Compliance

  • ISO 27001
  • ISO 27018
  • SOC-1 & SOC-2 Type II Reports
  • TÜV Rheinland Certified Cloud Service
  • PCI DSS
  • HIPAA and HITECH
  • FINRA/SEC 17a-4
  • G-Cloud Framework
  • FedRAMP
  • IRS 1075
  • Privacy Shield
  • Binding Corporate Rules
  • APEC CBPR
  • C5
  • TCDP

Customer is solely responsible for ensuring it is in compliance with any applicable laws and regulations. Box does not provide legal advice or any representations that Box will ensure Customer is in compliance with applicable laws or regulations. Customer acknowledges that purchasing any services or products from Box does not ensure or provide an attestation that Customer is in compliance with specific compliance, legal, or regulatory requirements.

Box Zones*
Box Zones is designed for organizations with certain local data residency, protection, and privacy concerns. It enables organizations in Europe, Asia, Australia, and Canada, as well as multinational firms to benefit from cloud content management and collaboration.

The Box Zones offerings complies with and supports a number of compliance standards.

Non-US PartnersISO 27001HIPAAPCI DSSFedRAMP
(Moderate)
AWSCompliantCompliantCompliantNot Compliant
IBMCompliantIn ProgressCompliantNot Compliant
MicrosoftCompliantCompliantCompliantNot Compliant
US PartnersISO 27001HIPPAPCI DSSFedRAMP
(Moderate)
AWSCompliantCompliantCompliantCompliant
GoogleCompliantCompliantCompliantNot Compliant
MicrosoftCompliantCompliantCompliantNot Compliant

*Please note that this listing was last updated on May 16, 2018. For current information regarding certifications of the Box Zones Service Providers, please consult each Service Provider's website.

If you have additional questions around Box’s compliance efforts, please contact us at sales@box.com for further information.