Have more questions? Submit a request

Clio and compliance protection mechanisms

Every year, Clio conducts a self-assessment to ensure that our processes, configurations, and control mechanisms comply with relevant legislation. As a Clio subscriber, your plans and offerings come with various protection mechanisms in place that ensure the security and integrity of your data, including the following:

  • Data encryption in transit and at rest: Your data is secured both when it is being transmitted between devices or networks (in transit) and when it is stored on storage systems or servers (at rest). Encryption scrambles the data into an unreadable format, making it inaccessible to unauthorized users. This ensures that sensitive information remains protected from interception and unauthorized access, whether it is being transferred over networks or stored on servers or devices.
  • Restricted access to production environment: This security measure ensures that only authorized personnel can access production data, reducing the risk of unauthorized access to the infrastructure. 
  • Data backups performed multiple times per day: Data backups are conducted several times throughout the day, ensuring frequent and comprehensive protection of your information.
    Note: Despite the security protection mechanisms in place, we recommend that you retain a local backup of your data.
  • Strict logical system access controls: Clio has stringent measures and protocols implemented to regulate and manage access to computer systems and networks. These controls are designed to ensure that only authorized individuals can access data or resources within the system.
  • Mirrored data center facilities with daily backups to mitigate disaster situations: Mirrored data center facilities with daily backups offer extra protection against disasters. Data is copied to multiple centers and backed up daily, so even if one center fails, your information stays safe and operations can continue smoothly.
  • 99.9% uptime Service Level Agreement. Take a look at Clio’s current status and uptime percentages here.


Clio’s products have configurable administrative controls available to our customers, including:

  • Explicit authorization to read, download, and edit customer files.
  • Monitor and track access to customer files.
  • Reporting trail of account activities on both users and content.
  • Formally defined and tested breach notification policy.
  • Employee training on security policies and controls.
  • Highly restricted employee access to customer data files.


Clio and the Solicitors Account Rules for England and Wales

Clio is unable to provide regulatory or legal advice; however, Clio provides all required information that law firms need to be compliant under the Solicitors Regulation Authority (SRA). While Clio does provide all necessary information, Clio will not automatically generate the following reports required by the SRA:

  • Five-week reconciliation.
  • Annual accountant’s report.

The option to add multiple accounts, assign funds to each account and client files, and track funds transferred between accounts makes it easy for solicitors to manage their clients’ money and accounts in Clio. With Clio, law firms can create and populate client ledgers, track bills, and retain records for the required six years.

Learn more about the SRA and the SRA Accounts Rules.


Clio and GDPR

The General Data Protection Regulation (GDPR) is a unified data protection law that came into effect on May 25, 2018 in the EU, replacing the previous European Data Protection Directive.

Clio’s product services and business operations meet GDPR requirements and our clients’ obligation toward data protection for EU residents.

Learn more about Clio and GDPR, the GDPR and the UK, and GDPR and the EU.


Clio and reporting security bugs or vulnerabilities

If you are aware of a valid security bug and/or security vulnerability on any Clio application (the mobile app, web app, and any add-ons), you can inform Clio's security team by completing Clio's responsible disclosure submission form here. Valid security vulnerabilities in any Clio application may be eligible for a reward. This includes novel discoveries, gaining additional illicit access, and OWASP Top Ten findings. Clio's security team will follow up with next steps within two business days of receiving the report. 

Note: Reports that are not disclosed responsibly are not eligible for any reward.


Need more help?

Was this article helpful?
0 out of 0 found this helpful