Box
by Box · Document Management
Cloud content management platform for secure document storage, collaboration, and workflows.
- Works with
- NetSuite, SAP, Salesforce
- Deployment
- Cloud
- Company size
- SMB, Mid-market, Enterprise
- Pricing
- Per-user subscription (annual/monthly), tiered Business and Enterprise plans; free Individual tier available
- Founded
- 2005
- Headquarters
- Redwood City, California, United States
Overview
Box is a cloud-based content management platform that centralizes an organization's files and documents in a single secure repository accessible from any device. Beyond simple file storage, it provides version control, granular permissioning, real-time co-editing, e-signature (Box Sign), metadata and classification, retention and legal hold governance, and no-code workflow automation. Box positions itself as an "Intelligent Content Management" platform, layering AI capabilities (Box AI, Box Extract, and AI agents) on top of stored content to summarize documents, answer questions across files, and extract structured data from contracts and other unstructured documents.
For companies running ERP systems, Box commonly serves as the system of record for the documents that surround financial and operational transactions — vendor contracts, signed agreements, invoices, statements of work, and supporting attachments. Box integrates with ERP and line-of-business systems including NetSuite and SAP so that documents can be stored, retrieved, and shared in context, while metadata is synchronized between the ERP record and the Box file. Integration is available through prebuilt connectors (for example, the Box for NetSuite SuiteApp), the Box REST API, and iPaaS/middleware platforms such as Workato, Celigo, and SAP Integration Suite (which ships a Box adapter).
Box is delivered as a multi-tenant SaaS product with enterprise security and compliance controls: AES 256-bit encryption at rest and in transit, customer-managed encryption keys via Box KeySafe, zero-trust access controls, malware detection, and support for regulatory frameworks including HIPAA, GDPR, FedRAMP, FINRA, PCI DSS, GxP, and ITAR. The company serves organizations from small teams to large regulated enterprises across government, life sciences, financial services, and media.
Screenshots & demo
Demo video from the vendor's YouTube channel.
Features & capabilities
Content storage and collaboration
Core file management and team collaboration.
- Centralized cloud repository with unlimited storage on business plans
- Version history with file version retention
- Real-time co-editing and commenting via Box integrations and Box Notes
- Secure file sharing with internal and external collaborators
- Shared links with expiration, password, and download controls
- Content preview for 120+ file types including documents, images, video, and 3D
- Desktop sync (Box Drive) and mobile access
Security and access control
Protection for sensitive content.
- AES 256-bit encryption at rest and in transit
- Box KeySafe customer-managed encryption keys
- Granular, role-based folder and file permissions
- Zero-trust access controls and device trust
- Box Shield threat detection and malware scanning
- Automated content classification and DLP policies
- Watermarking and access restrictions on sensitive files
Governance and compliance
Records management and regulatory controls.
- Retention schedules and automated disposition
- Legal hold and eDiscovery support
- Audit logs and activity reporting
- Information barriers between user groups
- Data residency options across multiple regions
- Support for HIPAA, GDPR, FedRAMP, FINRA, GxP, ITAR, and PCI DSS requirements
Workflow, e-signature, and automation
Process automation around content.
- Box Relay no-code workflow automation with drag-and-drop builder
- Box Sign native e-signature (unlimited signatures on business plans)
- Metadata-driven workflow triggers and approvals
- Box Hubs no-code content portals
- Automated metadata extraction and tagging
AI and intelligent content
AI applied to stored documents.
- Box AI document summarization and Q&A across files
- Box Extract for structured data extraction from documents
- AI agents for multi-step content workflows
- Access to models from OpenAI, Anthropic, and Google
- AI-powered metadata generation and enhanced search
Platform and integrations
Developer APIs and ecosystem connectors.
