Synergi Software Limited

Box Cloud Content Management

Box is a platform for managing content that enables seamless collaboration

And workflow, both internally and with external parties. Box allows you to

secure content for end users that maintains compliance but doesn’t slow down

processes. Box has a robust API and 1400+ integrations with other leading

departmental applications.

Features

• Seamless mobile, web and desktop user interface
• Cloud / Enterprise Content Management folder structures
• Facilitate collaboration and seamless file sharing internally and externally
• Electronic document and records management capabilities, support for 140+ file-types
• Detailed security controls at the document, folder and enterprise level
• Data security and compliance certifications in the US and Europe
• Information governance through retention policies, document classification and legal holds
• Workflows to power and automate business processes and digital transformation
• UK-Storage options plus 24/7 support services
• Key integrations with leading machine learning and artificial intelligence providers

Benefits

• Modernise legacy processes such as digital evidence management in policing
• Retire legacy and unsanctioned systems through implementing one content platform
• Protect and govern sensitive information through document management governance
• Improve cross-departmental and organisational processes through content collaboration externally
• Improve research productivity through content access anywhere on any device
• Easily manage user, file and folder access permissions
• Effectively search and collaborate on media through digital asset management
• Public interaction through custom-built apps, leveraging Box's API's, including citizen-portals

£0 to £400.00 a user a month

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at info@teamsynergi.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

374393057401140

Contact

Team Synergi
01914770365
info@teamsynergi.co.uk

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: Box has no technical constraints as long as the user is on a current browser (the two latest versions). System requirements - A recent browser that supports JavaScript.
• System requirements: A recent browser that supports JavaScript.

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Standard Support is provided during local business hours Monday-Friday with no SLA. ; Support Access Method: web/email/chat; Targets are provided and are as follows: ; Level 1 - Urgent - within 4 business hours; Level 2 - High - within 8 business hours; Level 3 -Normal - within 1 business day; ; Premier and Platinum Support is provided 24 Hours/Day, 365 days/year with the following SLAs: ; ; Level 1 - Urgent - within 1 hour; Level 2 - High - within 2 hours; Level 3 -Normal - within 2 hours; Level 4 - Low - Greater than 2 hours; Support Access Method: web/phone/email
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AA or EN 301 549
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: Web chat
• Web chat support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support accessibility standard: WCAG 2.1 AA or EN 301 549
• Web chat accessibility testing: MS Teams for testing and Chat.
• Onsite support: No
• Support levels: At Box, we make sure you have the right offering to fit your specific needs. All of our customers - from personal users to our largest enterprise clients - can get the support of a product expert and our self-service Community site. ; ; For customers that have purchased a support offering, your Premier Services Lead will be involved during your implementation to make sure that you’re set up for success. Our dedicated team works closely with our product managers and engineers to quickly solve any problems, should they arise. We’ll ensure your experience is catered especially to you. For Platinum clients, your Premier Services Specialist stays with you to monitor the health of your Box deployment. Additionally, they will have regular engagements to ensure helpdesk processes are optimized or if you are in need of technical assistance. Here’s what you can expect for Premier and Platinum Offerings: ; ; 1) 24/7 Dedicated phone line and Email/Web Support ; 2) Guaranteed 1-2 Hour First Response Times ; 3) Custom Shared Help Desk/Escalation Model ; 4) Off-Hours On-Call Support ; 5) Resource and Self-Service training
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: User guides and manuals are available for customers to learn about the features of the Box Cloud Collaboration Platform. For an additional cost, customers may also sign-up for live virtual training sessions with an instructor that provides live demonstrations of Box features as well as a Question and Answer session (http://community.box.com/t5/Training/ct-p/Training).
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: Customers own their content at all times. Customers can download copies of their content stored in the Box Service at any time during their subscription period. End-of-contract process: Box’s standard termination terms and conditions are included in the Box Service Agreement. Upon written request from Customers, Box can grant Customer's Administrator limited access to the Box Service solely for purposes of Customer's retrieval of the Content for 30 days following the expiration or the termination of the agreement.
• End-of-contract process: Box can grant Customer's Administrator limited access to the Box Service solely for purposes of Customer's retrieval of the Content for 30 days following the expiration or the termination of the agreement.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: Yes
• Compatible operating systems:
  • Android
  • IOS
  • MacOS
  • Windows
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Box allows you to view, edit and collaborate on files directly from your mobile device. Whether you have an iPhone, iPad, Android, Windows or Blackberry device, all files stored in your Box account will automatically be synced to your mobile device, so you’ll always have the most up-to-date content, wherever you go.
• Service interface: Yes
• User support accessibility: None or don’t know
• Description of service interface: Box Cloud Content Management gives you a single content platform to accelerate business processes, improve employee productivity and protect your most valuable information.
• Accessibility standards: None or don’t know
• Description of accessibility: Box currently is working to meet accessibility standards WCAG 2.1 A. The below report(s) was created for UK-G Cloud: - Box Voluntary Product Accessibility Template (VPAT) - Web Application - UK-G Cloud: https://cloud.box.com/s/h0oviyopsi7ttsca0hcqug2y0hr3jn21 - Voluntary Product Accessibility Template (VPAT) – a.box.com - UK-G Cloud: https://cloud.box.com/s/e3z9nvbf7l09vm8fbcrnn9uflhvnhw0q Please also note that: ; ; - The file link(s) are password protected: "boxNDA UK-G Cloud" - All information is shared under NDA and is ; ; intended for the use of UK-G Cloud only. If required, please do not hesitate to reach out to your Box contact for clarification.
• Accessibility testing: N/A
• API: Yes
• What users can and can't do using the API: Box Platform is a content management and collaboration API that allows you to bring Box's powerful content services to your custom apps. With Box Platform you can build engaging and interactive content experiences in your apps while meeting the security and compliance needs of your business. For more information, please visit: https://developer.box.com/home
• API documentation: Yes
• API documentation formats: PDF
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Customers have the ability to set up custom branding, as well as incorporate custom information within their Box Enterprise to ensure the look and feel of your organization's Box account best serve your needs.

