Trust and Security at Qlik

Qlik has successfully achieved the Federal Risk and Authorization Management Program’s (FedRAMP) Authority to Operate (ATO) at the FedRAMP Moderate Impact Level (IL) and Department of Defense IL2, providing security and compliance for the US Public Sector.

FedRAMP Marketplace

Qlik has successfully completed a SOC 2 Type 2 + HITRUST CSF Attestation which provides an evaluation on the suitability of the design and operating effectiveness of Qlik's internal controls relative to the protection of Personal Health Information subject to US HIPAA Regulatory requirements.

Qlik meets the standards of ISO 27001, an information management security specification for information management systems (ISMS). An ISMS is a framework of policies and procedures that includes all legal, physical and technical controls involved in an organization's information risk management processes.

Qlik has successfully completed a SOC 1 Type 2 assessment which provides an evaluation on the suitability of the design and operating effectiveness of Qlik's internal controls, reporting on an Examination of Controls at a Service Organization Relevant to User Entities’ Internal Control Over Financial Reporting.

Qlik has successfully completed a SOC 2 Type 2 + HITRUST CSF Attestation which provides an evaluation on the suitability of the design and operating effectiveness of Qlik's internal controls. SOC2 is an assessment based on the AICPA Trust Services Principles for Security, Availability, Processing Integrity, Confidentiality, and Privacy. The HITRUST CSF is a widely adopted security and privacy framework across multiple industries. Qlik's compliance and alignment to the applicable SOC2 trust principles and HITRUST CSF criteria is tested via a rigorous examination by an independent accounting firm.

Qlik has successfully completed a SOC 3 assessment which provides an evaluation on the suitability of the design and operating effectiveness of Qlik's internal controls. SOC 3 is a rigorous examination by an independent Accounting firm based on AICPA Trust Services Principles and Criteria for Security, Availability, Processing Integrity, Confidentiality, and Privacy.

Qlik has completed the Trust Information Security Assessment Exchange (TISAX) assessment. This standard provides the European automotive industry a consistent, standardized approach to information security systems.

Qlik Cloud Government has successfully achieved StateRAMP (State Risk and Authorization Management Program) Moderate Authorized status. StateRAMP simplifies security for U.S. State, Local, and Higher Education organizations by providing a standardized approach to security authorizations for Cloud Service Providers.

Qlik Cloud Government has achieved TX-RAMP (Texas Risk and Authorization Management Program) Level 2 Authorization supporting confidential agency data determined to be at the moderate or high impact level. The Texas Department of Information Resources (DIR) provides a standardized approach for security assessment, authorization, and continuous monitoring of cloud computing services that process the data of a state agency.

Qlik Cloud Government supports compliance with the United States International Traffic in Arms Regulations(ITAR) around the handling of software and technical data controlled on the United States Munitions List (USML). Qlik Cloud Government provides an environment that is physically located in the US and access to the environment is restricted to US Persons thereby allowing qualified companies to use Qlik Cloud Government to transmit, process, and store protected articles and data subject to ITAR restrictions.

Qlik Cloud Government has successfully met the standards for Impact Level (IL) 2 set by DISA (The Defense Information Systems Agency) a U.S. Government Organization that has created and maintains security guidelines for computer systems or networks connected to the DoD (Department of Defense).