Compliance

Clio and compliance protection mechanisms

Clio completes an annual self-assessment of processes, configuration, and control mechanisms to validate our compliance with legislation. Clio subscription plans and offerings include the following protection mechanisms:

• Data encryption in transit and at rest.
• Restricted physical access to production servers.
• Data backups performed multiple times per day.
• Strict logical system access controls.
• Mirrored data center facilities with daily backups to mitigate disaster situations.
• 99.9% uptime Service Level Agreement. Learn more about Clio’s current status and uptime percentages.
• Configurable administrative controls available to the customer, including:
  • Explicit authorization to customer files to read, download, and edit.
  • Monitor access.
  • Reporting trail of account activities on both users and content.
  • Formally defined and tested breach notification policy.
  • Employee training on security policies and controls.
  • Highly restricted employee access to customer data files.

Clio and reporting security bugs or vulnerabilities

If you are aware of a valid security bug and/or security vulnerability on any Clio application (the mobile app, web app, and any add-ons), you can inform Clio's security team by completing Clio's responsible disclosure submission form here. Valid security vulnerabilities in any Clio application may be eligible for a reward. This includes novel discoveries, gaining additional illicit access, and OWASP Top Ten findings. Clio's security team will follow up with next steps within two business days of receiving the report.