Trust and Compliance at Qlik
Qlik’s solutions are designed to ensure high performing, highly available global environments through which you can safely and securely analyze your data and share insights. Whether you’re deploying Qlik on-premise, as a SaaS solution, or with a multi-cloud approach, we offer a world-class architecture and experience designed to confidently meet your security, compliance, and privacy needs.
Compliance
Qlik works with businesses of every size and vertical around the world. We consistently monitor data and technology regulatory changes globally, and it is our policy to make applicable changes as soon as possible. Additionally, we routinely work with third-party auditors to conduct assessments that rigorously test our software and internal systems.
SOC II
Our SOC II Type 1 assessment details the design and internal controls for Qlik Cloud Services that meet the criteria for the Security and Availability Principles set forth in TSP Section 100A, Trust Services Principles and Criteria for Security, Availability, Processing Integrity, Confidentiality, and Privacy (AICPA, Trust Services Principles and Criteria). SOCII Type 2 is in progress and in addition to the items noted for the Type 1, will assess the operating effectiveness of the internal controls.
ISO 27001
Attunity, a division of Qlik, meets the standards of ISO 27001, an information management security specification for information management systems (ISMS). An ISMS is a framework of policies and procedures that includes all legal, physical and technical controls involved in an organization's information risk management processes.
Accessibility
Qlik is committed to making our data and analytics platform available to everyone, with a world-class experience for users of all abilities. Ongoing product updates and new features ensure all users can fully interact and consume data and visualizations.
Security
Security in Qlik is embedded across the company and an integral part of how Qlik develops software. It is designed to cover all facets of security disciplines within the company from software development to SaaS operations to corporate information technology security.
Qlik incorporates leading security technologies and modern open standards to provide users with the confidence that their data and analyses are secure. Additionally, Qlik Cloud Services and its operating infrastructure provide security using a number of methods:
Secure Software Development Lifecycle:
Qlik’s development model follows an adapted implementation of the Scaled Agile Framework (SAFe) and industry best practices for quality assurance. Qlik’s Software Security Office incorporates regular static code analysis, threat modelling, third-party vulnerability scanning, and pen-testing into Qlik’s software development process.
Vulnerability Management:
For security-related incidents, Qlik follows a Responsible Disclosure approach for any vulnerability that rates as High or Critical by our Software Security Office. This approach includes publishing Security Bulletins to our customer and partner portals, collaborating with the reporter of the vulnerability if applicable, creating software fixes as soon as possible, and/or providing mitigation until fixed.
Secure Operations:
Qlik proactively monitors production environments to identify and resolve any vulnerabilities that could compromise data security. Qlik works with independent third parties who perform vulnerability assessments against the infrastructure, platform and applications that make up Qlik’s product portfolio.
Approvals:
Qlik Sense Enterprise is listed on the Air Force Network Integration Center (AFNIC) Evaluated Products List. Qlik Sense Enterprise has approvals to operate (ATO) with the Army, Navy, Air Force and Marine Corps and Defense Agencies.
Privacy
Data is one of your business’s most critical assets, which is why we treat it with complete confidentiality. Through security- and privacy-by-design software development processes, Qlik ensures our solutions align with the latest data protection and privacy laws around the world, such as GDPR.
