Skip to main content Skip to complementary content

Qlik Cloud security, compliance, and privacy

Qlik adheres to a variety of international compliance and privacy standards. For a complete list, see Trust and security at Qlik.

Qlik Cloud Government compliance certifications

Qlik Cloud Government has been purpose built for the U.S. Public Sector and designed to meet the security and compliance standards of the Federal Risk and Authorization Management Program (FedRAMP). FedRAMP provides .a standardized approach to security authorizations for Cloud Service Offerings, accelerating cloud adoption across the U.S. Public Sector.

  • FedRAMP Status: Qlik Cloud Government has achieved FedRAMP's authorized designation at the Moderate Impact Level (IL). It is listed in the Marketplace under Authorized products.
    For more information see the FedRAMP Marketplace.

  • Department of Defense Status: Qlik Cloud Government has achieved the Department of Defense (DoD) IL 2.
    For more information, see the DoD Cloud Security Portal.

  • StateRAMP StatusQlik Cloud Government has achieved the State Risk and Authorization Management Program (StateRAMP) Moderate Authorized status. StateRAMP simplifies security for U.S. State, Local, and Higher Education organizations by providing a standardized approach to security authorizations for Cloud Service Providers.
    For more information, see StateRAMP.

  • TX-RAMP Status: Qlik Cloud Government has achieved Texas Risk and Authorization Management Program (TX-RAMP) Level 2 Authorization supporting confidential agency data determined to be at the moderate or high impact level. The Texas Department of Information Resources (DIR) provides a standardized approach for security assessment, authorization, and continuous monitoring of cloud computing services that process the data of a state agency.
    For more information, see TX-RAMP.

  • ITAR Status: Qlik Cloud Government is compliant with the United States International Traffic in Arms Regulations(ITAR) for the handling of software and technical data controlled on the United States Munitions List (USML). Qlik Cloud Government provides an environment that is physically located in the U.S. and access to the environment is restricted to U.S. Persons thereby allowing qualified companies to use Qlik Cloud Government to transmit, process, and store protected articles and data subject to ITAR restrictions.
    For more information, see Directorate of Defense Trade Controls.

  • ISO 27017: Qlik Cloud Government meets the standards of ISO 27017, an information management security specification for information management systems (ISMS) covering cloud security controls for cloud service providers. ISO 27017 is an extension to the ISO 27001 ISMS framework.
    For more information, see the ISO 27017.

  • ISO 27018: Qlik Cloud Government meets the standards of ISO 27018, an information management security specification for information management systems (ISMS) covering cloud privacy requirements and security controls for cloud service providers. ISO 27018 is an extension to the ISO 27001 ISMS framework.
    For more information, see the ISO 27018.

  • IRAP: Qlik Cloud Government has been assessed by an independent Information Security Registered Assessors Program (IRAP) assessor against the Australian Government Information Security Manual (ISM) Controls produced by the Australian Signals Directorate (ASD). The assessment examined the security controls of Qlik Cloud and provides assurance that Qlik has met the controls required by the ASD.
    For more information, see the IRAP.

Qlik Cloud and HIPAA

The US Health Insurance Portability and Accountability Act of 1996 (HIPAA) is a set of national standards to protect sensitive patient health information from being disclosed without the patient’s consent or knowledge. Qlik has successfully completed a SOC2 Type 2 + HITRUST attestation. The attestation evaluates the suitability of the design and operating effectiveness of Qlik’s internal controls related to the protection of Personal Health Information (PHI) and US HIPAA regulatory requirements. By using Customer Managed Keys along with features and tools in Qlik Cloud, customers can host PHI as defined in HIPAA. Customers must also enter into a HIPAA Business Associate Agreement (BAA) with Qlik.

For more information, see Healthcare analytics

Information noteQlik Sense Business does not support the use of Customer Managed Keys.
Information noteQlik Cloud Government and Qlik Sense Business are not covered by the HIPAA attestation.

For more information, see:

Did this page help you?

If you find any issues with this page or its content – a typo, a missing step, or a technical error – let us know how we can improve!