Topics Map > Communication and Collaboration > U of I Box

U of I Box, Family Educational Rights and Privacy Act information

How do I know Box is FERPA compliant?
The major factors why Box is considered FERPA compliant:
  • Auditing — Comprehensive audit trails for account actions, document lifecycles, sharing activity and more
  • Data encrypted at rest — 256 bit AES encryption of stored data
  • Encryption key policy — Encryption keys are securely stored in separate locations and frequently rotated
  • Security Certifications — including SSAE 16 Type II, Safe Harbor, SAS 70 type II
  • TLS (SSL) required — Yes, 256 bit SSL v3 required for all file access
  • Safe backups
Please note the previous items apply to data stored on Box servers. 

Data stored on client systems should be secured as stated in https://cybersecurity.uillinois.edu/standards
This includes data made available for offline access by Box Sync or other applications.


Keywords:
UofI Box FERPA compliance encryption sync 
Doc ID:
48082
Owned by:
Box O. in University of Illinois Technology Services
Created:
2015-03-03
Updated:
2021-08-24
Sites:
University of Illinois Technology Services