Data Residency in SAFE

  • 1 minute(s) read
Prev Next

Overview

As a customer, when you sign up for SAFE, you are allocated a tenant. The default region application data is stored in the US (North Virginia). If this does not meet your business needs, additional regions are available, and this can be discussed with the SAFE Account Managers.

There are different data collected, processed, and managed by SAFE. Most of the data managed by SAFE are always kept in the chosen geographic region. Certain data are stored in our global data center. The encryption options for the regional data are explained in the section

Data pinning to regions

Data that is stored in the selected region and encrypted by a tenant KMS key

  • Questionnaire assessment data.
  • Assessment data under technology verticals. This includes assessment data generated by SAFE Hooks.
  • Asset Groups configuration data.
  • Cyber Security Products Assessment data.
  • Controls status, comments and evidence against controls.
  • Third-party assessment data.
  • Financial Risk Exposure Data.
  • ATT&CK Matrix data.
  • Credentials and configuration entered in the product for configuring integrations with Third-party software
  • Asset management and asset on-boarding data
  • Local User settings
  • User identity data
  • Company Management settings
  • Governance Management settings
  • Assessment tool settings and ingested data from any integrated input tools
  • Management tool settings and ingested data from any integrated input tools
  • General product settings are configured via the SAFE UI under Administration > Settings
  • All SAFE scores
  • All Backups
  • Any data that is the outcome of processing of assessment and CRQ except the one explicitly mentioned otherwise

Data that cannot be stored in the selected region

  • Application Logs and Metrics
  • These metrics & logs are used for observability by the operations team to analyze the successful working of the workloads and be alerted of any anomalies
  • SAFE Security reserves the right to allow approved support personnel to debug the logs
  • Email notifications are sent from globally configured AWS-based email service for all customers