Trust and Security at Qlik

Empowering organizations with solutions they can trust

Qlik’s solutions are designed to ensure high performing, highly available global environments through which you can safely and securely integrate your data, analyze your data and share insights. Whether you’re using our cloud service, deploying Qlik yourself or using a hybrid approach, we offer a world-class architecture and experience designed to confidently meet your security, compliance, and privacy needs.

Security

Security at Qlik is embedded across the company and an integral part of how Qlik develops software. It is designed to cover all facets of security disciplines within the company from software development to SaaS operations to corporate information technology security.

Qlik incorporates leading security technologies and modern open standards to provide users with the confidence that their data and analyses are secure. Additionally, Qlik Cloud and its operating infrastructure provide security using a number of methods.

  • Secure Software Development Lifecycle

    Qlik’s development model follows an adapted implementation of the Scaled Agile Framework (SAFe) and industry best practices for quality assurance. Qlik’s Software Security Office incorporates regular static code analysis, threat modelling, third-party vulnerability scanning, and pen-testing into Qlik’s software development process.
  • Vulnerability Management

    For security-related incidents, Qlik follows a Responsible Disclosure approach for any vulnerability that rates as High or Critical by our Software Security Office. This approach includes publishing a Security Bulletin to alert our customers and partners through a blog post, collaborating with the reporter of the vulnerability if applicable, creating software fixes as soon as possible, and/or providing mitigation until fixed.
  • Secure Operations

    Qlik proactively monitors production environments to identify and resolve any vulnerabilities that could compromise data security. Qlik works with independent third parties who perform vulnerability assessments against the infrastructure, platform and applications that make up Qlik’s product portfolio.
  • Approvals

    Qlik Sense® Enterprise is listed on the Cyberspace Capabilities Center’s (formerly Air Force Network Integration Center) Evaluated Products List. Qlik Sense Enterprise has approvals to operate (ATO) with the Army, Navy, Air Force and Marine Corps and Defense Agencies.

Certifications and Accreditations

  • FedRAMP

    Qlik has successfully achieved the Federal Risk and Authorization Management Program’s (FedRAMP) Authority to Operate (ATO) at the FedRAMP Moderate Impact Level (IL) and Department of Defense IL2, providing security and compliance for the US Public Sector.

    FedRAMP Marketplace

  • HIPAA

    Qlik has successfully completed a SOC 2 Type 2 + HITRUST CSF Attestation which provides an evaluation on the suitability of the design and operating effectiveness of Qlik's internal controls relative to the protection of Personal Health Information subject to US HIPAA Regulatory requirements.
  • ISO 27001:2022

    Qlik meets the standards of ISO 27001, an information management security specification for information management systems (ISMS). An ISMS is a framework of policies and procedures that includes all legal, physical and technical controls involved in an organization's information risk management processes.
  • ISO 270017:2015

    Qlik meets the standards of ISO 27017 an information management security specification for information management systems (ISMS) covering cloud security controls for cloud service providers. ISO 27017 is an extension to the ISO 27001 ISMS framework.
  • ISO 27018:2019

    • Qlik meets the standards of ISO 27018, an information management security specification for information management systems (ISMS) covering cloud privacy requirements and security controls for cloud service providers. ISO 27018 is an extension to the ISO 27001 ISMS framework.
  • SOC 1

    Qlik has successfully completed a SOC 1 Type 2 assessment which provides an evaluation on the suitability of the design and operating effectiveness of Qlik's internal controls, reporting on an Examination of Controls at a Service Organization Relevant to User Entities’ Internal Control Over Financial Reporting.
  • SOC 2 + HITRUST CSF

    Qlik has successfully completed a SOC 2 Type 2 + HITRUST CSF Attestation which provides an evaluation on the suitability of the design and operating effectiveness of Qlik's internal controls. SOC2 is an assessment based on the AICPA Trust Services Principles for Security, Availability, Processing Integrity, Confidentiality, and Privacy. The HITRUST CSF is a widely adopted security and privacy framework across multiple industries. Qlik's compliance and alignment to the applicable SOC2 trust principles and HITRUST CSF criteria is tested via a rigorous examination by an independent accounting firm.
  • SOC 3

    Qlik has successfully completed a SOC 3 assessment which provides an evaluation on the suitability of the design and operating effectiveness of Qlik's internal controls. SOC 3 is a rigorous examination by an independent Accounting firm based on AICPA Trust Services Principles and Criteria for Security, Availability, Processing Integrity, Confidentiality, and Privacy.
  • TISAX

    Qlik has completed the Trust Information Security Assessment Exchange (TISAX) assessment. This standard provides the European automotive industry a consistent, standardized approach to information security systems.
  • StateRAMP

    Qlik Cloud Government has successfully achieved StateRAMP (State Risk and Authorization Management Program) Moderate Authorized status. StateRAMP simplifies security for U.S. State, Local, and Higher Education organizations by providing a standardized approach to security authorizations for Cloud Service Providers.
  • TX-RAMP – Level 2

    Qlik Cloud Government has achieved TX-RAMP (Texas Risk and Authorization Management Program) Level 2 Authorization supporting confidential agency data determined to be at the moderate or high impact level. The Texas Department of Information Resources (DIR) provides a standardized approach for security assessment, authorization, and continuous monitoring of cloud computing services that process the data of a state agency.
  • ITAR

    Qlik Cloud Government supports compliance with the United States International Traffic in Arms Regulations(ITAR) around the handling of software and technical data controlled on the United States Munitions List (USML). Qlik Cloud Government provides an environment that is physically located in the US and access to the environment is restricted to US Persons thereby allowing qualified companies to use Qlik Cloud Government to transmit, process, and store protected articles and data subject to ITAR restrictions.
  • DISA

    Qlik Cloud Government has successfully met the standards for Impact Level (IL) 2 set by DISA (The Defense Information Systems Agency) a U.S. Government Organization that has created and maintains security guidelines for computer systems or networks connected to the DoD (Department of Defense).
  • IRAP

    Qlik has been assessed by an independent Information Security Registered Assessors Program (IRAP) assessor against the Australian Government Information Security Manual (ISM) Controls produced by the Australian Signals Directorate (ASD). The assessment examined the security controls of Qlik Cloud and provides assurance that Qlik has met the controls required by the ASD.

Check operational uptimes across all of our global regions.

Privacy

Data is one of your business’s most critical assets, which is why we treat it with the utmost care. Through security- and privacy-by-design development processes, Qlik ensures our solutions align with the latest data protection and privacy laws around the world, such as GDPR.

Accessibility

Qlik is committed to making our data and analytics platform available to everyone, with a world-class experience for users of all abilities. Ongoing product updates and new features enable users to consume data and visualizations.

Have questions related to security at Qlik?