Scaling

• Independence of resources: Box continuously monitors capacity and availability of the infrastructure to ; ensure consistent performance.

Analytics

• Service usage metrics: Yes
• Metrics types: When something changes in a Box user's account, Box logs an event for the user. The event is a description of the object that changed and what caused it to change. The object can be any Box object that the user owns or collaborates on. Box records events in admin reports and uses them to send messages to the Box sync client about account activity.; The Box Enterprise Administrator can retrieve these events through the Box Admin Console Reports or use the Box API to stream these events to a SIEM tool.
• Reporting types:
  • API access
  • Real-time dashboards
  • Regular reports

Resellers

• Supplier type: Reseller providing extra support
• Organisation whose services are being resold: Box Cloud Content Management - www.box.com

Staff security

• Staff security clearance: Staff screening not performed
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
  • Other locations
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest: Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Customers own their content at all times. Customers can download copies of their content stored in the Box Service at any time during their subscription period. End-of-contract process: Box’s standard termination terms and conditions are included in the Box Service Agreement. Upon written request from Customers, Box can grant Customer's Administrator limited access to the Box Service solely for purposes of Customer's retrieval of the Content for 30 days following the expiration or the termination of the agreement.
• Data export formats: CSV
• Data import formats:
  • CSV
  • ODF

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • TLS (version 1.2 or above)
  • Legacy SSL and TLS (under version 1.2)
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • Legacy SSL and TLS (under version 1.2)

Availability and resilience

• Guaranteed availability: For Customers with Standard Support Service, Box will use commercially reasonable efforts to meet an Uptime Percentage of at least 99.9%.
• Approach to resilience: Box is a Software as a Service (SaaS) offering and is accessible globally via the internet. Box aligns to ISO 22301 which specifies the requirement to protect against, reduce the likelihood of and ensure the business recovers from disruptive events. Box has established Business Continuity and Disaster Recovery Plans which include strategies, procedures and contact information to be used in the event of an incident or disaster. Plan testing and exercises are conducted annually to ensure recovery preparedness. Select business critical functions are required to perform tabletop exercises, plan walk-through, and/or functional testing. Test results, lessons learned, and action items are documented and reviewed with the test participants and other functional areas as appropriate. Box employs an active-active data center model, which serves Content concurrently out of multiple datacenters. In the event of an adverse event that affects a specific datacenter, the unaffected datacenter is able to support the Box Service. In the event of an adverse event that affects the geographic region and impacts Box's primary datacenters, the Box Service will be operated from the alternate location.
• Outage reporting: Customers are able to monitor Box outages and subscribe to updates through http://status.box.com/

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
• Access restrictions in management interfaces and support channels: Box Business and above accounts come equipped with a comprehensive Admin Console that gives administrators complete control of their accounts. Admins must login to their Box account before they are able to access the Admin Console. Configuration changes can only be performed once the admin is logged in.; ; Customers may choose to enable two-factor authentication or use SSO integrations to further secure their account. ; ; In order to submit support cases, users must login to the Box Community site using their Box login credentials. Users submitting support cases via the phone may be required to verify their account.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: BSI
• ISO/IEC 27001 accreditation date: 10/05/2019
• What the ISO/IEC 27001 doesn’t cover: The Information Security Management System (ISMS) certifications applies to the Box Collaboration Platform and all supporting infrastructure as operated in the locations listed in the Appendix and the Statement of Applicability dated February 20, 2018
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: Yes
• Who accredited the PCI DSS certification: Schellman & Company, LLC
• PCI DSS accreditation date: 31/07/2018
• What the PCI DSS doesn’t cover: The following services are not included in the scope of Box’s PCI compliance and should not be used to process, store, or transmit credit card information: i. Using FTP with Box ii. Email to Files to Folder iii. View API iv. Box Notes v. Box Relay
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: Yes
• Any other security certifications:
  • • ISO 27018
  • • SOC-1/SSAE-16/ISAE3402 Type II
  • • SOC-2 Type II
  • • HIPAA/HITECH
  • • SEC 17a-4
  • • Cloud Computing Compliance Controls Catalogue (C5)
  • • Binding Corporate Rules
  • • FIPS 140-2
  • • APEC CBPR
  • • Privacy Shield

