M+Box Core Apps
Description of Service:
M+Box is a cloud-based storage solution that allows you to share files with people inside and outside of the university. There are many apps that can be used within M+Box. U-M users can use any of those apps, but only the M+Box Core Apps have been tested and approved by U-M.
Description of Compliance:
M+Box is a contracted-for service obtained through a partnership with a consortium of higher education institutions. The agreement includes non-disclosure agreements (NDA) and security provisions. M+Box Core Apps provide a secure environment in which to maintain or share the university's sensitive unregulated data, as well as some kinds of sensitive regulated data.
Social Security numbers should only be used where required by law or where they are essential for university business processes. If you must use SSNs, it is preferred that you use institutional resources designed to house this data, such as the Data Warehouse. IIA can help you explore appropriate storage locations or work with you to appropriately encrypt the data if those alternatives will not work for you. (Contact IIA via the ITS Service Center.)
M+Box may not be used for Protected Health Information because Box has not signed the necessary Business Associate Agreement mandated by HIPAA. M+Box may not be used for Export Controlled Research because Box cannot ensure that only U.S. persons have access to or maintain their systems.
Key: Storage Permission Levels
Permitted with IIA Consultation
For IIA consultation, please contact the ITS Service Center
Using M+Box Core Apps with Data
M+Box Core Apps has the following Sensitive Data restrictions....
- Attorney/Client Privileged Information
- IT Security Information
- Other Sensitive Institutional Data
- Private Personal Information (PPI)
- Sensitive Identifiable Human Subject Research
- Student Education Records
- Student Loan Application Information