Your questions about 6clicks, answered

6clicks is a governance, risk, and compliance (GRC) platform built for government, defence, and critical infrastructure organisations. It helps teams manage risk registers, controls, audits, vendor assessments, and regulatory compliance in one place.

Headquartered in Melbourne, Australia, 6clicks operates globally with teams across the GCC, Southeast Asia, the United Kingdom, Europe, Canada, and the United States. Our Hub & Spoke architecture is purpose-built for multi-entity governance, with flexible deployment options spanning on-premise, private cloud, and SaaS. We have also pioneered the application of AI in GRC since our founding.

Learn more about our global footprint and leadership.

6clicks is the sovereign GRC platform trusted by enterprises, government entities, regulators, and advisors around the world. Our mission is to make risk and compliance run at scale, in any environment, with AI grounded in your own data.

We serve five core industries:

• Critical infrastructure operators across energy, utilities, telecommunications, healthcare, and transport, where 6clicks deploys inside your environment, connects to OT systems, and keeps critical operations audit-ready against frameworks like SOCI, NIS2, and IEC 62443.

• Regulators and supervisory authorities needing sovereign, federated oversight across regulated entities, with real-time visibility, defensible assurance, and AI-powered framework mapping built into every supervisory workflow.

• Defense contractors and primes operating in classified and air-gapped environments, where 6clicks meets strict data handling requirements and simplifies multi-framework compliance across CMMC, DISP/IRAP, NIST 800-171, and supply chain assurance.

• Government agencies and departments with sovereign data and AI mandates, where 6clicks deploys on approved infrastructure and supports frameworks like ISM, PSPF, Essential Eight, and NCA ECC across departments and jurisdictions.

• Complex enterprises managing risk and compliance across subsidiaries, sites, and jurisdictions, including the legacy, OT, and hybrid environments other GRC platforms can't reach.

Across all five, the common thread is the same: high-stakes environments where sovereignty, scale, and trusted AI are not optional.

6clicks uses all-inclusive subscription pricing, with no per-user fees, no per-module charges, no per-framework add-ons, and no hidden implementation costs. Every plan includes the full GRC Core, Hailey AI, and the entire Content Library from day one.

This is a deliberate departure from legacy GRC vendors, who typically charge across all of these dimensions. With those models, licensing often accounts for as little as 20% of the true total cost of ownership once modules, frameworks, users, and implementation are added.

How pricing scales

Pricing scales with your business, not your headcount.

For enterprise customers, pricing is based on organisation size and the number of Spokes. Unlimited users, vendors, frameworks, and content are included.

For advisors and MSPs, pricing is based on the number and type of client Spokes, with unlimited response-only client users included.

What's included

Implementation, onboarding, training, ongoing product consulting, are all included in the subscription. They are not priced as professional services bolted on afterwards.

The result is predictable cost, unlimited scale, and no penalty for growing your team or adding frameworks.

For a tailored quote, contact sales or see the full breakdown on the 6clicks plans page.

Yes. Sovereignty sits at the core of how 6clicks is built and deployed, and we treat it as more than where your data is stored. True sovereignty comes down to two things working together: data sovereignty (where your information resides and who can access it) and intelligence sovereignty (which AI models process your data, where they run, and who controls them). 6clicks delivers both.

Hyperscaler cloud hosting in your region

6clicks operates dedicated hyperscaler regions across the globe, including Australia, the United States, Canada, the United Kingdom, Germany, Singapore, and Japan. Customer data stays in the region you choose, supporting requirements such as GDPR (EU and UK), the Australian Privacy Act, and other regional data protection laws.

Sovereign cloud for in-country compliance

For organisations with stricter sovereignty obligations, 6clicks deploys on in-country sovereign cloud providers. This gives you local compute, local language support, and alignment to local assessment and authorisation frameworks such as IRAP in Australia.

Self-hosted in your own environment

For full control, 6clicks can be deployed in your own data centre or private infrastructure, customer- or partner-managed, on your terms.

Air-gapped deployment via the GRC Appliance

For defence, intelligence, and other highly sensitive environments where no external connectivity is permitted, the 6clicks GRC Appliance delivers the complete platform on certified hardware with built-in AI inference, capable of running fully air-gapped.

Full details of all four deployment models, including a side-by-side comparison, are on the 6clicks hosting page.

Sovereign AI, not just sovereign data

Unlike platforms that ship data to a single global AI provider, 6clicks gives you control over the AI itself. Hailey AI is model-agnostic and customer-approved, meaning you choose the model, where it runs, and the jurisdiction governing it. Options range from hyperscaler-hosted models in your region, to in-country sovereign AI providers, to fully local inference on the GRC Appliance for air-gapped environments. Your data and your intelligence stay under the same sovereign boundary.

Trusted by government, defence, and critical infrastructure

6clicks is trusted by government entities, defence organisations, and critical infrastructure operators in major regions around the world. The platform is independently certified to ISO/IEC 27001 and ISO/IEC 42001, holds an external ASD IRAP assessment for its Australian Government instance, and is also assessed against UK Cyber Essentials Plus, the Australian DISP program, and the Dubai Electronic Security Center (DESC) CSP Security Standard. Full certification details are on the 6clicks Trust & Security page.

