U of I Box, Family Educational Rights and Privacy Act information
How do I know Box is FERPA compliant?
The major factors why Box is considered FERPA compliant:
- Auditing — Comprehensive audit trails for account actions, document lifecycles, sharing activity and more
- Data encrypted at rest — 256 bit AES encryption of stored data
- Encryption key policy — Encryption keys are securely stored in separate locations and frequently rotated
- Security Certifications — including SSAE 16 Type II, Safe Harbor, SAS 70 type II
- TLS (SSL) required — Yes, 256 bit SSL v3 required for all file access
- Safe backups
Please note the previous items apply to data stored on Box servers.
Data stored on client systems should be secured as stated in https://cybersecurity.uillinois.edu/standards
This includes data made available for offline access by Box Sync or other applications.