U of I Box, Family Educational Rights and Privacy Act information

How do I know Box is FERPA compliant?
The major factors why Box is considered FERPA compliant:
  • Auditing — Comprehensive audit trails for account actions, document lifecycles, sharing activity and more
  • Data encrypted at rest — 256 bit AES encryption of stored data
  • Encryption key policy — Encryption keys are securely stored in separate locations and frequently rotated
  • Security Certifications — including SSAE 16 Type II, Safe Harbor, SAS 70 type II
  • TLS (SSL) required — Yes, 256 bit SSL v3 required for all file access
  • Safe backups
Please note the previous items apply to data stored on Box servers. 

Data stored on client systems should be secured as stated in https://cybersecurity.uillinois.edu/standards
This includes data made available for offline access by Box Sync or other applications.


KeywordsUofI Box FERPA compliance encryption sync   Doc ID48082
OwnerBox O.GroupUniversity of Illinois Technology Services
Created2015-03-03 14:23:08Updated2021-08-24 11:22:55
SitesUniversity of Illinois Technology Services
Feedback  1   0