Whatever your jurisdiction or sensitivity level, there is a 6clicks deployment that keeps both your data and your AI where they need to be.

6clicks offers four deployment options, all running the same platform, AI, and Content Library:

• Hyperscaler Cloud: 6clicks-managed, turnkey deployment on Azure for fast time to value.
• Local Cloud: In-country sovereign cloud with local compute, AI models, and certification to local frameworks.
• Self-Hosted: Deployed in the customer's own data center or private infrastructure for full control.
• GRC Appliance: The complete platform on certified hardware with built-in AI inference; air-gap capable.

You choose the deployment that fits your security, sovereignty, and control requirements — the platform capability stays the same. Learn more on the 6clicks hosting page.

6clicks supports over 100 standards and frameworks out of the box, including ISO/IEC 27001, ISO/IEC 42001 (AI management systems), SOC 2, NIST CSF, NIST SP 800-53, DORA, GDPR, PCI DSS, APRA CPS 234, ASD Essential Eight, ISM, and UK Cyber Essentials. The full index is available in the 6clicks Marketplace, and the Content Library is updated continuously as standards evolve.

Beyond the built-in library, 6clicks also supports any custom content your organisation needs, including:

• Custom frameworks for internal policies, industry-specific requirements, or regional regulations not yet in the library
• Custom risk libraries tailored to your business context, sector, or risk taxonomy
• Custom control sets aligned to your operating environment, with mapping to multiple authorities
• Custom audit and assessment templates, obligations, issue libraries, and playbooks

You can import your own content, build it from scratch, or extend existing frameworks, with Hailey AI accelerating mapping and analysis. This means 6clicks adapts to your GRC program, not the other way around.

Typical implementation timelines range from a few weeks for a single-framework deployment to several months for multi-entity Hub & Spoke rollouts with custom integrations. The Content Library accelerates setup by providing pre-built frameworks, control sets, and risk libraries.

Yes. 6clicks is purpose-built for advisory firms, MSPs, and consultancies, with a Hub & Spoke architecture designed from the ground up to deliver GRC services across multiple clients from a single platform instance.

How it works:

• Hub & Spoke architecture gives partners a central Hub for oversight, with each client running in their own Spoke. Full data separation, white-label branding, and centralized control mean one analyst can effectively manage 10 to 15 clients at once.
• Flexible Spoke licensing with Assessment Only Spokes for one-off engagements and Full Feature Spokes for ongoing managed services and vCISO delivery. Unlimited response-only client users included.
• Fast time to value with 1,000+ pre-built policies and controls, 100+ frameworks ready to deploy, and Hailey AI for automated evidence mapping. Most partners onboard new clients in 5 to 10 business days.
• Scalable service delivery that lets partners grow their client base without scaling headcount linearly.

The 6clicks Partner Program also includes dedicated partner success management, technical and sales enablement via 6clicks Academy, deal registration through the Connect Portal, and co-marketing support.

Learn more in our guide on how MSPs drive recurring GRC revenue with 6clicks, or apply to the 6clicks Partner Program.

6clicks integrates with cloud, identity, productivity, ITSM, and security platforms including Microsoft 365, Azure, AWS, Google Workspace, Jira, ServiceNow, Slack, Okta, and Microsoft Entra ID. The platform also supports REST APIs, webhooks, and flexible integration approaches for hybrid, sovereign, and restricted environments through agentic and CLI-based connectivity.

6clicks differs from these enterprise GRC suites in three main areas: (1) all-inclusive pricing with unlimited users and frameworks, versus per-user or per-module licensing; (2) sovereign deployment options including air-gapped via the GRC Appliance; and (3) Hub & Spoke architecture for federated multi-entity governance, which is well-suited to advisory firms, government departments, and conglomerates managing multiple business units or clients from a central instance.

Vanta, Drata, and Sprinto are primarily designed for cloud-native companies pursuing SOC 2 and ISO 27001 through automated evidence collection from SaaS and cloud infrastructure. 6clicks is built for organizations with broader requirements; multiple frameworks in parallel, complex risk and audit workflows, vendor risk programs at scale, and deployment in sovereign or air-gapped environments. Many advisory firms and MSPs use 6clicks to deliver GRC services to clients, which is a different use case from the category of automated startup-compliance platforms.

Yes. 6clicks helps you manage AI risk and prove compliance with major AI standards across the full AI lifecycle, from development through deployment to ongoing use. We are also certified to ISO/IEC 42001 ourselves.

6clicks includes built-in support for ISO/IEC 42001 (with full coverage of clauses and controls), the NIST AI Risk Management Framework (across the Govern, Map, Measure, and Manage functions), and the EU AI Act. Content is updated continuously as AI regulations evolve.

You can run AI risk assessments, use pre-built AI controls mapped to ISO 42001 and NIST AI RMF, link AI controls to your existing ISO 27001 or NIST CSF program, start fast with ready-made AI policies (acceptable use, model governance, data handling, human oversight), and assess AI vendors using the same workflows as cyber and operational vendor risk.

Yes. Hailey AI runs under our ISO/IEC 42001-certified AI management system and only uses your own content to generate responses. You see responsible AI in practice while using Hailey to manage your own AI program, including control mapping, policy drafting, risk identification, and audit responses.