Our commitment to security and compliance: ISO 27017 certification

At Box, we are committed to security and compliance and today we are pleased to announce that we have obtained our ISO/IEC 27017:2015 certification which compliments our existing ISO 27001:2013 and ISO/IEC 27018:2019 certifications. 

Our mission as the Compliance Team at Box is to meet the highwater mark for security compliance in every industry and vertical, worldwide. We want to provide a frictionless experience for our customers that reduces the complexity and confusion often associated with maintaining compliance. We believe the best way to provide that frictionless security is through transparency about our world-class security model and we feel the best way to demonstrate that is through our Security Certifications and Independent Audits. Customers will natively take advantage of our new ISO 27017 certification regardless of their deployment or plan with Box.

The International Organization for Standardization (ISO) is an independent, non-governmental organization with an international membership of 165 national standards bodies. The ISO/IEC 27017:2015 gives guidelines for information security controls applicable to the provision and use of cloud services by providing:

  • Additional implementation guidance for relevant controls specified in ISO/IEC 27002; and 
  • Additional controls with implementation guidance that specifically relate to cloud services.

ISO/IEC 27017 provides cloud-based guidance on controls such as:

  • Who is responsible for what between the cloud service provider and the cloud customer.
  • The removal or return of assets at the end of a contract.
  • Protection and separation of the customer's virtual environment.
  • Virtual machine configuration.
  • Administrative operations and procedures associated with the cloud environment.
  • Cloud customer monitoring of activity.
  • Virtual and cloud network environment alignment

Customers can access the ISO/IEC 27017 Certificate (Certificate Number: 1048819-2) which demonstrates Box's continuous commitment to providing a secure and compliant cloud environment for our customers.