Your questions about 6clicks, answered

6clicks is a GRC (governance, risk, and compliance) platform for government, defense, and critical infrastructure organizations. It helps teams manage risk registers, controls, audits, vendor assessments, and regulatory compliance. Headquartered in Melbourne, Australia, 6clicks also has regional teams across the GCC, Southeast Asia, Australia, the United Kingdom, and Europe, Canada, and the United States. The 6clicks Hub & Spoke architecture supports multi-entity governance, and the platform can be deployed locally, in the cloud, or on-premises via the 6clicks GRC Appliance. Learn more about our global footprint and leadership. 

6clicks is priced differently from every other GRC platform, and it's a deliberate, major differentiator. While legacy vendors charge per user, per module, and per framework, often with licensing as little as 20% of the true total cost of ownership, 6clicks offers all-inclusive subscription pricing with no per-user fees, no per-module charges, no per-framework add-ons, and no hidden implementation costs. Every plan includes the full GRC Core, Hailey AI, and the entire Content Library from day one.

Pricing scales with your business, not your headcount:

• Enterprise: Based on organization size and number of Spokes. Unlimited users, vendors, frameworks, and content included.
• Advisors & MSPs: Based on the number and type of client Spokes (Assessment Only or Full Feature), with unlimited response-only client users included.

Implementation, onboarding, training, ongoing product consulting, and a dedicated Customer Success Manager are all included, not priced as expensive professional services bolted on afterwards.

The result: predictable cost, unlimited scale, and no penalty for growing your team or adding frameworks. For a tailored quote, contact sales or see the full breakdown on the 6clicks plans page.

6clicks offers four deployment options, all running the same platform, AI, and Content Library:

• Hyperscaler Cloud: 6clicks-managed, turnkey deployment on Azure for fast time to value.
• Local Cloud: In-country sovereign cloud with local compute, AI models, and certification to local frameworks.
• Self-Hosted: Deployed in the customer's own data center or private infrastructure for full control.
• GRC Appliance: The complete platform on certified hardware with built-in AI inference; air-gap capable.

You choose the deployment that fits your security, sovereignty, and control requirements — the platform capability stays the same. Learn more on the 6clicks hosting page.

6clicks is the sovereign GRC platform trusted by enterprises, government entities, regulators, and advisors around the world. Our mission is to make risk and compliance run at scale, in any environment, with AI grounded in your own data.

We serve three main customer segments:

• Regulated enterprises in financial services, healthcare, and critical infrastructure, where compliance obligations are complex and the cost of getting it wrong is high
• Government agencies and defense contractors with sovereignty, data residency, and air-gapped deployment requirements
• Advisory firms, MSPs, and consultancies delivering GRC services to multiple clients at scale through our Hub & Spoke model

Across all three, the common thread is the same: high-stakes environments where sovereignty, scale, and trusted AI are not optional.

6clicks supports over 100 standards and frameworks out of the box, including ISO/IEC 27001, ISO/IEC 42001 (AI management systems), SOC 2, NIST CSF, NIST SP 800-53, DORA, GDPR, PCI DSS, APRA CPS 234, ASD Essential Eight, ISM, and UK Cyber Essentials. The Content Library is updated continuously as standards evolve.

Beyond the built-in library, 6clicks also supports any custom content your organization needs, including:

• Custom frameworks for internal policies, industry-specific requirements, or regional regulations not yet in the library
• Custom risk libraries tailored to your business context, sector, or risk taxonomy
• Custom control sets aligned to your operating environment, with mapping to multiple authorities
• Custom audit and assessment templates, obligations, issue libraries, and playbooks

You can import your own content, build it from scratch, or extend existing frameworks, with Hailey AI accelerating mapping and analysis. This means 6clicks adapts to your GRC program, not the other way around.

Yes. 6clicks helps you manage AI risk and prove compliance with major AI standards, and we're certified to ISO/IEC 42001 ourselves.

Frameworks supported out of the box:

• ISO/IEC 42001 (AI management systems), with full coverage of clauses and controls
• NIST AI Risk Management Framework, covering the Govern, Map, Measure, and Manage functions
• EU AI Act and other emerging AI rules, with ongoing updates as regulations change

What you can do on the platform:

• Run AI risk assessments across the full AI lifecycle, from development to deployment to ongoing use
• Use pre-built AI controls mapped to ISO 42001 and NIST AI RMF, with links to your existing ISO 27001 or NIST CSF program so everything stays connected
• Start fast with ready-made AI policies covering acceptable use, model governance, data handling, and human oversight
• Assess your AI vendors with the same workflows you use for cyber and operational vendor risk

Hailey AI as a working example:

Hailey AI is our built-in assistant that speeds up control mapping, policy drafting, risk identification, and audit responses. Hailey only uses your own content, and it runs under our own ISO 42001-certified AI management system, so you get to see responsible AI in action while you use it to manage your own AI program.

