Deep ThoughtsBlog
← Back to all writing

Network+ Exam

Audits and Compliance

October 29, 2025

  • #network+

Audits and Compliance

PCI DSS

Data Locality - geographic location where data is stored and preocesses.

every country has it’s own laws

some countries mandate that citizens data can not be outside their borders. There are data storage laws that you may need to be aware of.

Dtermine where the data will be stored, will reduce lataency to put servers that are closer.

Data locality is focsed on risk assesments and risk amnagemtn.

Payment card industry data security standard (PCI DSS) - SET OF SECURITY STANDARDS DESIGNED TO ENSURE THAT ALL COMPANIES THAT ACCEPT, PROCESS,STORE OR transmit credit card information maintain a secure environment.

Audits and compliants

Wehn designing and enterprise networi, ensure that is is designed to support

GDPR - Regulation or law created by the EU that is focused on datat protection and privacy in the EU. Applies to all companies that are in the EU or provide services to EU.

Right to be informed

Right to erasure

Conducting data protection ipact assement.

Auding and compliance is an ongoing process. monitroing and auditing program.

Regular audits.

Employee training.

policies and procedures

Compliance & Data Regulations

Data Locality

  • Refers to the geographic location where data is stored and processed.
  • Why important?
    • Different countries have different data laws.
    • Some require citizen data to remain inside national borders (data sovereignty).
    • Impacts latency (closer servers = faster access).
  • Tied to risk assessments and management.

PCI DSS (Payment Card Industry Data Security Standard)

  • Set of security standards for any company that accepts, processes, stores, or transmits credit card data.
  • Goal: Protect payment card data and maintain a secure environment.
  • Compliance:
    • Requires regular audits.
    • Must implement policies, employee training, monitoring, and secure system design.

GDPR (General Data Protection Regulation) – EU

  • EU regulation on data protection and privacy.
  • Applies to all companies in the EU or offering services to EU citizens.
  • Key Rights:
    • Right to be informed (know how data is used).
    • Right to erasure (right to be forgotten).
  • Requirements:
    • Conduct Data Protection Impact Assessments (DPIA).
    • Ongoing audits and compliance checks.
    • Strong policies, procedures, and employee training.

Exam Must-Knows

  • PCI DSS = credit card security standard.
  • GDPR = EU data protection law.
  • Data Locality = where data physically resides matters legally + for latency.
  • Compliance is continuous: audits, monitoring, training, and policies.

⚡Memory Trick:

  • PCI DSS = Protect Card Info.
  • GDPR = General Data Privacy Rules (EU).
  • Locality = Location matters.