RemiTech Limited

Box - Cloud Content Management with Implementation

Box is the Cloud Content Management company that empowers organisations to revolutionise how they work by securely connecting their people, information and applications. Founded in 2005, Box powers more than 92,000 organisations globally, including AstraZeneca, General Electric, P&G, The Metropolitan Police and Central Bedfordshire Council.To learn more, please visit www.remitech.com

Features

  • Seamless mobile, web and desktop user interface
  • Cloud / Enterprise Content Management folder structures
  • Facilitate collaboration and seamless file sharing internally and externally
  • Electronic document and records management capabilities, support for 140+ file-types
  • Detailed security controls at the document, folder and enterprise level
  • Data security and compliance certifications in the US and Europe
  • Information governance through retention policies, document classification and legal holds
  • Workflows to power and automate business processes and digital transformation
  • UK-Storage options plus 24/7 support services
  • Key integrations with leading machine learning and artificial intelligence providers

Benefits

  • Modernise legacy processes such as digital evidence management in policing
  • Retire legacy and unsanctioned systems through implementing one content platform
  • Protect and govern sensitive information through document management governance
  • Improve cross-departmental and organisational processes through content collaboration externally
  • Improve research productivity through content access anywhere on any device
  • Easily manage user, file and folder access permissions
  • Effectively search and collaborate on media through digital asset management
  • Public interaction through custom-built apps, leveraging Box's API's, including citizen-portals
  • Retain one-version of truth by integrating with 1,400 3rd-party applications
  • Ability to build custom-branded mobile and web applications

Pricing

£20 per user per month

  • Education pricing available
  • Free trial available

Service documents

Framework

G-Cloud 11

Service ID

4 4 8 0 6 7 6 7 6 7 2 9 7 6 8

Contact

RemiTech Limited

David Remington

+44 20 8144 2589

info@remitech.com

Service scope

Software add-on or extension
No
Cloud deployment model
Public cloud
Service constraints
Box has no technical constraints as long as the user is on a current browser (the two latest versions).
System requirements
A recent browser that supports JavaScript

User support

Email or online ticketing support
Email or online ticketing
Support response times
Standard Support is provided during local business hours Monday-Friday with no SLA.
Support Access Method: web/email/chat
Targets are provided and are as follows:
Level 1 - Urgent - within 4 business hours
Level 2 - High - within 8 business hours
Level 3 -Normal - within 1 business day

Premier and Platinum Support is provided 24 Hours/Day, 365 days/year with the following SLAs:

Level 1 - Urgent - within 1 hour
Level 2 - High - within 2 hours
Level 3 -Normal - within 2 hours
Level 4 - Low - Greater than 2 hours
Support Access Method: web/phone/email
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
WCAG 2.1 A
Phone support
Yes
Phone support availability
24 hours, 7 days a week
Web chat support
Web chat
Web chat support availability
9 to 5 (UK time), Monday to Friday
Web chat support accessibility standard
WCAG 2.1 A
Web chat accessibility testing
For full details on Box Accessibility, please see: https://community.box.com/t5/How-to-Guides-for-Account/Using-A-Box-Com-For-Accessibility/ta-p/2781
Onsite support
Yes, at extra cost
Support levels
RemiTech onsite implementation support: contact for pricing

Box Support:
At Box, we make sure you have the right offering to fit your specific needs. All of our customers - from personal users to our largest enterprise clients - can get the support of a product expert and our self-service Community site.

For customers that have purchased a support offering, your Premier Services Lead will be involved during your implementation to make sure that you’re set up for success. Our dedicated team works closely with our product managers and engineers to quickly solve any problems, should they arise. We’ll ensure your experience is catered especially to you.

For Platinum clients, your Premier Services Specialist stays with you to monitor the health of your Box deployment. Additionally, they will have regular engagements to ensure helpdesk processes are optimized or if you are in need of technical assistance.

Here’s what you can expect for Premier and Platinum Offerings:
1) 24/7 Dedicated phone line and Email/Web Support
2) Guaranteed 1-2 Hour First Response Times
4) Custom Shared Help Desk/Escalation Model
5) Off-Hours On-Call Support
6) Resource and Self-Service training
Support available to third parties
Yes

Onboarding and offboarding

Getting started
RemiTech provides onsite training and support during the implementation phase.

