Compliance

Clio and compliance protection mechanisms

Clio completes an annual self-assessment of processes, configuration, and control mechanisms to validate our compliance with legislation. Clio subscription plans and offerings include the following protection mechanisms:

• Data encryption in transit and at rest.
• Restricted physical access to production servers.
• Strict logical system access controls.
• Mirrored data center facilities with daily backups to mitigate disaster situations.
• 99.9% uptime Service Level Agreement. Learn more about Clio’s current status and uptime percentages.
• Configurable administrative controls available to the customer, including:
  • Explicit authorization to customer files to read, download, and edit.
  • Monitor access.
  • Reporting trail of account activities on both users and content.
  • Formally defined and tested breach notification policy.
  • Employee training on security policies and controls.
  • Highly restricted employee access to customer data files.

Clio and British Columbia rules for trust accounting

Clio is unable to provide regulatory or legal advice; however, Clio clients in BC use our trust ledger report and QuickBooks to meet BC trust requirements.

Clio and the Law Society of Ontario

Clio is unable to provide regulatory or legal advice; however, law firms using Clio have been audited by the Law Society of Ontario and found to be compliant. Documenting all required paperwork in Clio has been found to be sufficient to meet compliance requirements.

Clio and the Solicitors Account Rules for England and Wales

Clio is unable to provide regulatory or legal advice; however, Clio provides all required information that law firms need to be compliant under the Solicitors Regulation Authority (SRA). While Clio does provide all necessary information, Clio will not automatically generate the following reports required by the SRA:

• Five-week reconciliation.
• Annual accountant’s report.

The option to add multiple accounts, assign funds to each account and client files, and track funds transferred between accounts makes it easy for solicitors to manage their clients’ money and accounts in Clio. With Clio, law firms can create and populate client ledgers, track bills, and retain records for the required six years.

Clio and GDPR

The General Data Protection Regulation (GDPR) is a unified data protection law that came into effect on May 25, 2018 in the EU, replacing the previous European Data Protection Directive.

Clio’s product services and business operations meet GDPR requirements and our clients’ obligation toward data protection for EU residents.

Clio and PIPEDA

The Personal Information Protection and Electronic Documents Act (PIPEDA) is a data protection law in Canada. PIPEDA is essential in ensuring the rights of individuals to control access to their personal information.

Clio’s product services and business operations meet PIPEDA requirements and our clients’ obligation toward data protection for Canadian residents.

Clio and HIPAA 

The Health Insurance Portability and Accountability Act (HIPAA) is a federal United States law that sets standards for the protection of individuals’ medical records and other personal health information.

While there is no official HIPAA certification, Clio completes an annual self-assessment of our processes, configuration, and control mechanisms to validate our compliance with legislation. Additionally, Clio has successfully completed an internal HIPAA attestation examination. This means that we store and process data in a manner that is consistent with HIPAA standards and can help our customers fulfill their Protected Health Information (PHI) obligations.

If your law firm is required to be HIPAA compliant, we can enter into a Business Associate Agreement (BAA) with your organization to help you better support your clients while protecting any ePHI data you may have. Contact Clio's support team or your account manager for more information.