Box Trust Center
Putting our customers and their content first
A longstanding commitment to security and compliance
At Box, security and compliance are part of our DNA. We're dedicated to earning and keeping our customers' trust — every day. The Box Trust Center connects you to the latest information on how we prioritize security, compliance, data privacy, and reliability for our products.
Our approach to reliability
You've put your trust in Box as a valued service provider and partner. To keep your trust, we’re committed to updating you on what's happening with and within the Box Services, whether it’s planned maintenance or an unexpected service disruption.
Exceed global compliance requirements
The Content Cloud enables advanced privacy and compliance in today’s global, digital-first world. We’re committed to delivering a secure content platform that helps you meet and exceed your regulatory and compliance needs and obligations.
Protecting US government agencies critical information
Digitize your agency services and drive government cloud security while maintaining industry compliance. Within the United States Federal and Department of Defense community, Box has achieved a number of certifications that demonstrate our capabilities and commitment to security.
Values that build trust (and a better world)
Environmental, social, and governance (ESG) priorities are woven into the fabric of our culture at Box. Our ESG website and ESG data sheet outline our commitments to protect our planet, invest in people and communities, and acting with integrity. We expect the same commitment from our suppliers, as set forth in our Supplier Code of Conduct.
How we approach security and compliance
Cloud Computing Controls Compliance Catalogue (C5)
Provided under NDA — please contact your account team
Consensus Answer Initiative Questionnaire (CAIQ)
FedRAMP Moderate Authorization
FINRA Report
Provided under NDA — please contact your account team
GxP Validation
HDS
HECVAT Full
Provided under NDA — please contact your account team
HIPAA Assessment Letter
Provided under NDA — please contact your account team
HIPAA Compliance
ISMAP Certification
ISO 27001, 27017, 27018 and 27701 Certification
ITAR
Provided under NDA — please contact your account team
Payment Card Industry Data Security Standard (PCI DSS)
Provided under NDA — please contact your account team
SIG
Provided under NDA — please contact your account team
SOC 1 & 2 - Type II
Provided under NDA — please contact your account team
StateRAMP
Web Content Accessibility Guidelines (WCAG) 2.0 Level AA
VPAT provided under NDA — please contact your account team
How we prioritize data privacy
CCPA
Find out how to steer clear of risk and keep your reputation intact as you meet obligations for the California Consumer Privacy Act (CCPA).
Cookie notice
GDPR
Read about our GDPR compliance, our Data Processing Addendum (DPA), and our product offerings for data protection obligations.
Privacy notice
See what information is collected, retained, used, disclosed, and transferred by Box and how to exercise your data subject rights.
Schrems II and Brexit
How to report to Box
Explore our resources
Our supplier code of conduct
Learn how we engage with suppliers, and find out about ethical and compliance requirements.
Accessibility Improvements to the Box Web Application
FAQ
Find answers to frequently asked questions on security, reliability, compliance, and privacy.