This is complementary to any paid Box Consulting.

From Box:
User guides and manuals are available for customers to learn about the features of the Box Cloud Collaboration Platform (https://community.box.com). For an additional cost, customers may also sign-up for live virtual training sessions with an instructor that provides live demonstrations of Box features as well as a Question and Answer session (http://community.box.com/t5/Training/ct-p/Training).
Service documentation
Yes
Documentation formats
HTML
End-of-contract data extraction
Customers own their content at all times. Customers can download copies of their content stored in the Box Service at any time during their subscription period.
End-of-contract process
Box’s standard termination terms and conditions are included in the Box Service Agreement. Upon written request from Customers, Box can grant Customer's Administrator limited access to the Box Service solely for purposes of Customer's retrieval of the Content for 30 days following the expiration or the termination of the agreement.

Using the service

Web browser interface
Yes
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
Application to install
Yes
Compatible operating systems
  • Android
  • IOS
  • MacOS
  • Windows
  • Other
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
Box allows you to view, edit and collaborate on files directly from your mobile device. Whether you have an iPhone, iPad, Android, Windows or Blackberry device, all files stored in your Box account will automatically be synced to your mobile device, so you’ll always have the most up-to-date content, wherever you go.
Service interface
No
API
Yes
What users can and can't do using the API
Box Platform is a content management and collaboration API that allows you to bring Box's powerful content services to your custom apps. With Box Platform you can build engaging and interactive content experiences in your apps while meeting the security and compliance needs of your business. For more information, please visit: https://developer.box.com/home
API documentation
Yes
API documentation formats
HTML
API sandbox or test environment
No
Customisation available
Yes
Description of customisation
Customers have the ability to set up custom branding, as well as incorporate custom information within their Box Enterprise to ensure the look and feel of your organization's Box account best serve your needs.

Scaling

Independence of resources
Box continuously monitors capacity and availability of the infrastructure to ensure consistent performance.

Analytics

Service usage metrics
Yes
Metrics types
When something changes in a Box user's account, Box logs an event for the user. The event is a description of the object that changed and what caused it to change. The object can be any Box object that the user owns or collaborates on. Box records events in admin reports and uses them to send messages to the Box sync client about account activity.

The Box Enterprise Administrator can retrieve these events through the Box Admin Console Reports or use the Box API to stream these events to a SIEM tool.
Reporting types
  • API access
  • Regular reports

Resellers

Supplier type
Reseller providing extra features and support
Organisation whose services are being resold
Box.com (UK) Ltd., Okta, Inc., DocuSign Inc., Microsoft

Staff security

Staff security clearance
Conforms to BS7858:2012
Government security clearance
Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
  • EU-US Privacy Shield agreement locations
User control over data storage and processing locations
Yes
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least once a year
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
  • Scale, obfuscating techniques, or data storage sharding
  • Other
Other data at rest protection approach
Every file uploaded to Box is encrypted using a unique 256-bit AES data encryption key and a FIPS 140-2 validated level 1 cryptographic module. Box further secures the data encryption keys with a key wrapping encryption strategy, by which the data encryption key for each file is encrypted with a key encryption key, creating a secure encryption token. This second level of encryption also uses 256-bit AES encryption.
Data sanitisation process
Yes
Data sanitisation type
Deleted data can’t be directly accessed
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
Box Customers are able to export their data by downloading their Content through the web application, API, and FTP.
Data export formats
  • CSV
  • Other
Other data export formats
  • Content uploaded to Box will retain the original format
  • Text Based Documents
  • Presentations
  • Images
  • Audio Files
  • Video Files
  • Flash/Mobile Video Files
  • 3D (Graphics and Modeling) Files
  • DICOM Files
Data import formats
  • CSV
  • Other
Other data import formats
  • Content uploaded to Box will retain the original format
  • Text Based Documents
  • Presentations
  • Images
  • Audio Files
  • Video Files
  • Flash/Mobile Video Files
  • 3D (Graphics and Modeling) Files
  • DICOM Images

Data-in-transit protection

Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • Legacy SSL and TLS (under version 1.2)
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Guaranteed availability
For Customers with Standard Support Service, Box will use commercially reasonable efforts to meet an Uptime Percentage of at least 99.9%.
Approach to resilience
Box is a Software as a Service (SaaS) offering and is accessible globally via the internet. Customer files uploaded to Box are stored within Box’s processing facilities in the United States. Box maintains two primary processing facilities in California and one alternate processing facility in Nevada. Box also utilizes Amazon Web Services (AWS) S3 to provide storage of encrypted customer files.