- Box REST API and webhooks
- Box UI Elements (embeddable Explorer, Preview, Uploader components)
- 1,500+ prebuilt app integrations
- Prebuilt connectors for NetSuite, SAP, Salesforce, Microsoft 365, and Google Workspace
- iPaaS support via Workato, Celigo, and SAP Integration Suite
Common use cases
- Storing and retrieving ERP-related documents (contracts, invoices, SOWs) in context
- Collecting e-signatures on agreements with Box Sign
- Automating document-centric approval and onboarding workflows
- Managing records retention and legal holds for compliance
- Securely sharing files with external partners, auditors, and vendors
- Extracting structured data from contracts and financial documents with AI
- Building no-code content portals for departments or external stakeholders
Strengths & considerations
Strengths
- Broad compliance coverage (FedRAMP, HIPAA, FINRA, GxP, ITAR) suited to regulated industries
- Customer-managed encryption keys via Box KeySafe for independent key control
- Native AI layer (Box AI, Extract, agents) with choice of OpenAI, Anthropic, and Google models
- Large integration ecosystem with 1,500+ prebuilt apps and embeddable UI Elements
- Unified platform combining storage, e-signature, workflow, and governance rather than separate point tools
Considerations
- Per-user pricing with a 3-user minimum on business plans can be costly at scale
- Deep ERP integrations (NetSuite, SAP) often rely on third-party connectors or iPaaS rather than fully native modules
- Advanced compliance and AI capabilities are gated to higher Enterprise tiers requiring sales contact
- Primarily a general content platform, not a purpose-built contract lifecycle or AP automation tool
- Real-time co-authoring of Office files depends on integrations rather than a native editor
ERP integrations
Box for NetSuite SuiteApp links NetSuite records to Box folders and syncs documents and metadata; third-party connectors (Workato, Celigo) also available.
SAP Integration Suite provides a native Box adapter; Box also exposed via SAP Open Connectors and partner integrations (e.g., VersaFile) for content storage in SAP processes.
Box for Salesforce surfaces Box content within Salesforce records.
Pricing
Business plans require a minimum of 3 users and include tiers Business Starter, Business, and Business Plus. Enterprise, Enterprise Plus, and Enterprise Advanced tiers add advanced compliance (HIPAA, FedRAMP), AI, and admin controls and require contacting sales. A free Individual plan offers 10 GB storage. Public list prices vary by region and term; confirm current pricing on box.com/pricing. Get an independent shortlist with pricing guidance below.
Technical & security
- Hosting
- Multi-tenant SaaS hosted by Box
- Data residency
- United States, Europe, Asia-Pacific, Canada, Australia, Japan
- Compliance
- SOC 2, ISO 27001, HIPAA, GDPR, FedRAMP, FINRA, PCI DSS, GxP, ITAR, ISMAP, FIPS 140-2
- Mobile app
- Yes
- Languages
- English, French, German, Spanish, Italian, Japanese, Korean, Chinese, Portuguese
About the vendor
- Founded
- 2005
- Headquarters
- Redwood City, California, United States
- Ownership
- Public (NYSE: BOX)
- Notable customers
- Cisco, NASA, Airbnb, Samsung, Spotify
Alternatives to Box in Document Management
Box — frequently asked questions
Does Box integrate with NetSuite and SAP?
Yes. Box offers the Box for NetSuite SuiteApp for linking NetSuite records to Box content, and SAP Integration Suite ships a native Box adapter. Integrations can also be built via the Box REST API or iPaaS platforms such as Workato and Celigo, supporting bi-directional document and metadata sync.
What compliance certifications does Box hold?
Box supports a broad set of frameworks including SOC 2, ISO 27001, HIPAA, GDPR, FedRAMP, FINRA, PCI DSS, GxP, ITAR, and ISMAP, with FIPS 140-2 validated encryption. Some certifications apply only to specific Enterprise tiers.
Can I control my own encryption keys in Box?
Yes. Box KeySafe lets customers maintain independent control of their encryption keys, on top of Box's default AES 256-bit encryption at rest and in transit.
Is there a free version of Box?
Box offers a free Individual plan with 10 GB of storage and a 250 MB file upload limit. Business plans (minimum 3 users) and Enterprise plans add unlimited storage, AI, and advanced security, with free trials available.
Does Box include e-signature?
Yes. Box Sign provides native e-signature, with unlimited signatures included on Box business plans, so agreements can be signed and stored without a separate e-signature tool.
Evaluating Document Management?
Tell us your ERP and requirements and we'll send an independent shortlist — including Box and the best-fit alternatives — with honest pros and cons.