// Trust & Security Report

    Sisense Inc. logo

    Sisense Inc.

    Embedded/composable analytics and BI platform (Sisense Cloud managed service, Sisense Linux self-hosted, Compose SDK for embedding, and Sisense Intelligence AI features: assistant, narrative, forecast/trend)

    Certifications held

    7

    Maturity

    Enterprise

    Trains on your data

    Unknown

    Trust center

    Yes

    // Certification ledger

    Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.

    SOC 2 Type 2
    HELD

    Sisense is ISO 27001 Certified and SOC2 Type 2 Compliant. SOC 2 Type 2 certification for Cloud Managed Services offers a third-party technical report and assures customers that Sisense's information security measures are in line with the unique parameters of today's cloud requirements.

    Verify on trust.sisense.com
    ISO/IEC 27001
    HELD

    ISO 27001 for information security ... Sisense undergoes regular independent audits to ensure compliance with top security and privacy frameworks, including ISO 27001 for information security.

    Verify on sisense.com
    ISO/IEC 27701 (privacy management)
    HELD

    ISO 27701 for privacy management ... Sisense undergoes regular independent audits to ensure compliance with top security and privacy frameworks, including ISO 27701 for privacy management.

    Verify on sisense.com
    ISO/IEC 42001:2023 (AI Management System)
    HELD

    This is the first international standard for Artificial Intelligence Management Systems (AIMS) ... independent validation that the AI management system behind Sisense Intelligence meets the highest global benchmarks.

    Verify on trust.sisense.com
    HIPAA
    HELD

    Sisense platform is a HIPAA-ready solution that provides a high level of data security, integrity and encryption needed to maintain HIPAA compliance... Sisense complies with the provisions of the HIPAA Security Rule, Breach Notification Rule, and Privacy Rule as required in its capacity as a business associate. The Business Associate Agreement (BAA) covers Sisense's services as described in the applicable services agreement to which the BAA is attached.

    Verify on sisense.com
    GDPR (compliance posture, not a certification)
    HELD

    As a service provider, when processing personal data as part of our solutions and services, Sisense is a data processor and Sisense's customers are the data controllers... Sisense relies, among others, on the Standard Contractual Clauses (SCC), also called Model Clauses, to safely transfer data outside of the European Economic Area (EEA).

    Verify on sisense.com
    CCPA (compliance posture, not a certification)
    HELD

    Sisense emphasizes compliance with GDPR and other modern data protection laws such as the CCPA.

    Verify on sisense.com
    > Show 4 unconfirmed / not-held certifications
    PCI DSS
    NOT CONFIRMED

    No public evidence: PCI DSS is not listed on Sisense's trust center (trust.sisense.com) or trust-and-security page, and no PCI attestation was found in vendor-domain search.

    source: trust.sisense.com
    CSA STAR
    NOT CONFIRMED

    No public evidence: CSA STAR is not listed on Sisense's trust center or trust-and-security page.

    source: trust.sisense.com
    FedRAMP
    NOT CONFIRMED

    No public evidence: FedRAMP is not listed on Sisense's trust center or trust-and-security page.

    source: trust.sisense.com
    ISO 27017 / 27018 (cloud/PII security)
    NOT CONFIRMED

    No public evidence: only ISO 27001 and ISO 27701 are listed on Sisense's trust center; ISO 27017/27018 badges were not found.

    source: trust.sisense.com

    // Privacy & AI training

    Trains on customer data

    Not stated

    Data processing agreement

    Offered

    Data region

    Primary hosting on AWS (Sisense Cloud managed service runs on AWS EKS/EC2, dedicated VPC per customer). Standard Contractual Clauses used for transfers out of the EEA; no explicit EU-resident data-center guarantee found on public pages.

    No public vendor-domain statement confirming or denying that Sisense Intelligence (assistant, narrative, forecast, trend) trains foundation models on customer data. Documentation describes the assistant as grounded in the customer's own data model/metadata (not model retraining). For self-hosted GenAI deployments, the customer directly provisions and manages the LLM via Azure OpenAI or OpenAI APIs and the Vector Database (MongoDB Atlas VDB), meaning in that configuration prompt data flows to the customer's own OpenAI/Azure OpenAI tenant rather than to Sisense. No opt-out toggle or no-training commitment was found on trust.sisense.com or the trust-and-security page; treat as unconfirmed until verified directly with Sisense sales/security team.

