# Data Residency and Sovereignty One-sentence definition: Requirements restricting where data is stored/processed and which jurisdictions’ laws apply. ## Key Facts - Residency: physical location; Sovereignty: legal control/jurisdiction. - Cross-border transfers require mechanisms and contract clauses. - Cloud regions/replication settings must meet residency rules. - Consider backups, logs, support access, and disaster recovery sites. - Maintain data maps and vendor locations; update on changes. - **Verify:** check official (ISC)² CBK and current exam outline. ## Exam Relevance - Select configurations that keep data within allowed regions. **Mnemonic:** “Where it lives, whose rules.” ## Mini Scenario Q: DR site in another country—what to verify? A: Legal transfer basis and equivalent protections. ## Revision Checklist - Define residency vs sovereignty. - Name two transfer controls. - Ensure backups/DR comply. ## Related [[Cloud Data Protection (SaaS, PaaS, IaaS)]] · [[Data Handling in Third-Party Contexts]] · [[Record Management and Data Retention]] · [[Contracts, SLAs, OLAs, MOUs]] · [[Data Inventory and Asset Register]] · [[Domain 2 - Index]]