Box Trust Center

A longstanding commitment to security and compliance

Putting our customers and their content first

At Box, security and compliance are part of our DNA. We're honored that more than 100,000 organizations use the Content Cloud to protect their most valuable and highly sensitive data. We're dedicated to earning and keeping our customers' trust — every day.

Reliability

Click here to see the status of Box applications and current information on incidents.

How we approach security and compliance

Cloud computing controls compliance
Cloud Computing Controls Compliance Catalogue (C5)

Provided under NDA — please contact your account team

FINRA Report (2020)
FINRA Report

Provided under NDA — please contact your account team

HIPAA assessment letter
HIPAA Assessment Letter

Provided under NDA — please contact your account team

ITAR datasheet
ITAR datasheet

Provided under NDA — please contact your account team

PCI DSS
Payment Card Industry Data Security Standard (PCI DSS)

Provided under NDA — please contact your account team

SIG Lite
SIG Lite

Provided under NDA — please contact your account team

SOC 1 Type II
SOC 1 & 2 - Type II

Provided under NDA — please contact your account team

FAQ

Find answers to frequently asked questions on security, reliability, compliance, and privacy.

Security

Do you encrypt data in motion and at rest?
What is your approach to security incidents? When and how are customers notified in the event of a confirmed incident involving their data?
What procedures does Box have in place to restrict unauthorized access to Box services and IT environment?
What vulnerability scans does Box perform and how often? When are findings identified from the scans remediated?
What penetration testing does Box perform and how often?
What physical security measures are in place to restrict unauthorized access to Box's server rooms and data centers?
What is your process for reviewing key vendors for security risk?

Compliance

What security certifications does Box have and maintain?
How does Box ensure that its personnel obtain the appropriate level of knowledge regarding compliance, security, and privacy best practices?
What business continuity procedures does Box have in place to ensure the availability of its products and services and the safety and well-being of its employees?
What is your strategy to ensure core operations will continue during an adverse event?

Reliability

How does Box notify and communicate with customers in case of unplanned outages?

Privacy

How does Box safeguard my personal data?
Does Box comply with General Data Protection Regulation?
What steps has Box taken to protect personal information following the Court of Justice of the European Union (CJEU) July 2020 decision to invalidate the adequacy of Privacy Shield in the "Schrems II" case?
Does Box use subprocessors?