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: Box's security policies adhere to the requirements of ISO 27001. Box can provide the ISO 27001 certification upon customer request.; Operational security.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: Box has a formal change management process for application and infrastructure changes. In addition, configuration and release management tools have been implemented. The code repository supports versioning and consistency across eh environment and provides the ability to roll-back changes. Box also maintains baseline configurations for production servers to facilitate the configuration process.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: Box undergoes continuous monitoring through independent assessments and internal audits. Box utilizes third-parties to perform penetration testing at least annually to assess the vulnerability of Box systems. Vulnerabilities identified are evaluated and remediation plans are implemented as needed. ; ; Additionally, Box performs internal vulnerability scanning of our production environment, which is inclusive of network, OS, and database scans, on a weekly basis. Each vulnerability is automatically ticketed and assigned to the appropriate system owner and we have SLAs associated with the risk rating of each vulnerability. Box performs both internal and external vulnerability scans.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: Box employs multiple automated mechanisms to assist in the security monitoring of Box’s infrastructure including but not limited to:; ; • Vulnerability scanning• Firewall management• Log aggregation, search, and alerting• Application error logging• Network intrusion detection• Host intrusion detection• Malware detection• Endpoint management• Network taps• Threat intelligence management; ; The Security team is alerted of suspicious events identified by Box’s security monitoring tools. All security events are handled by Box’s Security Incident Response Team (SIRT) in accordance with the Security Incident Response Process.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: Box has established an Incident Management process to provide a consistent and organized approach for handling security (including confidentiality) and availablity incidents. Incident tickets are either generated by Box's various monitoring tools automatically, or Box tickets are opened manually by the Security and Technical Operations teams. Customers may also submit customer support incidents via email, phone, or the Box Community site, which may result in a creation of a security or availability incident ticket. The Incident Response Plan (IRP) provides a methodology and framework by which Box's incident responders can work to ensure a complete and consistent response.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: Yes
• Connected networks: Other
• Other public sector networks: Box can connect PSN but is dependent on customer

Social Value

• Fighting climate change:

  Fighting climate change

  Synergi are committed to being an environmentally friendly company, in 2022 we have introduced an initiative to plant 1 tree for every consultancy day sold. All of our company vehicles are hybrid, we encourage remote first meetings and the use of public transport when remote is not possible, we have swapped all of our office lighting to be more energy efficient and will continue to be committed to further opportunities to improve where possible.
• Covid-19 recovery:

  Covid-19 recovery

  Synergi has employed a number of people who were made redundant due to the Covid-19 pandemic, we have ran free webinars to encourage the use to Team and help train people who would otherwise have not used remote tools as part of their daily working life. We have ensured that our offices are Covid 19 secure by introducing social distancing and making some roles fully remote and some hybrid. We have also worked on a number of client projects that have focused around “return to office” activities.
• Tackling economic inequality:

  Tackling economic inequality

  Synergi run both a graduate and apprenticeship scheme, we are fully committed to investment in both areas. All employees benefit from a minimum of one Continuous Profession Development Day per month, many employees have gained notable professional qualifications off the back of this.
• Equal opportunity:

  Equal opportunity

  Synergi has a disability-friendly office, we employ a number of people from diverse economic, ethic and social backgrounds. We monitor our gender pay gap which is currently 1.3% which is below the national average of 15.5%.
• Wellbeing:

  Wellbeing

  Synergi are committed to employee well-being, we have implemented unlimited holidays within the last 12 months, we have ran anonymous staff surveys to get feedback on working conditions and proactively asked for suggestions for improvements.

Pricing

• Price: £0 to £400.00 a user a month
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: The Individual Plan is a free service that is limited to one user and offers mobile sync and sharing features, limited storage, encryption at rest, access to Box Marketplace Applications, and multi-factor authentication. Customers also have the ability to start a free Business Plan trial through this site: https://www.box.com/pricing
• Link to free trial: https://www.box.com/en-gb/free-trial

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at info@teamsynergi.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.