How to enhance your records and risk management in Box

Tip Sheet: If you are using Box in your enterprise, you may have some unmanaged risk when it comes to your information. This tip sheet helps you understand how to enhance your records management of Box with Explainable AI for added security, better compliance, and more efficient information governance.

Box provides content management, file sharing, and collaboration, with security and privacy capability and records retention management based on file structure or metadata. For regulated organisations using Box, Explainable AI can enhance their information governance, ensuring they are complying with relevant regulations in an efficient, scalable way.

Box is a content collaboration and management workspace, designed to store and manage files. It provides security and privacy governance, legal hold, workflow, and alerting. It is a centralised cloud solution for unstructured data, and becomes an online storage repository which can synchronise with local devices.

While it does have integrations with other content management systems like M365, Box is designed to hold a significant amount of documents and other unstructured information for your enterprise, most of which represents evidence of business decisions. As such, the platform needs effective discovery, audit, monitoring, security and privacy management, which it has inbuilt in the platform or available through integrations.

Box also needs effective records lifecycle management, compliant with the standards applicable to your organisation. Records need to be accurately classified, sentenced, and disposed of.

Box has the following typical approach to records lifecycle management:

  • A retention policy is created for each retention rule
  • The policy is applied to either specific folders, specific metadata, or all new content
  • Retention periods commence at date of creation or upload, or can be event-based
  • Retention triggers are time-based or event-based, and alert on content ready for disposal
  • When the retention period is reached, files are flagged for manual destruction, or can be deleted automatically in batches.

The retention policies are flexible, and you can change them. Castlepoint interfaces out-of-the-box with Box, to augment retention management with AI.

Our clients use Castlepoint with Box to provide autoclassification for both retention policy and security/risk, and to make it discoverable through a single pane of glass with their other enterprise systems.

  • Autoclassification based on content
    Castlepoint goes beyond metadata and file plans to automatically classify records in Box based on their content (including by using OCR where required, and without limiting the number of bytes indexed per file). Individual items, and aggregated records, are classified using Explainable AI, which meets EU legal requirements and global best practices for regulated organisations. Retention management and compliant disposal can be applied at both the item level and the record level.
  • Virtual records across systems
    Castlepoint automatically links items stored in Box with other relevant items across other repositories, so that they can be classified, retained, preserved, and disposed of together if required. This makes records governance more comprehensive and efficient.
  • Security, confidentiality, privacy, and other risk classification
    Box includes comprehensive labelling so that users can identify risky content in the environment, as well as autoclassification. Castlepoint augments this by using Explainable AI autoclassification to identify items that may not have been appropriately labelled, based on their content. Because Castlepoint does not need metadata or labels to be used, it can classify content against many different facets. This overcomes the limit of 25 total available classification types in Box, and the limit of only one label being able to be applied to a file or folder at a time.

All this is done in an agentless, connectorless model. Castlepoint is a manage-in-place solution, and does not copy, move, or modify Box content. It does not change the Box user experience in any way, or install any components or customisations. Management of Box is included in the Castlepoint license.

Castlepoint registers, reads, and automatically classifies the content and metadata of all items and records, and assigns a sentence and retention period for each record automatically. It also manages the rest of the information governance lifecycle, from security and privacy, through to auditing and reporting, to eDiscovery. Deployment of Castlepoint and interface with Confluence can be completed in hours, getting you compliant quickly without overheads or impacts.

Contact our team for a demonstration of this capability, or to see how Castlepoint manages other systems like Jira, Google Workspace, Box, AWS buckets, Azure Blob storage, Content Manager, Salesforce, OpenText, the Microsoft 365 platform (Teams, SharePoint, OneDrive, and Exchange Online), or even local workstations.