Security & Privacy By Design

Qualifying 6sense as Your Vendor

As a SaaS provider, 6sense understands that earning and maintaining customer trust is
foundational to our business. We have made significant investments in technology, processes,
and people to ensure our platform meets industry standards for availability, security, privacy,
and compliance, including:

• CISO-led Security Organization. Our Security department is executive-focused and led by a Chief Information Security Officer (CISO), with dedicated teams operating across security incident response, vulnerability management, secure SDLC, continuous monitoring, threat hunting, vendor risk management, customer assurance, and enterprise risk management programs.
• Dedicated Privacy Management Program. Privacy is co-managed across two layers: executive oversight (CFO, CTO, and CLO) and engineering-level implementation. Our Privacy team is led by our Deputy General Counsel – Privacy & Compliance and Privacy Counsel.
• SOC 2 Type 2 – All Five Trust Service Criteria. We undergo an annual independent third-party SOC 2 Type 2 audit covering all five Trust Service Criteria: Security, Availability, Processing Integrity, Confidentiality, and Privacy.
• ISO 27001 Certified. We undergo an annual independent third-party audit to maintain our ISO/IEC 27001 certification, the internationally recognized standard for Information Security Management Systems (ISMS).
• ISO 42001 Certified. We undergo an annual independent third-party audit to maintain our ISO/IEC 42001 certification, the globally recognized standard for Artificial Intelligence Management Systems (AIMS).
• Regulatory Compliance. We are compliant with GDPR, CCPA/CPRA, and participate in the UK-US and Swiss-US Data Privacy Frameworks (DPF).
• Annual Penetration Testing. We conduct annual independent third-party network, web application, and API penetration assessments performed by a CREST-accredited vendor.
• Highly Available Cloud Infrastructure. Our platform is built on AWS with redundant, multi-system architecture designed to meet our defined RTO and RPO commitments.
• Comprehensive AI Governance Program. We maintain a formal AI Governance Program, overseen by an AI Management System (AIMS) Council, a cross-functional body comprising leaders from Data Science, Engineering, Security, and Legal. AI security is embedded across the platform through a dedicated secure AI development lifecycle, AI model risk assessments, penetration testing of LLM features guided by the OWASP Top 10 for LLMs, and AI guardrails including input validation, output filtering, and continuous output monitoring.
• Environmental, Social & Governance (ESG). We are committed to responsible business practices through a formal ESG program covering greenhouse gas (GHG) emissions reduction, diversity, equity, inclusion, and belonging (DEIB), and the protection of human rights, all underpinned by formal policies that reflect our values in how we operate and grow. Our ESG performance is tracked and reported through independent third-party platforms, providing external visibility into our progress.