    // Security controls

    Encryption in transit

    TLS 1.2+ used to secure data in transit.

    sisense.com

    Encryption at rest

    End-to-end encryption for data at rest and in transit stated as part of cloud security measures; customers configure encryption for stored data on the platform.

    sisense.com

    Penetration testing

    Annual third-party penetration tests to check for application and network vulnerabilities.

    trust.sisense.com

    Bug bounty / vulnerability research

    Partners with security researchers to uncover vulnerabilities through continuous manual testing via a bug bounty program.

    trust.sisense.com

    Cloud infrastructure isolation

    Sisense Cloud runs on AWS (EKS multi-node or dedicated EC2 single-node), each customer given a fully isolated cluster within its own dedicated VPC.

    docs.sisense.com

    Access controls

    Secured account administration for individual, group, or organization-level access management.

    sisense.com

    // Products & data scope

    Sisense Cloud (managed SaaS)Embedded analytics / BI, cloud-managed

    data: Customer data hosted and processed on AWS-managed infrastructure operated by Sisense; Sisense acts as data processor.

    Full compliance suite (SOC 2 Type 2, ISO 27001, ISO 27701, ISO 42001, HIPAA) applies to the managed cloud service per the trust center; no cert-by-tier distinction published.

    Sisense Linux (self-hosted)Embedded analytics / BI, self-managed

    data: Customer installs and operates Sisense on its own Linux servers, VMs, or bare metal; customer controls data location and infrastructure security.

    Suitable for organizations needing stricter security requirements or infrastructure customization. Compliance responsibility is shared: customer must configure environment/DBs/access controls per the platform's shared security model.

    Sisense Intelligence (AI features: assistant, narrative, forecast, trend)Generative AI / conversational analytics add-on

    data: Assistant grounds responses in the customer's own governed data model (column names/metadata) rather than free-form retraining, per documentation. Self-hosted GenAI deployments route LLM calls through the customer's own Azure OpenAI or OpenAI API account plus a customer-managed MongoDB Atlas Vector Database.

    Covered by ISO/IEC 42001:2023 AI Management System certification per trust.sisense.com. No public statement on whether cloud-managed deployments of the assistant use customer prompts for model training; treat as unconfirmed (see privacy.ai_training_note).

    Compose SDKDeveloper SDK for embedding analytics

    data: Used by developers to embed Sisense dashboards/AI features into their own applications; data scope depends on what the embedding customer exposes.

    Inherits the security posture of the underlying Sisense Cloud or self-hosted deployment it is embedded against.

    // What to watch

    • AI-training posture (whether Sisense Intelligence/assistant trains on customer prompts or data in the cloud-managed offering) is not addressed on any public vendor page found; marked null/unconfirmed rather than assumed either way
    • The 2019 ISO 27001 press release predates the current trust center; current ISO 27001 status is corroborated by the live trust.sisense.com listing but the underlying audit/scope document was not independently viewable (SafeBase portal may require an access request for full report download)
    • No explicit EU/data-residency guarantee found for Sisense Cloud beyond general AWS hosting and SCC-based international transfer language; regulated EU customers should confirm region pinning directly with Sisense
    • Self-hosted GenAI mode shifts LLM data flow to the customer's own OpenAI/Azure OpenAI account — this is a meaningfully different data-handling posture from the cloud-managed assistant and should not be conflated when listing 'AI training' claims

    // At a glance

    Pricing model

    Subscription/contract-based enterprise SaaS and self-hosted licensing (published third-party estimates cite roughly $50K/year self-hosted vs $75K/year cloud for equivalent user counts; no public self-serve pricing page).

    Self-hostable

    Yes

    // How we verified this

    Every certification marked HELD is confirmed against a verbatim quote on Sisense Inc.'s own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.

    Last verified 2026-07-09. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.

    trust.sisense.com

    > Browse all vendor trust reports