Speaker 1: Hey everyone, my name is Josh Rosenberg and I'm the Head of Governance Product Marketing for Box. I'll be walking you through how Box Governance works, both from an admin point of view to get a setup and an end user point of view to show you what they actually see. All right, so let's jump into the demo. So the first thing you do is navigate to the Admin Console and you'll come up on the Insights Dashboard first, and then go down, you'll see the lock, and it'll say Governance. So click on Governance and you'll see the three main pillars of governance, which are Retention, Legal Holds, and Classifications. There are a few other pieces of governance we'll also walk through as we get to the end of this demo. But first things first, let's start by creating a new retention policy. So you click Create, and the first step is to name the policy. So here I'll say Human Resources, and then you get to choose the time period. So you can choose some pre-selected times of days or years, or we can go indefinite, which means the content will be retained forever, or custom. So in this case, I'll say we want to hold this for seven years. The next thing to think about is what do you want the disposition action to be? If you choose an action of None, then this means once the file comes to term and the policy's over, nothing will happen, people who have delete rights can delete it, or it'll just stay in place, or you could potentially move it to an archive folder or something that only admins have access to. What we often see, though, is people choose the Permanently Delete Content option, which means as soon as the file comes to term, then that file will be permanently deleted. It'll go right past your trash and get permanently deleted off of our servers. And of course, if you do want to extend the deletion date, you can check this box that says Allow the Owners and Co-Owners to Extend the Date, and you can choose who gets the email notifications to do this, so it'll get a notification 14 days before the policy ends. The next thing to consider is how are you actually applying this policy? So we have three different ways to select to apply retention policies to your content. The first one, which is the most broad, is all new content coming into your box instance. The one that's a little bit more narrow is content within specific folders, so if you want to do a big bucket policy for financial documents, HR documents, etc., you can set that at the highest level folder, and that policy will cascade down to the folders underneath. If you want to get even more specific, then you can choose content with specific metadata, which lets you set retention policies based on metadata templates on specific files. So I'll walk you through how this works with folders and files, because with all new content, you literally set the policy and it just applies to everything new coming into the box. So if we select specific folders, scroll up, click Next, then you click Select Folders, then you get to search for the folders you want. So I'll pick JoshGov and hit Enter to search, and then this is the folder that comes up. So I click the checkbox, click Choose, click Select Folders, and click Next, and there you go. And this will give you a summary of everything that you set up, and just so you can review it before you start the policy. So here, I'm actually going to cancel this, and now I'll show you what it looks like if you use metadata. So I'll go Create Retention Policy, we'll try Human Resources again, and I'll just leave this at 30 days. I won't change any of the actions here, but I'm going to click into content with specific metadata. So when I click Next, I select the metadata, and this will pull up all of the metadata templates that your admin has created in the back end. So what I can do here is I can select a retention policy based on the template itself. This one would be HR information, or if I want to choose something that has some key value pairs, I can pick a retention policy based on the key value pairs within the template versus the template itself. So I'll just get rid of that one. So click Select again, click Next, and again you get the review of everything you set up, just so you can take a look at it and make sure everything's okay. So I'm going to click Cancel here, and move on to the next bucket, which is Legal Holds. So Legal Holds in Box are actually really simple to set up, and take almost no time at all. So if I click Create, you can enter a name of the hold, so I'll say Josh vs. Jeff, and say Josh is suing Jeff. So that's the name of the hold and the description that the people who were able to see this in the back end can look at. Then the other thing you do is look at the date range. So Box actually lets you have the start and end date optional, so you can leave them open-ended. What we see a lot of businesses do is they know when it became relevant to start holding content for the matter, so they might go back and say, hold everything starting about a year ago, but leave it open-ended so that as new content becomes relevant to the lawsuit, it just gets held. So what this does is, looking forward, you'll set the hold on a custodian basis, and it'll hold any content that they're actually engaging with, so stuff they edit or view or share, etc. So you click Next, you click Add Custodian, so I'll put in Jeff, because he's relevant to this case. Click Add, and you click Save. And then again, you get the review of your criteria, the date range, the number of custodians, and you click Start. And it's really that simple. So you set the hold, it places all the relevant content that's owned by that user or that user has interacted with on hold. You can report, and you can export a lot of the details, like the file IDs, the names, etc., so you have an audit trail for the chain of custody of the files. Then you can always release the legal hold when you're done. The next bucket I'll walk you through is classification. So this actually serves two purposes within your organization. The first is literally just classifying content to make it easier to find. So here we have a classification name of External OK, you can have a display indicator to show a message of what you want people to see, and you can choose basically how broadly people can share it. So there's a bit of a security component here as well, where you can choose if they can share the file outside with anyone in the public, you can go as restrictive as only people who already have access to the file or folder. You can also use this for things like if you want to classify PII, or personal health information, which is PHI, or contracts, you can also do that as well. The other two pieces of functionality of governance that can be very helpful to your org are, if you are a governance customer, you can go to the settings, and you can actually scroll down to see file version limit. So in Box Governance, you have this option to have unlimited file versions. With Enterprise, it'll be 100, and with Governance, you can check that box, and you're able to have as many file versions as you want. And this can actually be helpful for retention purposes, because Box actually retains content based on the file version. So every single file version that's got a retention policy on it will be held for the term of that policy. The other thing that comes with Box Governance is what I call advanced trash controls. So when you click on the content and sharing, you can scroll down, and you'll see the trash. So what you get with Core Box is everybody can permanently delete the trash, or nobody can permanently delete the trash. But with Governance, you have these two settings in the middle, which is admins and co-admins only or admins only. So what this means is, if you set a retention policy with a disposition action of none, you can now provision some co-admins who, say, have deletion rights, who can go in and see all the content that's come to term, and they can choose what they want to delete. You can also set co-admin permissions for people to only be able to set those policies. So people that can create retention policies or set legal holds, but don't do any of the other provisioning for users. All right, so now let's click into what it looks like in the front end. Here's a demo org I built out for a university. So you can see there's a couple different folders here. Courses, health records, student records, things like that. So I click on Courses. There's no retention set here just because we don't have any files in there, and this content may not be relevant. But when I click on Health Records, you'll see there's an active retention policy at the folder level. So when I click in the details, there's a two-year policy on this folder. So every file that goes into this folder is held for two years. And when I click in there, I'll see there's one file there, which is my physical information. And when you click on this file, you can scroll down into the properties and see two things. One, it's been classified as personal health information, so not something you want to share externally. And two, it's been tagged with a metadata retention policy because we determined it's a health record. And something that has to be held for maybe longer than two years is a three-year policy attached directly to this file. And when I click into the file as an end user, this is what I'll see from a labeling point of view. So you'll see the PHI classification up top. If I hover, it will show that banner. And if I go to click share, because I picked a very restrictive shared link setting, I can't share this with anybody who's not already in the file or already in the folder. All right. Thank you very much for listening. And that is my demo of Box Governance for you. Thank you for joining us. To learn more, please either reach out to your Box sales rep or visit us at box.com slash governance.