ISO 27001 Certification Overview and FAQ

Box has achieved ISO (International Organization for Standardization) 27001 certification for our Information Security Management Systems (ISMS), covering the Box product and all supporting infrastructure. ISO 27001 is a globally recognized security standard that provides a guideline of the policies and controls that an organization has in place to secure their data. The standard sets out internationally agreed upon requirements and best practices for the systematic approach to the development, deployment and management of a risk/threat based information security management system.



What does this mean for Box and the Box platform?

  • This certification demonstrates that Box adheres to the most recognized international standard regarding management of security focused around Box’s product, supporting product infrastructure and overall IT environment (what keeps our company up and running).
  • More details are available on the Box blog.


Does this affect all Box accounts?

  • Our ISO 27001 certification’s scope encompasses the Box production environment, which includes Box Personal, Business, and Enterprise accounts.


Do I need to do anything regarding ISO?

  • No, our customers are using an ISO 27001 certified service
  • Customers looking to pursue ISO 27001 certification for their business will need to properly scope their ISMS. Box does not need to be scoped for this purpose.


What Box locations are covered in the ISO 27001 certification?

  • Box HQ in Los Altos CA, the San Francisco sales office, and the San Francisco, South Bay and Las Vegas datacenters are all covered.


Where can I view Box’s ISO 27001 certificate?

Version history
Revision #:
3 of 3
Last update:
‎12-03-2018 11:31 AM
Updated by:
Labels (1)