// Trust & Security Report
Sisense Inc.
Embedded/composable analytics and BI platform (Sisense Cloud managed service, Sisense Linux self-hosted, Compose SDK for embedding, and Sisense Intelligence AI features: assistant, narrative, forecast/trend)
Certifications held
7
Maturity
Enterprise
Trains on your data
Unknown
Trust center
Yes
// Certification ledger
Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.
Verify on trust.sisense.com“Sisense is ISO 27001 Certified and SOC2 Type 2 Compliant. SOC 2 Type 2 certification for Cloud Managed Services offers a third-party technical report and assures customers that Sisense's information security measures are in line with the unique parameters of today's cloud requirements.”
Verify on sisense.com“ISO 27001 for information security ... Sisense undergoes regular independent audits to ensure compliance with top security and privacy frameworks, including ISO 27001 for information security.”
Verify on sisense.com“ISO 27701 for privacy management ... Sisense undergoes regular independent audits to ensure compliance with top security and privacy frameworks, including ISO 27701 for privacy management.”
Verify on trust.sisense.com“This is the first international standard for Artificial Intelligence Management Systems (AIMS) ... independent validation that the AI management system behind Sisense Intelligence meets the highest global benchmarks.”
Verify on sisense.com“Sisense platform is a HIPAA-ready solution that provides a high level of data security, integrity and encryption needed to maintain HIPAA compliance... Sisense complies with the provisions of the HIPAA Security Rule, Breach Notification Rule, and Privacy Rule as required in its capacity as a business associate. The Business Associate Agreement (BAA) covers Sisense's services as described in the applicable services agreement to which the BAA is attached.”
Verify on sisense.com“As a service provider, when processing personal data as part of our solutions and services, Sisense is a data processor and Sisense's customers are the data controllers... Sisense relies, among others, on the Standard Contractual Clauses (SCC), also called Model Clauses, to safely transfer data outside of the European Economic Area (EEA).”
Verify on sisense.com“Sisense emphasizes compliance with GDPR and other modern data protection laws such as the CCPA.”
> Show 4 unconfirmed / not-held certifications
source: trust.sisense.comNo public evidence: PCI DSS is not listed on Sisense's trust center (trust.sisense.com) or trust-and-security page, and no PCI attestation was found in vendor-domain search.
source: trust.sisense.comNo public evidence: CSA STAR is not listed on Sisense's trust center or trust-and-security page.
source: trust.sisense.comNo public evidence: FedRAMP is not listed on Sisense's trust center or trust-and-security page.
source: trust.sisense.comNo public evidence: only ISO 27001 and ISO 27701 are listed on Sisense's trust center; ISO 27017/27018 badges were not found.
// Privacy & AI training
Trains on customer data
Not stated
Data processing agreement
Offered
Data region
Primary hosting on AWS (Sisense Cloud managed service runs on AWS EKS/EC2, dedicated VPC per customer). Standard Contractual Clauses used for transfers out of the EEA; no explicit EU-resident data-center guarantee found on public pages.
No public vendor-domain statement confirming or denying that Sisense Intelligence (assistant, narrative, forecast, trend) trains foundation models on customer data. Documentation describes the assistant as grounded in the customer's own data model/metadata (not model retraining). For self-hosted GenAI deployments, the customer directly provisions and manages the LLM via Azure OpenAI or OpenAI APIs and the Vector Database (MongoDB Atlas VDB), meaning in that configuration prompt data flows to the customer's own OpenAI/Azure OpenAI tenant rather than to Sisense. No opt-out toggle or no-training commitment was found on trust.sisense.com or the trust-and-security page; treat as unconfirmed until verified directly with Sisense sales/security team.
// Security controls
Encryption at rest
End-to-end encryption for data at rest and in transit stated as part of cloud security measures; customers configure encryption for stored data on the platform.
sisense.comPenetration testing
Annual third-party penetration tests to check for application and network vulnerabilities.
trust.sisense.comBug bounty / vulnerability research
Partners with security researchers to uncover vulnerabilities through continuous manual testing via a bug bounty program.
trust.sisense.comCloud infrastructure isolation
Sisense Cloud runs on AWS (EKS multi-node or dedicated EC2 single-node), each customer given a fully isolated cluster within its own dedicated VPC.
docs.sisense.comAccess controls
Secured account administration for individual, group, or organization-level access management.
sisense.com// Products & data scope
data: Customer data hosted and processed on AWS-managed infrastructure operated by Sisense; Sisense acts as data processor.
Full compliance suite (SOC 2 Type 2, ISO 27001, ISO 27701, ISO 42001, HIPAA) applies to the managed cloud service per the trust center; no cert-by-tier distinction published.
data: Customer installs and operates Sisense on its own Linux servers, VMs, or bare metal; customer controls data location and infrastructure security.
Suitable for organizations needing stricter security requirements or infrastructure customization. Compliance responsibility is shared: customer must configure environment/DBs/access controls per the platform's shared security model.
data: Assistant grounds responses in the customer's own governed data model (column names/metadata) rather than free-form retraining, per documentation. Self-hosted GenAI deployments route LLM calls through the customer's own Azure OpenAI or OpenAI API account plus a customer-managed MongoDB Atlas Vector Database.
Covered by ISO/IEC 42001:2023 AI Management System certification per trust.sisense.com. No public statement on whether cloud-managed deployments of the assistant use customer prompts for model training; treat as unconfirmed (see privacy.ai_training_note).
data: Used by developers to embed Sisense dashboards/AI features into their own applications; data scope depends on what the embedding customer exposes.
Inherits the security posture of the underlying Sisense Cloud or self-hosted deployment it is embedded against.
// What to watch
- AI-training posture (whether Sisense Intelligence/assistant trains on customer prompts or data in the cloud-managed offering) is not addressed on any public vendor page found; marked null/unconfirmed rather than assumed either way
- The 2019 ISO 27001 press release predates the current trust center; current ISO 27001 status is corroborated by the live trust.sisense.com listing but the underlying audit/scope document was not independently viewable (SafeBase portal may require an access request for full report download)
- No explicit EU/data-residency guarantee found for Sisense Cloud beyond general AWS hosting and SCC-based international transfer language; regulated EU customers should confirm region pinning directly with Sisense
- Self-hosted GenAI mode shifts LLM data flow to the customer's own OpenAI/Azure OpenAI account — this is a meaningfully different data-handling posture from the cloud-managed assistant and should not be conflated when listing 'AI training' claims
// At a glance
Pricing model
Subscription/contract-based enterprise SaaS and self-hosted licensing (published third-party estimates cite roughly $50K/year self-hosted vs $75K/year cloud for equivalent user counts; no public self-serve pricing page).
Self-hostable
Yes
// How we verified this
Every certification marked HELD is confirmed against a verbatim quote on Sisense Inc.'s own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.
Last verified 2026-07-09. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.
trust.sisense.com