Clio and compliance protection mechanisms
Clio completes an annual self-assessment of processes, configuration, and control mechanisms to validate our compliance with legislation. Clio subscription plans and offerings include the following protection mechanisms:
- Data encryption in transit and at rest.
- Restricted physical access to production servers.
- Strict logical system access controls.
- Mirrored data center facilities with daily backups to mitigate disaster situations.
- 99.9% uptime Service Level Agreement. Learn more about Clio’s current status and uptime percentages.
- Configurable administrative controls available to the customer, including:
- Explicit authorization to customer files to read, download, and edit.
- Monitor access.
- Reporting trail of account activities on both users and content.
- Formally defined and tested breach notification policy.
- Employee training on security policies and controls.
- Highly restricted employee access to customer data files.
Clio and British Columbia rules for trust accounting
Clio is unable to provide regulatory or legal advice; however, Clio clients in BC use our trust ledger report and QuickBooks to meet BC trust requirements.
Clio and the Law Society of Ontario
Clio is unable to provide regulatory or legal advice; however, law firms using Clio have been audited by the Law Society of Ontario and found to be compliant. Documenting all required paperwork in Clio has been found to be sufficient to meet compliance requirements.
Learn more about the Law Society of Ontario’s trust accounting rules.
Clio and the Solicitors Account Rules for England and Wales
Clio is unable to provide regulatory or legal advice; however, Clio provides all required information that law firms need to be compliant under the Solicitors Regulation Authority (SRA). While Clio does provide all necessary information, Clio will not automatically generate the following reports required by the SRA:
- Five-week reconciliation.
- Annual accountant’s report.
The option to add multiple accounts, assign funds to each account and client files, and track funds transferred between accounts makes it easy for solicitors to manage their clients’ money and accounts in Clio. With Clio, law firms can create and populate client ledgers, track bills, and retain records for the required six years.
Learn more about the SRA and the SRA Accounts Rules.
Clio and GDPR
The General Data Protection Regulation (GDPR) is a unified data protection law that came into effect on May 25, 2018 in the EU, replacing the previous European Data Protection Directive.
Clio’s product services and business operations meet GDPR requirements and our clients’ obligation toward data protection for EU residents.
Learn more about Clio and GDPR, the GDPR and the UK, and GDPR and the EU.
Clio and PIPEDA
The Personal Information Protection and Electronic Documents Act (PIPEDA) is a data protection law in Canada. PIPEDA is essential in ensuring the rights of individuals to control access to their personal information.
Clio’s product services and business operations meet PIPEDA requirements and our clients’ obligation toward data protection for Canadian residents.
Learn more about PIPEDA.
Clio and HIPAA
The Health Insurance Portability and Accountability Act (HIPAA) is a federal United States law that sets standards for the protection of individuals’ medical records and other personal health information.
While there is no official HIPAA certification, Clio completes an annual self-assessment of our processes, configuration, and control mechanisms to validate our compliance with legislation. Additionally, Clio has successfully completed an internal HIPAA attestation examination. This means that we store and process data in a manner that is consistent with HIPAA standards and can help our customers fulfill their Protected Health Information (PHI) obligations.
If your law firm is required to be HIPAA compliant, we can enter into a Business Associate Agreement (BAA) with your organization to help you better support your clients while protecting any ePHI data you may have. Contact Clio's support team or your account manager for more information.
Note: Clio's HIPAA add-on is only available for accounts hosted in the United States. Additionally, if an account has been identified to contain PHI, each user on the account is required to have a HIPAA add-on for the BAA to be applicable.
Important: You cannot redline or edit the Clio BAA. The Clio BAA complies with all mandatory language and is taken directly from HIPAA regulations. Any additional terms and conditions would be unrelated to HIPAA and above what is required to comply with the Standards for Privacy for Individually Identifiable Health Information found at 45 CFR Part 160 and Part 164, Subparts A and E (collectively, the “Privacy Rule”). Therefore, Clio will not accept any edits to the BAA.