Cloud Service Provider (CSP) Security Standard is a mandatory framework for any cloud service provider hosting data for Dubai’s public sector. It is one of the most rigorous standards in the region, built upon a foundation of international best practices, including:
-
ISO/IEC 27001 & 27002 (Information Security Management)
-
ISO/IEC 27017 (Cloud Security)
-
CSA Cloud Controls Matrix (CCM)
-
Dubai ISR (Information Security Regulation)
Why this matters for organisations in the Middle East.
6clicks recently launched its Sovereign GRC Stack, expanding beyond cloud-first approaches to enable secure, intelligent GRC operations within on-premises, air-gapped, and restricted environments—addressing the typical limitations of traditional SaaS platforms for government, defence, and critical infrastructure. This certification represents the first step in delivering sovereign GRC capabilities across the broader Middle East region.
Here's what it means for organisations in these sectors:
-
Government-grade security: 6clicks has undergone rigorous third-party auditing to prove that its Information Security Management System (ISMS) meets the specific, high-bar requirements of the Dubai government.
-
Data sovereignty & residency: By meeting the DESC requirements, 6clicks ensures that sensitive data is managed in alignment with local laws and geographical boundaries, providing peace of mind to entities handling citizen data.
-
Streamlined procurement: For Dubai government and semi-government bodies, the DESC CSP certification is a prerequisite. Our achievement removes the compliance hurdles, allowing these organisations to deploy 6clicks' sovereign, AI-powered GRC platform instantly.
-
Zero-trust alignment: In line with the latest updates to the DESC framework (ISR Version 3.0), 6clicks continues to innovate in areas like zero-trust architecture and automated risk assessments.
The certification is now available on the 6clicks Trust Portal, where customers can access, download, and review the certificate.
This achievement is a testament to the dedication of the 6clicks team. Maintaining robust controls demands continuous, cross-functional collaboration, from security and DevOps to compliance and business operations. We extend our thanks to every team member who contributed. Their commitment to excellence ensures we consistently deliver a secure, world-class environment for our clients.
The road ahead
As the Middle East experiences rapid digital transformation and rising regulatory expectations for operational resilience, 6clicks is proud to be at the forefront, enabling organisations to meet regional requirements through a unified platform designed to operate securely within their own environments.
