On this page
π Data Residency Checklist
Workshop 1 β Exercise 1, Step 3
Fill in the βYour Observationβ column as you explore the Data Residency settings for your GHE.com organization.
In-Region vs Out-of-Region Data
| Category | Data Type | Expected Residency | Your Observation |
|---|---|---|---|
| β Inside region | Source code (Git repositories) | Stored in Japan | Β |
| β Inside region | Issues, pull requests, discussions | Stored in Japan | Β |
| β Inside region | Wikis | Stored in Japan | Β |
| β Inside region | User profile data (EMU-managed) | Stored in Japan | Β |
| β Inside region | GitHub Actions logs & artifacts | Stored in Japan | Β |
| β οΈ May leave region | Copilot telemetry & usage logs | Processed by Copilot service | Β |
| β οΈ May leave region | Billing & support data | Managed globally | Β |
| β οΈ May leave region | Secret scanning validity checks | External service validation | Β |
| β οΈ May leave region | Certificate transparency logs | TLS cert info shared with global CAs | Β |
Your Trust Boundary Diagram
Draw or describe the trust boundary for your organization:
- Whatβs INSIDE the boundary?
- What CROSSES the boundary (and under what conditions)?
- Whatβs OUTSIDE the boundary?
βββββββββββββββββββββββββββββββββββββββββββββββ
β INSIDE (Japan) β
β β
β (list your in-region data here) β
β β
ββββ CROSSES BOUNDARY βββββββββββββββββββββββββ€
β β
β (list data that may leave the region) β
β β
βββββββββββββββββββββββββββββββββββββββββββββββ
Key Questions to Answer
- Can you confirm the region setting in the organization admin panel?
- Which data types are you most concerned about leaving the region?
- How does this trust boundary affect your compliance requirements?
- What compensating controls exist for data that leaves the region?