Samsung Semiconductor has transformed its governance, risk, and compliance (GRC) operations using Box AI, reducing vendor security assessments from 3-5 days to approximately 4 hours while centralizing employee data management across 76 countries.
As the global leader in memory chips and DRAM technology, Samsung helps power products from smartphones to AI infrastructure. Samsung has been a transformation enabler for 30 years, supplying some of the world’s largest technology companies, from hyperscale data centers to automotive IoT products.
Inside the company, though, certain content governance and compliance workflows were due for modernization. Scattered employee records and manual content governance were creating inefficiencies and risks. Using Box AI, Samsung was able to automate complex compliance workflows and protect sensitive data at scale.
What Samsung Semiconductor has achieved so far with Box:
- Centralized employee documentation with automated retention
- Vendor risk assessments accelerated from 3-5 days to 4 hours
- Reduced storage costs through intelligent data management
- Enhanced compliance with privacy regulations
From 3-5 days to ~4 hours per vendor assessment
Evelyn Ngai, Head of Governance, Risk, and Compliance (GRC) at Samsung, inherited a system that relied heavily on email-based workflows and scattered documentation. Within the vendor assessment process, for example, her team receives an inbound request for each potential vendor, and must scrutinize and score it into a risk category. Once a risk level is determined, the team needs to collect multiple pieces of evidence for review. Prior to Box, all of this was done back and forth over email and required several hours of human review.
Originally, it took three to five days to look at each vendor and decide whether or not to use them. With Box, I’ve been able to save time.
By automating GRC workflows with Box AI, Samsung could lean into the metadata extraction capabilities and AI agents that Box offers, analyzing vendor documentation automatically according to the specific information Ngai’s team cares about — even if those documents are formatted differently.
Now, she says, "We’re using some of the metadata extractions and looking at the data that the vendors are sending us. Then we have Box Agents behind the scenes to calculate the score.”
Within this automated workflow, a vendor that passes the risk test moves into the Security Review process, where another AI agent reviews the documentation to identify any security issues moving forward — removing the need for manual review of every document. The impact of automating with AI agents has been immediate and measurable. "Originally, it took three to five days to look at each vendor and decide whether or not to use them. With Box, I’ve been able to save time. Per vendor, it is only like half a day," Ngai reports.
Centralizing employee data with intelligent retention
Samsung has 262,000 employees globally and 4,500 in the Bay Area alone. Employee data lay across disconnected systems without clear, unified governance. Ngai says, "Our employee data sat primarily in Workday and network drives — and a variety of other applications."
This fragmentation made it nearly impossible to maintain proper retention policies or ensure compliance with regulations like CCPA for HR content. Samsung sought to scale. Using the metadata and AI search capabilities of Box, the company can now automatically classify HR documents containing sensitive or personally identifiable information (PII) and apply appropriate retention policies.
"Box is able to apply metadata and search different types of files — everywhere — and determine what type of files they are. Do they have sensitive data? Do they have PII data?" Ngai explains. This automated classification is closely aligned with retention policies, ensuring documents are archived or disposed of according to compliance requirements.
The benefits of automating this metadata extend beyond time savings. "The issues are saving time and being in compliance," Ngai emphasizes. "Now, I don’t worry about the data being leaked, and we’re in compliance with the CCPA (California Consumer Privacy Act)."
Building on success with expanded use cases
Samsung Semiconductor's success with Box has inspired plans for broader deployment across the organization. The company is currently beta testing Box Automate for employee onboarding workflows, addressing another pain point in their operations.
When an employee comes on board at Samsung, there are multiple documents and tasks to complete, and various teams need different information. The employee also needs to be issued a laptop, an office badge, and other items. Everything is tracked in a spreadsheet right now. But Ngai’s team is building a solution with Box Automate which will automatically route documents like W-2 forms to appropriate departments and trigger IT provisioning tasks, creating a seamless onboarding experience.
We're excited about the potential of Box Automate to transform our onboarding process. It will make our onboarding workflow far more scalable.
Ngai says: "We're excited about the potential of Box Automate to transform our onboarding process. It will make our onboarding workflow far more scalable by processing documents from Greenhouse and Workday, extracting metadata we choose, and sending it to Box DocGen to generate personalized documents for new employees at scale. “
The finance department is also preparing to leverage Box Hubs and Box AI for tax document analysis. Instead of people on the team manually reviewing five years’ worth of tax history, the system will enable them to easily analyze past income statements and streamline the approval process — while maintaining proper segregation of duties.
Ngai concludes, “By leveraging Box Automate's capabilities, we can programmatically trigger workflows based on the extracted metadata, automating task assignments to different teams and streamlining our overall onboarding process."
A blueprint for semiconductor industry transformation
As semiconductor companies face increasing pressure to protect intellectual property while maintaining operational efficiency, Samsung's approach offers a proven path forward. AI-powered automation on a foundation of secure, compliant content is the winning formula to advance compliance operations while maintaining lean teams.
By leveraging Box AI, Box Automate (in beta), and Box Shield Pro (currently being tested), Samsung is creating an integrated system that can address multiple operational challenges simultaneously. Ngai concludes, "I'm really excited to look at all the other new features Box is going to have, for my team to use across the global organization."
