Welcome to the new Box Support website. Check out all the details here on what’s changed.

Box Status
Print

Governance Settings

Overview , Article , Established , Govern

Governance settings let you configure Box to manage your content governance needs. 

Retention Tab

The Retention tab is where you configure content retention policies. Retention defines how long content is kept even if it has been put in Trash. Content cannot be permanently deleted, even if it is in Trash, if it is under retention policy and the retention time has not expired. This section lists the settings for retention policies and describes each setting.

Policy Name
Enter a short but descriptive name. 250 characters maximum.
Policy Description
Enter an optional description that provides a summary of the policy purpose and function. 500 characters maximum.
Retention Type

Defines whether the retention policy is modifiable or non-modifiable.

A modifiable retention policy allows to to change any of its settings. However, it does not meet certain regulatory requirements, such as SEC (Securities and Exchange Commission) Rule 17a-4(f), which defines specific requirements for regulated entities that retain records on electronic storage media.

See the Modifiable and Non-modifiable Retention section in About Retention and Retention Policies for additional details.

Apply Policy To

Determines the content that the retention policy applies to.

Important

Because retention policies are designed to meet regulatory requirements such as FINRA, this setting cannot be changed for a non-modifiable policy once it is enabled. The exception is that folders and metadata can be added to retention policies.

Select from:

  • Content within specific folders to retain content within specific folders. When you select this option, you will select one or more folders in the next step of retention policy creation. Once the policy is enabled, it applies to, or is cascaded to, all content in the selected folder(s), all files and everything in every sub-folder.

    Note

    Once a retention policy is applied to a folder, if any file or sub-folder is moved out of that folder, the retention policy still applies, and that holds true no matter where the move or how often the move. The one exception is that if a file or folder is moved into a folder where a retention policy with longer retention is defined, that that policy is then applied to the moved file or folder.

  • Content with specific metadata to retain content based on content metadata. When you select this option, you will select one or more metadata options in the next step. If you select multiple metadata options, the retention policy will be applied to content that matches any of the selected metadata.
  • Content with specific classifications to retain content based on classification labels applied to that content. When you select this option, you will select one or more classification labels in the next step. If you select multiple classification labels, the retention policy will be applied to content that has any of the classification labels applied.

    Note

    Once a retention policy is applied to a file based on that file having a classification label, if the classification label is changed (or removed), the retention policy still applies to the file.

  • All new content to apply the retention policy to all future content added or uploaded to Box while the retention policy is active.
Time Period Duration

Determines the period of time that the content that matches to retention policy will be retained and is based on the Start Date setting.

Important

This setting cannot be changed once the policy is started.

Select from:

  • 30, 60, or 90 days
  • 1, 3, 6, or 10 years
  • A custom number of days or years
  • An indefinite period of time
Start Date

Determines the start of the retention period. Select:

  • Box upload/creation date to have the retention period start when content is added or uploaded to Box.
  • Specific metadata start date to have the retention period start from a date defined by content metadata. These dates can be fixed dates other than add/upload dates or dates based on events. For example, a contract might have to be retained for a specific period of time after it is signed, so you could base retention on the signing date recorded in metadata. Or employment documents might need to be retained for a specific period of time after an employee separates from the company, so you could base retention on a separation date recorded in metadata.
Disposition Action

Determines what happens automatically to content managed by the retention policy when the retention period ends. Disposition action is not evaluated until a file reaches retention expiration. That means if admins change their mind and update the disposition on the retention policy, it will apply to all files under that policy that haven't expired.

Select from:

  • None to have nothing happen when the retention period expires. Users with the appropriate permissions will then be able to delete the content manually.
  • Permanently delete content to have content permanently deleted, whether or not in Trash, when the retention period ends. When you choose this option, you can also select to allow folder owners and co-owners to extend the permanent deletion date.

    Note

    The Permanently delete content option is not available if the People who can permanently delete content in Trash setting in Enterprise Settings > Content & Sharing > Trash is set to Nobody (No user or policy can delete content).

Email Notification

Determines which managed users get weekly email with a list of folders that contain files with retention policies set to expire in the upcoming 14 days. Select one or both of:

  • Folder owners and co-owners
  • Specified users, and then enter one or more usernames or email addresses separated by commas. 

Note

Some email clients truncate large messages. In those cases, recipients of these notifications may need to click a "View all" or "View entire message" in their email client to see the entire list of files if the list is long.

Legal Holds Tab

The Legal Holds tab tab is where you configure content legal hold policies. Legal holds define what content is kept and (optionally) for how long even if it has been put in Trash.

Legal Hold Policies

This section lists the settings for legal hold policies and describes each setting.

Legal Hold Name
Enter a short but descriptive name. 250 characters maximum.
Description
Enter an optional description that provides a summary of the policy purpose and function. 500 characters maximum.
Apply Policy To

Determines who or what the policy applies to. Select from:

  • User (Custodians) to define one or more custodian users for the policy. The policy will capture all files and file versions that the user owns, is collaborated into, or viewed (acted upon), optionally within a defined date range. See About Legal Holds in Box Governance for the list of all custodian actions.
  • Folders to define folders for the policy. All content in all folders and sub-folders defined in the policy will be held. 
Date Range - Content Creation

Available only when User (Custodians) is selected in Apply Policy To. Optional. Determines the date range for the policy. All files and versions that the custodian acts on, as described in About Legal Holds in Box Governance, within the date range will be retained.

If you do not set a Start Date value, the policy will apply to relevant content as soon as it is enabled.

If you do not set an End Date value, the policy will apply to relevant content until the policy is retired.

Legal Hold Exports

This section lists the settings for legal hold exports and describes each setting. 

Export Name
Enter a short but descriptive name. 250 characters maximum.
Folders
Available only in folder-based legal holds, select one ore more of the folders included in the legal hold.
Custodians
Available only in custodian-based legal holds, enter one or more custodian names, separated by commas or new lines.
File Type

Determines the types of files included in the export. Select:

  • Any Type (default) - to include all of the files in the legal hold
  • One or more of the listed types - to include only the types of files you select
Date Range

Required. Determines the date range for the files to be included in the export. Select:

  • Use uploaded date - to include files based on the date when they were uploaded to Box
  • Use content creation date - to include files based on the date they were created

Note

While the date range determines which files get included in the export, it is the latest version of those files that are exported.

 

Related articles