In short: one platform to govern your AI, manage AI risk, and stay audit-ready for ISO 42001 and the NIST AI RMF.

Yes. Sovereignty sits at the core of how 6clicks is built and deployed, and we treat it as more than just where your data is stored. True sovereignty comes down to two things working together: data sovereignty (where your information resides and who can access it) and intelligence sovereignty (which AI models process your data, where they run, and who controls them). 6clicks delivers both.

Hyperscaler cloud hosting in your region:

6clicks operates dedicated hyperscaler regions across the globe, including Australia, the United States, Canada, the United Kingdom, Germany, Singapore, and Japan. Customer data stays in the region you choose, supporting requirements such as GDPR (EU and UK), the Australian Privacy Act, and other regional data protection laws.

Sovereign cloud for in-country compliance:

For organizations with stricter sovereignty obligations, 6clicks deploys on in-country sovereign cloud providers. This gives you local compute, local language support, and alignment to local assessment and authorization frameworks such as IRAP in Australia.

Self-hosted in your own environment:

For full control, 6clicks can be deployed in your own data center or private infrastructure; customer- or partner-managed, on your terms.

Air-gapped deployment via the GRC Appliance:

For defense, intelligence, and other highly sensitive environments where no external connectivity is permitted, the 6clicks GRC Appliance delivers the complete platform on certified hardware with built-in AI inference, capable of running fully air-gapped.

Sovereign AI, not just sovereign data:

Unlike platforms that ship data to a single global AI provider, 6clicks gives you control over the AI itself. Hailey AI is model-agnostic and customer-approved, meaning you choose the model, where it runs, and the jurisdiction governing it. Options range from hyperscaler-hosted models in your region, to in-country sovereign AI providers, to fully local inference on the GRC Appliance for air-gapped environments. Your data and your intelligence stay under the same sovereign boundary.

Trusted by government, defense, and critical infrastructure:

6clicks is trusted by government entities, defense organizations, and critical infrastructure operators in major regions around the world. The platform is aligned with IRAP assessment requirements in Australia, and the same rigor is applied across every jurisdiction we operate in, from federal agencies to regulated utilities and national defense supply chains.

Whatever your jurisdiction or sensitivity level, there is a 6clicks deployment that keeps both your data and your AI where they need to be.

Typical implementation timelines range from a few weeks for a single-framework deployment to several months for multi-entity Hub & Spoke rollouts with custom integrations. The Content Library accelerates setup by providing pre-built frameworks, control sets, and risk libraries.

Yes. 6clicks is purpose-built for advisory firms, MSPs, and consultancies, with a Hub & Spoke architecture designed from the ground up to deliver GRC services across multiple clients from a single platform instance.

How it works:

• Hub & Spoke architecture gives partners a central Hub for oversight, with each client running in their own Spoke. Full data separation, white-label branding, and centralized control mean one analyst can effectively manage 10 to 15 clients at once.
• Flexible Spoke licensing with Assessment Only Spokes for one-off engagements and Full Feature Spokes for ongoing managed services and vCISO delivery. Unlimited response-only client users included.
• Fast time to value with 1,000+ pre-built policies and controls, 100+ frameworks ready to deploy, and Hailey AI for automated evidence mapping. Most partners onboard new clients in 5 to 10 business days.
• Scalable service delivery that lets partners grow their client base without scaling headcount linearly.

The 6clicks Partner Program also includes dedicated partner success management, technical and sales enablement via 6clicks Academy, deal registration through the Connect Portal, and co-marketing support.

Learn more in our guide on how MSPs drive recurring GRC revenue with 6clicks, or apply to the 6clicks Partner Program.

6clicks integrates with cloud, identity, productivity, ITSM, and security platforms including Microsoft 365, Azure, AWS, Google Workspace, Jira, ServiceNow, Slack, Okta, and Microsoft Entra ID. The platform also supports REST APIs, webhooks, and flexible integration approaches for hybrid, sovereign, and restricted environments through agentic and CLI-based connectivity.

6clicks differs from these enterprise GRC suites in three main areas: (1) all-inclusive pricing with unlimited users and frameworks, versus per-user or per-module licensing; (2) sovereign deployment options including air-gapped via the GRC Appliance; and (3) Hub & Spoke architecture for federated multi-entity governance, which is well-suited to advisory firms, government departments, and conglomerates managing multiple business units or clients from a central instance.

Vanta, Drata, and Sprinto are primarily designed for cloud-native companies pursuing SOC 2 and ISO 27001 through automated evidence collection from SaaS and cloud infrastructure. 6clicks is built for organizations with broader requirements; multiple frameworks in parallel, complex risk and audit workflows, vendor risk programs at scale, and deployment in sovereign or air-gapped environments. Many advisory firms and MSPs use 6clicks to deliver GRC services to clients, which is a different use case from the category of automated startup-compliance platforms.