Qlik’s solutions are designed to ensure high performing, highly available global environments through which you can safely and securely integrate your data, analyze your data, and share insights. Whether you’re using our cloud service, deploying Qlik yourself or using a hybrid approach, we offer a world-class architecture and experience designed to confidently meet your security, compliance, and privacy needs.
Security
Security at Qlik is embedded across the company and an integral part of how Qlik develops software. It is designed to cover all facets of security disciplines within the company from software development to SaaS operations to corporate information technology security.
Qlik incorporates leading security technologies and modern open standards to provide users with the confidence that their data and analyses are secure. Additionally, Qlik Cloud and its operating infrastructure provide security using a number of methods.
Secure software development lifecycle
Qlik’s development model follows an adapted implementation of the Scaled Agile Framework (SAFe) and industry best practices for quality assurance. Qlik’s Software Security Office incorporates regular static code analysis, threat modeling, third-party vulnerability scanning, and pen-testing into Qlik’s software development process.
Vulnerability management
For security-related incidents, Qlik follows a Responsible Disclosure approach for any vulnerability that rates as High or Critical by our Software Security Office. This approach includes publishing a Security Bulletin to alert our customers and partners through a blog post, collaborating with the reporter of the vulnerability if applicable, creating software fixes as soon as possible, and/or providing mitigation until fixed.
Secure operations
Qlik proactively monitors production environments to identify and resolve any vulnerabilities that could compromise data security. Qlik works with independent third parties who perform vulnerability assessments against the infrastructure, platform and applications that make up Qlik’s product portfolio.
Approvals
Qlik Sense® Enterprise is listed on the Cyberspace Capabilities Center’s (formerly Air Force Network Integration Center) Evaluated Products List. Qlik Sense Enterprise has approvals to operate (ATO) with the Army, Navy, Air Force and Marine Corps and Defense Agencies.
Certifications and accreditations
HIPAA
Qlik has successfully completed a SOC 2 Type 2 + HITRUST CSF Attestation which provides an evaluation on the suitability of the design and operating effectiveness of Qlik's internal controls relative to the protection of Personal Health Information subject to US HIPAA Regulatory requirements.
ISO 27001:2022
Qlik meets the standards of ISO 27001, an information management security specification for information management systems (ISMS). An ISMS is a framework of policies and procedures that includes all legal, physical and technical controls involved in an organization's information risk management processes.
ISO 27017:2015
Qlik meets the standards of ISO 27017 an information management security specification for information management systems (ISMS) covering cloud security controls for cloud service providers. ISO 27017 is an extension to the ISO 27001 ISMS framework.
ISO 27018:2019
Qlik meets the standards of ISO 27018, an information management security specification for information management systems (ISMS) covering cloud privacy requirements and security controls for cloud service providers. ISO 27018 is an extension to the ISO 27001 ISMS framework.
SOC 1
Qlik has successfully completed a SOC 1 Type 2 assessment which provides an evaluation on the suitability of the design and operating effectiveness of Qlik's internal controls, reporting on an Examination of Controls at a Service Organization Relevant to User Entities’ Internal Control Over Financial Reporting.
SOC 2 + HITRUST CSF
Qlik has successfully completed a SOC 2 Type 2 + HITRUST CSF Attestation which provides an evaluation on the suitability of the design and operating effectiveness of Qlik's internal controls. SOC2 is an assessment based on the AICPA Trust Services Principles for Security, Availability, Processing Integrity, Confidentiality, and Privacy. The HITRUST CSF is a widely adopted security and privacy framework across multiple industries. Qlik's compliance and alignment to the applicable SOC2 trust principles and HITRUST CSF criteria is tested via a rigorous examination by an independent accounting firm.
SOC 3
Qlik has successfully completed a SOC 3 assessment which provides an evaluation on the suitability of the design and operating effectiveness of Qlik's internal controls. SOC 3 is a rigorous examination by an independent accounting firm based on AICPA Trust Services Principles and Criteria for Security, Availability, Processing Integrity, Confidentiality, and Privacy.
TISAX
Qlik has completed the Trust Information Security Assessment Exchange (TISAX) assessment. This standard provides the European automotive industry a consistent, standardized approach to information security systems.
IRAP
Cyber Essentials
Qlik has successfully completed the Cyber Essentials Certification, a UK Government-backed, industry-supported certification introduced in the UK to help organizations demonstrate operational security against common cyber-attacks.
Cyber Essentials Plus
Qlik has successfully completed the Cyber Essentials Plus Certification, a UK Government-backed, industry-supported certification introduced in the UK to help organizations demonstrate operational security against common cyber-attacks.
UK G-Cloud
Qlik Cloud is an authorized supplier for UK G Cloud v14 on the UK Government's Digital Marketplace, also known as G-Cloud.
