Compliance

  • ISO 27001
  • ISO 27018
  • SOC-1 & SOC-2 Type II Reports
  • TÜV Rheinland Certified Cloud Service
  • PCI DSS
  • HIPAA and HITECH
  • FINRA/SEC 17a-4
  • G-Cloud Framework
  • FedRAMP
  • IRS 1075
  • Privacy Shield
  • Binding Corporate Rules
  • APEC CBPR
  • C5
  • TCDP

Customer is solely responsible for ensuring it is in compliance with any applicable laws and regulations. Box does not provide legal advice or any representations that Box will ensure Customer is in compliance with applicable laws or regulations. Customer acknowledges that purchasing any services or products from Box does not ensure or provide an attestation that Customer is in compliance with specific compliance, legal, or regulatory requirements.

 

Box Zones
Box Zones is designed for organizations with certain local data residency, protection, and privacy concerns. It enables organizations in Europe, Asia, Australia, and Canada as well as multinational firms to benefit from cloud content management and collaboration.

The Box Zones offerings complies with and supports a number of compliance standards.

 

PartnersGeneral Security Standards (ISO 27001, etc)Healthcare Compliance (Storage of ePHI)Retail/Financial Institution Compliance (Storage of PCI data)US Federal Compliance (FedRAMP)
AWSXXXO
IBMXIn ProgressXO
MicrosoftXXXO

 

Legend
X = Compliant
O = Not Compliant

 

If you have additional questions around Box’s compliance efforts, please contact us at sales@box.com for further information.