San Diego’s got 2020 vision. Get your pass to the Clio Cloud Conference, October 15-16, 2020, at Year End prices!

How Clio Complies with Standards and Regulations

At Clio, we know that you want to feel secure in the product you are using, and we want you to be confident in our ability to provide great service and value.

SOC 2 / SSAE 16 / ISAE 3402 (previously SAS 70)

SOC 2 audits are a means of reporting on the system of internal controls employed by a service provider. Traditionally, this was with regards to internal controls of financial information, but more recently is used to report on other industries in addition to accounting.

Our data center is SOC 2 / SSAE 16 certified, which ensures that these internal controls are in place and effective. Should you like to review the SOC 2 report, please contact our support team at and we will direct your request to the appropriate person. Please note that an NDA is required.


While Clio employs many of the standards outlined by HIPAA, we do not sign Business Associate Agreements (BAA) with our customers at this time. If you require a BAA to be signed, you can pair Clio with one of our document integration partners so that you are HIPAA compliant. Either BoxDropbox, or NetDocuments can sign the necessary BAA.

How does Clio support HIPAA compliance within its product and platform?

Clio employs administrative, technical, and physical safeguards that protect medical personally identifiable information (PII) when paired with either of the document partners listed above. In addition to a BAA from our partners, HIPAA-covered entities can rely on Clio to provide:

  • Data encryption in transit
  • Restricted physical access to production servers
  • Strict logical system access controls
  • Configurable administrative controls available to the customer to:
    • Grant explicit authorization to customer files to read, download, and edit
    • Monitor access
    • Reporting trail of account activities on both users and content
  • Formally defined and tested breach notification policy in the data center
  • Training of employees on security policies and controls
  • Highly restricted employee access to customer data files
  • Mirrored data center facilities with daily backups to mitigate disaster situations
  • 99.9% uptime SLA
  • SSAE 16 SOC 2 Report available by request and an NDA is required.
Was this article helpful?
This information is confusing or wrong
This isn't the information that I was looking for
I don't like this functionality