CASA
Qlik Cloud has achieved Cloud Application Security Assessment (CASA) Tier 3 Certification from the App Defense Alliance, for Qlik Cloud’s integration to Google. The App Defense Alliance is part of the Linux foundation, CASA Tier 3 is a security assessment framework based on OWASPS’s App Security Verification Standard (ASVS) that is mandated by Google Marketplace when cloud applications access sensitive scope data in Google Cloud.
FedRAMP
GovRAMP
TX-RAMP – Level 2
Qlik Cloud Government has achieved TX-RAMP (Texas Risk and Authorization Management Program) Level 2 Authorization supporting confidential agency data determined to be at the moderate or high impact level. The Texas Department of Information Resources (DIR) provides a standardized approach for security assessment, authorization, and continuous monitoring of cloud computing services that process the data of a state agency.
ITAR
DISA
Qlik Cloud Government - DoD has successfully met the standards for Impact Level (IL) 2 set by DISA (The Defense Information Systems Agency) a U.S. Government Organization that has created and maintains security guidelines for computer systems or networks connected to the DoD (Department of Defense).
DISA
Qlik Cloud Government - DoD has successfully met the standards for Impact Level (IL) 4 set by DISA (The Defense Information Systems Agency) a U.S. Government Organization that has created and maintains security guidelines for computer systems or networks connected to the DoD (Department of Defense).
CASA
Qlik Cloud Government has achieved Cloud Application Security Assessment (CASA) Tier 3 Certification from the App Defense Alliance, for Qlik Cloud’s integration to Google. The App Defense Alliance is part of the Linux foundation, CASA Tier 3 is a security assessment framework based on OWASPS’s App Security Verification Standard (ASVS) that is mandated by Google Marketplace when cloud applications access sensitive scope data in Google Cloud.
HIPAA
Talend Cloud has successfully completed a HIPAA Attestation which provides an evaluation of the suitability of the design and operating effectiveness of Qlik’s internal controls relative to the protection of Personal Health Information subject to US HIPA Regulatory requirements.
ISO 27001:2022
Talend Cloud meets the standards of ISO 27001, an information management security specification for information management systems (ISMS). An ISMS is a framework of policies and procedures that includes all legal, physical, and technical controls involved in an organizations information risk management processes.
ISO 27017:2015
Talend Cloud meets the standards of ISO 27017 an information management security specification for information management systems (ISMS) covering cloud security controls for cloud service providers. ISO 27017 is an extension to the ISO 27001 ISMS framework.
ISO 27018:2019
Talend Cloud meets the standards of ISO 27018, an information management security specification for information management systems (ISMS) covering cloud privacy requirements and security controls for cloud service providers. ISO 27018 is an extension to the ISO 27001 ISMS framework.
SOC1
Talend Cloud has successfully completed a SOC 1 Type 2 assessment which provides an evaluation on the suitability of the design and operating effectiveness of Qlik’s internal controls, reporting on an Examination of Controls at a Service Organization Relevant to User Entities’ Internal Control over Financial Reporting.
SOC2
Talend Cloud has successfully completed a SOC 2 Type 2 Attestation which provides an evaluation of the suitability of the design and operating effectiveness of Qlik’s internal controls. SOC2 is an assessment based on the AICPA Trust Services Principles for Security, Availability, Processing, Integrity, Confidentiality and Privacy.
SOC3
Talend Cloud has successfully completed a SOC 3 assessment which provides an evaluation on the suitability of the design and operating effectiveness of Qlik’s internal controls. SOC 3 is an assessment based on the AICPA Trust Services Principles for Security, Availability, Processing, Integrity, Confidentiality and Privacy.
Cyber Essentials
Talend Cloud has successfully completed the Cyber Essentials Certification, a UK Government-backed, industry-supported certification introduced in the UK to help organizations demonstrate operational security against common cyber-attacks.
Cyber Essentials Plus
Talend Cloud has successfully completed the Cyber Essentials Plus Certification, a UK Government-backed, industry-supported certification introduced in the UK to help organizations demonstrate operational security against common cyber-attacks.
UK G-Cloud
Talend Cloud is an authorized supplier for UK G Cloud v14 on the UK Government's Digital Marketplace, also known as G-Cloud.
Qlik security artifacts are available to customers from Qlik Security Trust Center
For information on Talend-specific certifications please visit Talend Trust and Security.
Check operational uptimes across all of our global regions
Privacy
Data is one of your business’s most critical assets, which is why we treat it with the utmost care. Through security- and privacy-by-design development processes, Qlik ensures our solutions align with the latest data protection and privacy laws around the world, such as GDPR.
Accessibility
Qlik is committed to making our data and analytics platform available to everyone, with a world-class experience for users of all abilities. Ongoing product updates and new features enable users to consume data and visualizations.
Responsible AI
We believe AI can only be effectively developed and used with confidence within its ethical foundations. Through our Principles for Responsible AI and AI Governance, Qlik aims to help customers mitigate the risk, embrace the complexity, and scale the impact of AI in their organizations.
