Print

Governance Settings

  • Posted Updated

Governance settings let you configure Box to manage your content governance needs. 

Retention Tab

The Retention tab is where you configure content retention policies. Retention defines how long content is kept even if it has been put in Trash. Content cannot be permanently deleted, even if it is in Trash, if it is under retention policy and the retention time has not expired.

Setting Description
Policy Name Enter a short but descriptive name. 250 characters maximum.
Policy Description Enter an optional description that provides a summary of the policy purpose and function. 500 characters maximum.
Retention Type

Defines whether the retention policy is modifiable or non-modifiable.

A modifiable retention policy allows to to change any of its settings. However, it does not meet certain regulatory requirements, such as SEC (Securities and Exchange Commission) Rule 17a-4(f), which defines specific requirements for regulated entities that retain records on electronic storage media.

See the Modifiable and Non-modifiable Retention section in About Retention and Retention Policies for additional details.
Apply Policy To

Determines the content that the retention policy applies to.

Important

Because retention policies are designed to meet regulatory requirements such as FINRA, this setting cannot be changed once the polices are enabled. The exception is that folders can be added to retention policies.

Select from:

  • Content within specific folders to retain content within specific folders. When you select this option, you will select one or more folders in the next step of retention policy creation.
  • Content with specific metadata to retain content based on content metadata. When you select this option, you will select one or more metadata options in the next step. If you select multiple metadata options, the retention policy will be applied to content that matches any of the selected metadata.
  • All new content to apply the retention policy to all future content added or uploaded to Box while the retention policy is active.
Time Period Duration

Determines the period of time that the content that matches to retention policy will be retained and is based on the Start Date setting.

Important

This setting cannot be changed once the policy is started.

Select from:

  • 30, 60, or 90 days
  • 1, 3, 6, or 10 years
  • A custom number of days or years
  • An indefinite period of time
Start Date

Determines the start of the retention period. Select:

  • Box upload/creation date to have the retention period start when content is added or uploaded to Box.
  • Specific metadata start date to have the retention period start from a date defined by content metadata. These dates can be fixed dates other than add/upload dates or dates based on events. For example, a contract might have to be retained for a specific period of time after it is signed, so you could base retention on the signing date recorded in metadata. Or employment documents might need to be retained for a specific period of time after an employee separates from the company, so you could base retention on a separation date recorded in metadata.
Disposition Action

Determines what happens automatically to content managed by the retention policy when the retention period ends. Disposition action is not evaluated until a file reaches retention expiration. That means if admins change their mind and update the disposition on the retention policy, it will apply to all files under that policy that haven't expired.

Select from:

  • None to have nothing happen when the retention period expires. Users with the appropriate permissions will then be able to delete the content manually.
  • Permanently delete content to have content permanently deleted, whether or not in Trash, when the retention period ends. When you choose this option, you can also select to allow folder owners and co-owners to extend the permanent deletion date.

    Note

    The Permanently delete content option is not available if the People who can permanently delete content in Trash setting in Enterprise Settings > Content & Sharing > Trash is set to Nobody (No user or policy can delete content).
Email Notification

Determines which managed users get weekly email with a list of folders that contain files with retention policies set to expire in the upcoming 14 days. Select one or both of:

  • Folder owners and co-owners
  • Specified users, and then enter one or more usernames or email addresses separated by commas. 

Legal Holds Tab

The Legal Holds tab tab is where you configure content legal hold policies. Legal holds define what content is kept and (optionally) for how long even if it has been put in Trash.

Setting Description
Legal Hold Name Enter a short but descriptive name. 250 characters maximum.
Legal Hold Description Enter an optional description that provides a summary of the policy purpose and function. 500 characters maximum.
Apply Policy To

Determines who or what the policy applies to. Select from:

  • User (Custodians) to define one or more custodian users for the policy. The policy will capture all files and file versions that the user owns, is collaborated into, or viewed (acted upon), optionally within a defined date range. See About Legal Holds in Box Governance for the list of all custodian actions.
  • Folders to define folders for the policy. All content in all folders and sub-folders defined in the policy will be held. 
Date Range - Content Creation

Available only when User (Custodians) is selected in Apply Policy To. Optional. Determines the date range for the policy. All files and versions that the custodian acts on, as described in About Legal Holds in Box Governance, within the date range will be retained.

If you do not set a Start Date value, the policy will apply to relevant content as soon as it is enabled.

If you do not set an End Date value, the policy will apply to relevant content until the policy is retired.

 

Related articles