Clio and compliance protection mechanisms
Clio completes an annual self-assessment of processes, configuration, and control mechanisms to validate our compliance with legislation. Clio subscription plans and offerings include the following protection mechanisms:
- Data encryption in transit and at rest.
- Restricted physical access to production servers.
- Data backups performed multiple times per day.
Note: Despite the security protection mechanisms in place, Clio recommends that you retain a local backup of your data.
- Strict logical system access controls.
- Mirrored data center facilities with daily backups to mitigate disaster situations.
- 99.9% uptime Service Level Agreement. Learn more about Clio’s current status and uptime percentages.
Configurable administrative controls available to the customer, including:
- Explicit authorization to customer files to read, download, and edit.
- Monitor access.
- Reporting trail of account activities on both users and content.
- Formally defined and tested breach notification policy.
- Employee training on security policies and controls.
- Highly restricted employee access to customer data files.
Clio and the Solicitors Account Rules for England and Wales
Clio is unable to provide regulatory or legal advice; however, Clio provides all required information that law firms need to be compliant under the Solicitors Regulation Authority (SRA). While Clio does provide all necessary information, Clio will not automatically generate the following reports required by the SRA:
- Five-week reconciliation.
- Annual accountant’s report.
The option to add multiple accounts, assign funds to each account and client files, and track funds transferred between accounts makes it easy for solicitors to manage their clients’ money and accounts in Clio. With Clio, law firms can create and populate client ledgers, track bills, and retain records for the required six years.
Clio and GDPR
The General Data Protection Regulation (GDPR) is a unified data protection law that came into effect on May 25, 2018 in the EU, replacing the previous European Data Protection Directive.
Clio’s product services and business operations meet GDPR requirements and our clients’ obligation toward data protection for EU residents.
Clio and reporting security bugs or vulnerabilities
If you are aware of a valid security bug and/or security vulnerability on any Clio application (the mobile app, web app, and any add-ons), you can inform Clio's security team by completing Clio's responsible disclosure submission form here. Valid security vulnerabilities in any Clio application may be eligible for a reward. This includes novel discoveries, gaining additional illicit access, and OWASP Top Ten findings. Clio's security team will follow up with next steps within two business days of receiving the report.
Note: Reports that are not disclosed responsibly are not eligible for any reward.