Have more questions? Submit a request

Clio and compliance protection mechanisms

Clio completes an annual self-assessment of processes, configuration, and control mechanisms to validate our compliance with legislation. Clio subscription plans and offerings include the following protection mechanisms:

  • Data encryption in transit and at rest.
  • Restricted physical access to production servers.
  • Data backups performed multiple times per day.
  • Strict logical system access controls.
  • Mirrored data center facilities with daily backups to mitigate disaster situations.
  • 99.9% uptime Service Level Agreement. Learn more about Clio’s current status and uptime percentages.
  • Configurable administrative controls available to the customer, including:
    • Explicit authorization to customer files to read, download, and edit.
    • Monitor access.
    • Reporting trail of account activities on both users and content.
    • Formally defined and tested breach notification policy.
    • Employee training on security policies and controls.
    • Highly restricted employee access to customer data files.


Clio and reporting security bugs or vulnerabilities

If you are aware of a valid security bug and/or security vulnerability on any Clio application (the mobile app, web app, and any add-ons), you can inform Clio's security team by completing Clio's responsible disclosure submission form here. Valid security vulnerabilities in any Clio application may be eligible for a reward. This includes novel discoveries, gaining additional illicit access, and OWASP Top Ten findings. Clio's security team will follow up with next steps within two business days of receiving the report. 

Note: Reports that are not disclosed responsibly are not eligible for any reward.


Need more help?

Was this article helpful?
0 out of 0 found this helpful