Your Privacy is Paramount
Box takes every precaution to make sure your confidential information stays that way.
- HIPAA Compliance Box provides the administrative, technical and physical safeguards to support your organisation’s compliance with HIPAA.
- Certified for EU and Swiss Safe Harbor frameworks for the collection and use of personal data from European member countries.
Comprehensive Reporting, Logging and Audit Trails
Track account activity, file access, settings changes and nearly everything else that occurs in Box.
- Full Transparency See user activity with reports on over 50 different events across seven different categories.
- Reporting and Audit Trails Create detailed reports or integrate events into SIEM applications like HP ArcSight, Splunk and SumoLogic.
- Follow Users and Activity Track usernames, email and IP addresses. See timestamps for every action through the Box Admin Console and the reporting API.
Control Access, Authentication
Easily configure permissions for your organisation to ensure that the right people have the right level of access to company information.
- Strong Authentication Customise password strength requirements, resets, failed logins, session duration, two-factor authentication and single sign-on integration.
- Granular Authorisation With seven levels of permission for access, preview, editing and sharing, you can ensure individual users and groups can only see what they need to.
- Flexible Access Controls Password-protect confidential presentations and financial documents. Set automatic expiry dates for sensitive files.
- Enterprise Mobility Management Partnerships Box works with leading EMM providers to offer additional security, configuration and device management.
Data Protection: Encryption
and Security Policies
Box protects the confidentiality and integrity of your files in transit and at rest.
- Layered Encryption Encryption in transfer with high-grade TLS and multi-layered encryption at rest with 256-bit AES. Encryption keys are securely stored in separate locations.
- Enterprise Key Management (EKM) Box provides the option of customer-managed encryption keys protected in a Hardware Security Module (HSM) with an unchangeable audit log of key usage. Box EKM
- Data Integrity Version, deletion and expiry controls protect the integrity of your content.
- Content Security Policies Prevent data loss with alerts of unusual download activity, shared files with sensitive information and uploads with prohibited data.
Data Centre Security and Availability
Box uses multiple data centres with several providers to build redundancy into Box services. All data centres employ a variety of secure mechanisms, including strict access policies plus secure vaults and cages.
- Secure Locations Our data centres use biometric entry authentication, closed-circuit video monitoring and 24/7 armed guards.
- System Redundancy N+1 or greater redundancy for all network components and system components.
- Threat Protection and Prevention Uninterruptible power and backup systems as well as fire/flood detection and prevention are used at storage sites.