Customers may also choose to implement Box Zones, which allows them to store encrypted-at-rest content with another leading cloud storage provider in Europe or Asia
Outage reporting
Customers are able to monitor Box outages and subscribe to updates through http://status.box.com

Identity and authentication

User authentication needed
Yes
User authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
Access restrictions in management interfaces and support channels
Box Business and above accounts come equipped with a comprehensive Admin Console that gives administrators complete control of their accounts. Admins must login to their Box account before they are able to access the Admin Console. Configuration changes can only be performed once the admin is logged in.

Customers may choose to enable two-factor authentication or use SSO integrations to further secure their account.

In order to submit support cases, users must login to the Box Community site using their Box login credentials. Users submitting support cases via the phone may be required to verify their account.
Access restriction testing frequency
At least every 6 months
Management access authentication
  • 2-factor authentication
  • Dedicated link (for example VPN)

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
Users have access to real-time audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
BSI
ISO/IEC 27001 accreditation date
Effective Date: 10/5/2016; Original Registration Date: 10/05/2013
What the ISO/IEC 27001 doesn’t cover
The Information Security Management System (ISMS) certifications applies to the Box Collaboration Platform and all supporting infrastructure as operated in the locations listed in the Appendix and the Statement of Applicability dated February 20, 2018.
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Other security certifications
Yes
Any other security certifications
  • ISO 27018
  • SOC-1/SSAE-16/ISAE3402 Type II
  • SOC-2 Type II
  • HIPAA/HITECH
  • SEC 17a-4
  • Cloud Computing Compliance Controls Catalogue (C5)
  • Binding Corporate Rules
  • FIPS 140-2
  • APEC CBPR
  • Privacy Shield

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
ISO/IEC 27001
Information security policies and processes
Box's security policies adhere to the requirements of ISO 27001. Box can provide the ISO 27001 certification upon customer request.
Operational security

Operational security

Configuration and change management standard
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach
Box has a formal change management process for application and infrastructure changes. In addition, configuration and release management tools have been implemented. The code repository supports versioning and consistency across eh environment and provides the ability to roll-back changes.

Box also maintains baseline configurations for production servers to facilitate the configuration process.
Vulnerability management type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach
Box undergoes continuous monitoring through independent assessments and internal audits. Box utilizes third-parties to perform penetration testing at least annually to assess the vulnerability of Box systems. Vulnerabilities identified are evaluated and remediation plans are implemented as needed.
Protective monitoring type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach
Box employs multiple automated mechanisms to assist in the security monitoring of Box’s infrastructure including but not limited to:

• Vulnerability scanning• Firewall management• Log aggregation, search, and alerting• Application error logging• Network intrusion detection• Host intrusion detection• Malware detection• Endpoint management• Network taps• Threat intelligence management

The Security team is alerted of suspicious events identified by Box’s security monitoring tools. All security events are handled by Box’s Security Incident Response Team (SIRT) in accordance with the Security Incident Response Process.
Incident management type
Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach
Box has established an Incident Management process to provide a consistent and organized approach for handling security (including confidentiality) and availablity incidents. Incident tickets are either generated by Box's various monitoring tools automatically, or Box tickets are opened manually by the Security and Technical Operations teams. Customers may also submit customer support incidents via email, phone, or the Box Community site, which may result in a creation of a security or availability incident ticket. The Incident Response Plan (IRP) provides a methodology and framework by which Box's incident responders can work to ensure a complete and consistent response.

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks
No

Pricing

Price
£20 per user per month
Discount for educational organisations
Yes
Free trial available
Yes
Description of free trial
The Individual Plan is a free service that is limited to one user and offers mobile sync and sharing features, limited storage, encryption at rest, access to Box Marketplace Applications, and multi-factor authentication.

Customers also have the ability to start a free Business Plan trial. Contact info@remitech.com

Service documents

Return to top ↑