How Clio Complies with Standards and Regulations

At Clio, we know that you want to feel secure in the product you are using, and we want you to be confident in our ability to provide great service and value.

SOC 2 / SSAE 16 / ISAE 3402 (previously SAS 70)

SOC 2 audits are a means of reporting on the system of internal controls employed by a service provider. Traditionally, this was with regards to internal controls of financial information, but more recently is used to report on other industries in addition to accounting.

Our data center is SOC 2 / SSAE 16 certified, which ensures that these internal controls are in place and effective. Should to like to review the SOC 2 report, please contact your account executive at sales.team@clio.com. Please note that an NDA is required.

HIPAA

While Clio employs many of the standards outlined by HIPAA, we do not sign Business Associate Agreements (BAA) with our customers at this time. If you require a BAA to be signed, you can pair Clio with one of our document integration partners so that you are HIPAA compliant. Either Box or Dropbox can sign the necessary BAA.

How does Clio support HIPAA compliance within its product and platform?

Clio employs administrative, technical, and physical safeguards that protect medical personally identifiable information (PII) when paired with either of the document partners listed above. In addition to a BAA from our partners, HIPAA-covered entities can rely on Clio to provide:

  • Data encryption in transit
  • Restricted physical access to production servers
  • Strict logical system access controls
  • Configurable administrative controls available to the customer to:
    • Grant explicit authorization to customer files to read, download, and edit
    • Monitor access
    • Reporting trail of account activities on both users and content
  • Formally defined and tested breach notification policy in the data center
  • Training of employees on security policies and controls
  • Highly restricted employee access to customer data files
  • Mirrored data center facilities with daily backups to mitigate disaster situations
  • 99.9% uptime SLA
  • SSAE 16 SOC 2 Report available by request and an NDA is required.