Skip to content

6clicks compliance proof

Louis Strauss Aug 14, 2019

As regulators ramp up enforcement measures, and the compliance-related risks faced by directors and boards increase, there’s a frontier developing in the shadow of trust – proof.

Earlier this year, British Airways was fined AU$329 million for failing to adequately protect consumer data. Those closer to the incident have said the fine was not as high as it could have been, thanks to BA’s diligence in managing the initial risk and related treatment. The maximum penalty under new GDPR laws could have extended the fine to a maximum 4% of annual turnover, of which BA stood at only 1.5%.

This suggests that, going forward, companies will increasingly rely on their ability to prove (with independent verification) that an assessment took place, rather than just their sayso or an 11th-hour consulting report 

Proof engenders trust, as does transparency. This is a good thing. Practically, though, how does 6clicks establish or create proof?


Introducing Chainpoint 

In short, we have partnered with Chainpoint – an open standard for ​creating a timestamp proof of any data, file or process.

We use Chainpoint to take a hash of the meta-data associated with an assessment, which then returns a timestamp proof. Chainpoint node receives hashes, which are aggregated together using a Merkle tree. The root of this tree is published in a bitcoin transaction.

The final Chainpoint proof defines a set of operations that cryptographically link your assessment data to the bitcoin blockchain. For the tech boffins out there, the diagram below illustrates the way it works.



The simplicity and usefulness of a timestamp proof

And in a practical sense, within 6clicks, every time there’s a change in state for an assessment (for example, when an assessment is approved, published, opened or submitted), we generate a timestamp proof. This proof can then be verified by anyone with the proof to validate whether the assessment status took place at a point of time (note that we do not write any sensitive data to the blockchain, only metadata).

Within 6clicks, you can then create a report, which is useful to share with regulators, your board, or whenever there’s the need for proof. We call this 6clicks Compliance Proof, and it’s just another step in establishing trust with the stakeholders of your business.


Where to next for 6clicks Compliance Proof?

At 6clicks, we’ve baked the concept of proof into our risk assessment lifecycle – from approval through to submission. Right now, the focus is on assessment, but our plan extends to compliance-based training as well.

For those who are interested in finding out more, check out my recent presentation at the ISACA Melbourne Chapter, hosted by PwC on 13 August, where I explained the work we are doing with Chainpoint and where we are heading with 6clicks Compliance Proof. The presentation slides are here and you can check out the recorded presentation below or via this link.



Visit to learn more or book a demo at a time that suits you below.



Leave a Comment

Register for webinars, watch replays and download our ebooks

eBooks & Guides


Our blog and 6clicks TV

Latest articles and interviews with our partners and thought leaders


Our blog

6clicks TV

Top analysts and customers have spoken.

They genuinely love 6clicks.

"The best cyber GRC platform for businesses and advisors."


"We chose 6clicks not only for our clients, but also our internal use”

Partner | Big 4

"With 6clicks we can simply close deals much faster"

CEO | Startup

6clicks Reviews

"The 6clicks solution simplifies and strengthens risk, compliance, and control processes across entities and can grow and adapt as the organization changes and evolves."

Michael Rasmussen | GRC 20/20 Research LLC


Why businesses and advisors choose 6clicks

It's faster, easier and more cost effective than any alternative.

6clicks Enterprise Risk Management

Powered by artificial

Experience the magic of Hailey, our artificial intelligence engine for risk and compliance.

What's the best GRC software?

Unique Hub & Spoke architecture

Deploy multiple teams all connected to a hub - perfect for federated, multi-team structures.

Best software for ISO 27001 compliance

Fully integrated
content library

Access 100's of standards, control sets, assessment templates, libraries and playbooks.

Are you ready to experience AI-powered GRC?