...
ZenGRC uses Amazon S3 for storage. As such, we inherent inherit many of the security and availability controls put in place by AWS. Details of AWS' security controls can be found here: http://docs.aws.amazon.com/AmazonS3/latest/dev/DataDurability.html
S3 is a globally distributed platform, and as such data stored in it may leave is not contained to a particular geographic regionsregion.
What if this configuration doesn't meet my security needs (e.g. I'm a HIPAA covered entity, or need EU-based storage for GDPR compliance)?
...