Box is a File Sync & Share solution offered by IBM CIO to employees on an option

al basis for <b><u>business data only</u></b>. Before using Box on a browser, Bo

x desktop application or on a mobile device, read the following IBM requirements
. When using Box, users must comply with IBM internal guidelines, policies and i
nstructions.
<br>
1. Box is approved by IBM to host the following types of data: <br>
&nbsp;&nbsp;&nbsp;&nbsp;
IBM proprietary information, which has been approved for
public disclosure.<br>
&nbsp;&nbsp;&nbsp;&nbsp;
IBM proprietary information, which is generally internal
use only by default.<br>
&nbsp;&nbsp;&nbsp;&nbsp;
IBM Confidential information, as defined by <a href=http
s://w3-03.ibm.com/ibm/documents/corpdocweb.nsf/ContentDocsByTitle/Corporate+Inst
ruction+LEG+116>Legal 116<a> and does not conflict with Section 2 below.<br>
&nbsp;&nbsp;&nbsp;&nbsp;
IBM Clients data if the contract with the Client does not
prohibit it.<br>
<br>
2. You should not use Box to store or share the following data.<br>
The following provides an illustrative list of the types of items which should n
ot be uploaded into Box. All items which may be similar in effect or impact to t
hose listed should not be uploaded into Box.<br>
&nbsp;&nbsp;&nbsp;&nbsp;
Data IBM is, by contract or by law, required to keep in
a given country; including, data which must be kept outside of the United States
.<br>
&nbsp;&nbsp;&nbsp;&nbsp;
<a href=http://w3-03.ibm.com/ibm/privacy/practices_guida
nce.html>Sensitive Personal Information (SPI)<a><br>
&nbsp;&nbsp;&nbsp;&nbsp;
<a href=http://w3-03.ibm.com/transform/sas/as-web.nsf/Co
ntentDocsByTitle/ITCS114+-+Security+Standards+for+International+Traffic+in+Arms+
Regulations+(ITAR)>ITAR data<a><br>
&nbsp;&nbsp;&nbsp;&nbsp;
IBM proprietary source code, such as <a href=https://w3connections.ibm.com/wikis/home?lang=en-us#%21/wiki/W591f471daa37_4d0e_b162_c3a4c
07e0f9e/page/Jewel%20Code%20Guidelines>Jewel Code<a> and Source Code subject to
export regulations. See additional guidelines at <a href=https://ibm.biz/Box4Sou
rceCode>https://ibm.biz/Box4SourceCode<a>.<br>
&nbsp;&nbsp;&nbsp;&nbsp;
Files containing Crown Jewel data <br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;o
a targeted subset, that
if lost, stolen, or otherwise exposed can:<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;1. Cause
IBM to lose significant competitive advantage<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;2. Prese
nt significant risk to IBM customers<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;3. Resul
t in significant embarrassment to IBM<br>
&nbsp;&nbsp;&nbsp;&nbsp;
Data containing non-work personal information or other i
nformation that you would consider to be private.<br>
&nbsp;&nbsp;&nbsp;&nbsp;
IBM Clients data where the contract or applicable law pro
hibits it. Some examples of this would be: <br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;o
A contract that requires
IBM to keep the client data stored locally.<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;o
The client is a governme
nt entity and the law requires the information to be stored locally.<br>
&nbsp;&nbsp;&nbsp;&nbsp;
Do not use Box to store non-IBM business data. Box is no
t for personal use.<br>
<br>
3. Use Box only on IBM managed devices.<br>
<br>
4. Do not use Box as a backup for your hard drive.<br>
<br>
Good Additional Resources:<br>
<a href=http://w3.ibm.com/collaboration/dataprotection>Data Protection Best Prac

tices<a><br>
<a href=https://w3-03.ibm.com/ibm/documents/corpdocweb.nsf/ContentDocsByTitle/Co
rporate+classification+and+control+of+IBM+information+-+Frequently+Asked+Questio
ns>FAQ for guidance in protecting IBM Confidential Information<a><br>