Find answers and general information quickly about the 6clicks Cloud Infrastructure and Data Hosting
Table of contents:
Where is 6clicks' product infrastructure hosted?
How do I request where my data is hosted?
What is the baseline for cyber and information security at 6clicks?
What compliance is in place for the United States Government instance?
What compliance is in place for the Australian Government instance?
How can I find out more about 6clicks information security controls and policies?
Where is 6clicks' product infrastructure hosted?
6clicks' product infrastructure is hosted on Microsoft Azure in the following locations:
- United States (East) region (app-us);
- United States Government (app-us-gov);
- United Kingdom (app-uk);
- Australia East (app-au); and
- Australian Government (app-au-gov)
6clicks supports regional data hosting and so 6clicks accounts are hosted in one of these data hosting locations, and customer data is processed and stored in that location only.
How do I request where my data is hosted?
When you sign up for 6clicks, your sales representative or partner will ask where you want to host your data - one of the options above. A hosting location will be recommended based on your physical location and data security requirements, but you can request a different region depending on your needs.
What is the baseline for cyber and information security at 6clicks?
6clicks has established a global cyber and information security management system (ISMS) based on ISO/IEC 27001 including processes surrounding:
- Cyber and Information Security Governance including Information Asset Management, Security Risk Management and Security Compliance
- IT Operations including Change Management, Anti-malware, Vulnerability Management, Penetration Testing and Logging & Monitoring
- System Acquisition and Development including secure coding practices
- Supplier Security
- Physical and Environmental Security
- Human Resource Security
- Security Issue and Incident Management
- Business Continuity and Disaster Recovery
Some of the technical measures in place to prevent, detect and respond to cyber and information security related issues include:
- Single Sign On (SSO) and multi-factor authentication (MFA)
- Web Application Firewall (WAF)
- Anti-malware including application allow-listing
- Encryption - Data in transit & at rest (AES 256-bit)
- Backup & Recovery
- Mobile Device Management
- Privileged Access Management
- Logging & monitoring
- Code scanning
- DDoS Protection
What compliance is in place for the United States Government instance?
Guidance on United States Government (app-us-gov) security compliance:
- The United States Government instance is hosted on Microsoft Azure in the West US region (located in California) as a dedicated “GovCloud” instance of 6clicks
- App-us-gov inherits Microsoft Azure certifications including FedRAMP High provisional authorization to operate (P-ATO)
- CMMC does not apply directly to cloud service providers (instead to DIB contractors), however Microsoft offers a representation of how it satisfies CMMC requiremens
- 6clicks has not carried out its own FedRAMP or CMMC (or ITAR) assessment of app-us-gov at this stage
- app-us-gov is encompassed into 6clicks' global cyber and information security management system which is certified to ISO/IEC 27001:2022
- app-us-gov is is supported by 6clicks team members with US citizenship with level 2 and level 3 support provided by Australian security cleared DevOps and security team members
- 6clicks has also carried out an IRAP assessment against the Australian Government Information Security Manual (ISM) which is available via the 6clicks Trust Portal
What compliance is in place for the Australian Government instance?
Guidance on Australian Government (app-au-gov) security compliance:
- The Australian Government instance is hosted on Microsoft Azure in the Australia Central 1 region (located in Canberra) as a dedicated “GovCloud” instance of 6clicks
- App-au-gov inherits Microsoft Azure certifications including its IRAP assessment carried out against the Information Security Manual (ISM) at the Protected classification level
-
6clicks has completed its own IRAP assessments against the Information Security Manual (ISM) at the Official: Sensitive level and previously the Protected level
- app-au-gov is is operated by 6clicks team members with Australian Citizenship and relevant security clearances
- The existing app-au-gov "GovCloud" instance is operating at the Official: Sensitive level and a Protected level instance can be initiated on demand
How can I find out more about 6clicks information security controls and policies?
Please get in contact with your sales account manager who can open a line to our security team and CISO. You can also request access to the 6clicks Trust Portal via your sales account manager where relevant artefacts can be viewed for assurance including:
- ISO/IEC 27001:2022 Certificate and Statement of Applicability (SoA)
- IRAP assessment report and Cloud Controls Matrix (CCM)
- ASD Essential 8 Maturity Assessments
- CSA Consensus Assessments Initiative Questionnaire (CAIQ)
- Penetration test results summary
- 6clicks Policies and Control Sets
- Insurance Certificates of Currency
- Other supporting information