Cloud Services at UC
Box deployment guidance
Box is a cloud-hosted file storage service that supports file sharing and collaboration, through a set of synced editing, commenting, and task assignment functions, along with delegated file and folder security. Box.com is available to UC via Internet2’s Net+ services.
- Pricing for the services is tiered based on the location population.
- There is a HIPAA BAA available for Box.com.
Sensitive data guidance
|Data Type||Data Use Guidance||Comments|
|Credit Card (PCI-DSS)||Not permitted||No PCI agreement.|
|Export Control||Consult||Consult with data proprietor UC location office of research.|
|Electronic Protected Health Information (ePHI) subject to HIPAA||Consult||HIPAA BAA available, consult with data proprietor and appropriate UC location (e.g. privacy official, information security, compliance officer).|
|Human Subject Research||Consult||Consult with data proprietor and UC location office of research.|
|Intellectual Property||Consult||Consult with data proprietor and appropriate UC location authority (e.g. tech transfer, office of research, campus counsel).|
|IT Security Information
(e.g. administrative passwords, network diagrams)
|Permitted||When appropriately configured.|
|Other Sensitive Institutional Info
(e.g. Fundraising, Attorney/Client Privileges)
|Consult||Consult with data proprietor and appropriate UC location authority (e.g. privacy official, development office, campus counsel, information security officer).|
|Personally Identifiable Information (PII)
Tied to state notification breach laws, Login credentials, SSN, Drivers license
|Consult||Consult with appropriate UC location authority (e.g. privacy official, risk officer, campus counsel, information security officer).|
AnimalGeneral (non-Humanoid Subject Research)
|Consult||Consult with data proprietor and UC location office of research.|
|Student Education Records (FERPA)||Permitted||Consult with data proprietor and UC location authority.|
UC location responsibilities
- Individual users are on a named user basis. Accounts cannot be shared.
- Accounts can be reassigned.
- Box allows integration of third party marketplace applications. The contracts for these apps are NOT covered by the Box agreement, and must be considered separately. Third-party apps may incur additional costs, have different data security controls, and additional risks and liabilities. Carefully decide what 3rd party apps to allow or disable.
- Campus is responsible for integrating Box into directory environment (LDAP/SSO/Shibboleth).
- Box will provide customer success team for implementation process.
- Box is built with secure data storage as a basic protocol, but due to the nature of sharing, it is up to each location and each user to implement appropriate security controls and to comply with applicable University policies, notably policies relating to the protection of University data and the UC Electronic Communications Policy.
- Available 24/7.
- Data will not be stored outside the US.
- Box may only access your data to provide service and support.
- HIPAA BAA is in place.
- Provide online sites for user support and training documentation.
- Vendor provides Box help center support resources online.
- Service status may be viewed at: http://status.box.com/.
Procurement Services contacts
View a ist of contacts for each campus.
- Pricing is location-wide, tiered based on location population. It is based on Internet2’s pricing structure.
- The costs are payable annually in advance.
- Educational pricing is pre-negotiated as part of the agreement.
Link to contract
UC location links and contacts for this service
Visit the website or contact the individuals below for more information about this service at your location.
|UC Santa Cruz|
|UC Santa Barbara|
|UC San Diego||Cloud and Web Services (firstname.lastname@example.org)|
|UC Irvine||Isaac Straley|
|UC San Francisco|
|Lawrence Berkeley National Labs||Stephen Lau|
|Division of Ag & Natural Resources||Gabriel Youtsey|