UC IT Sourcing Committee (ITSC)
Box deployment guidance
Service description
Box is a cloud-hosted file storage service that supports file sharing and collaboration, through a set of synced editing, commenting, and task assignment functions, along with delegated file and folder security. Box.com is available to UC via Internet2’s Net+ services.
Important Notes
- Pricing for the services is tiered based on the location population.
- There is a HIPAA BAA available for Box.com.
Sensitive data guidance
| Green: | Permitted |
| Yellow: | Consult |
| Red: | Not permitted |
| Data Type | Data Use Guidance | Comments |
|---|---|---|
| Credit Card (PCI-DSS) | Not permitted | No PCI agreement. |
| Export Control | Consult | Consult with data proprietor UC location office of research. |
| Electronic Protected Health Information (ePHI) subject to HIPAA | Consult | HIPAA BAA available, consult with data proprietor and appropriate UC location (e.g. privacy official, information security, compliance officer). |
| Human Subject Research | Consult | Consult with data proprietor and UC location office of research. |
| Intellectual Property | Consult | Consult with data proprietor and appropriate UC location authority (e.g. tech transfer, office of research, campus counsel). |
| IT Security Information (e.g. administrative passwords, network diagrams) |
Permitted | When appropriately configured. |
| Other Sensitive Institutional Info (e.g. Fundraising, Attorney/Client Privileges) |
Consult | Consult with data proprietor and appropriate UC location authority (e.g. privacy official, development office, campus counsel, information security officer). |
| Personally Identifiable Information (PII) Tied to state notification breach laws, Login credentials, SSN, Drivers license |
Consult | Consult with appropriate UC location authority (e.g. privacy official, risk officer, campus counsel, information security officer). |
| Public Information | Permitted | |
| Research Data AnimalGeneral (non-Humanoid Subject Research) |
Consult | Consult with data proprietor and UC location office of research. |
| Student Education Records (FERPA) | Permitted | Consult with data proprietor and UC location authority. |
UC location responsibilities
- Individual users are on a named user basis. Accounts cannot be shared.
- Accounts can be reassigned.
- Box allows integration of third party marketplace applications. The contracts for these apps are NOT covered by the Box agreement, and must be considered separately. Third-party apps may incur additional costs, have different data security controls, and additional risks and liabilities. Carefully decide what 3rd party apps to allow or disable.
- Campus is responsible for integrating Box into directory environment (LDAP/SSO/Shibboleth).
- Box will provide customer success team for implementation process.
- Box is built with secure data storage as a basic protocol, but due to the nature of sharing, it is up to each location and each user to implement appropriate security controls and to comply with applicable University policies, notably policies relating to the protection of University data and the UC Electronic Communications Policy.
Vendor responsibilities
- Available 24/7.
- Data will not be stored outside the US.
- Box may only access your data to provide service and support.
- HIPAA BAA is in place.
- Provide online sites for user support and training documentation.
- Vendor provides Box help center support resources online.
- Service status may be viewed at: http://status.box.com/.
Procurement Services contacts
View a list of contacts for each campus.
Costs
- Pricing is location-wide, tiered based on location population. It is based on Internet2’s pricing structure.
- The costs are payable annually in advance.
- Educational pricing is pre-negotiated as part of the agreement.
Link to contract
You can view a copy of the agreements in the Contracts Database. Please contact your local procurement department for login credentials.
UC location links and contacts for this service
Visit the website or contact the individuals below for more information about this service at your location.
| Location | Contact | Guidance |
|---|---|---|
| UC Davis | ||
| UC Riverside | ||
| UC Merced | procurement@ucmerced.edu | |
| UC Berkeley | http://box.berkeley.edu | |
| UC Santa Cruz | ||
| UC Santa Barbara | ||
| UCLA | ||
| UC San Diego | servicedesk@ucsd.edu | |
| UC Irvine | Isaac Straley | |
| UC San Francisco | ||
| Lawrence Berkeley National Labs | Stephen Lau | |
| Division of Ag & Natural Resources | Gabriel Youtsey |
What is Box?
Box is a cloud-hosted file storage service that supports file sharing and collaboration, through a set of synced editing, commenting, and task assignment functions, along with delegated file and folder security.