Re: Data sovereignty for multiple countries in a s...

LewisLawrence · ‎Oct 15, 2025

Version: Windchill 13.0

Use Case: I would like to hear from anyone able to meet data sovereignty requirements for multiple countries working in the same global implementation.

Description:

For some industries, there can be requirements for certain data to not leave the country. In a global implementation a data sovereignty requirement can apply to more than one country while the Windchill server can only physically exist in one. Meaning certain data from some countries can never be managed using Windchill. Theoretically if an organisation defines "data" as only files (so not including meta-data), by using correctly configured security labels in combination with vaulting rules, data/files always stay in country.

I don't want to get into a debate about what "data" really is, that is a discussion for a legal compliance team. I want to hear if anyone is successfully doing this at their organisation, if so are they able to share any challenges they had to overcome to get things implemented and working.

Fadel · ‎Oct 15, 2025

take a look at Security labels https://support.ptc.com/help/wnc/r12.0.2.0/en/#page/Windchill_Help_Center%2Fsublandingpages%2FSublandingPageSecurityLabel.html%23

Fede

LewisLawrence · ‎Oct 17, 2025

I understand that using security labels along with local vaults and vaulting rules can theoretically ensure that the required files always remain in the country. I apologise if this was not clear in my original post.

I also believe that if the local vault becomes unavailable for any reason, the files would default to the master vault. This presents one of the challenges that must be addressed for the solution to work reliably, which is the sort of thing I am hoping to learn from anyone who has already implemented this approach.

HelesicPetr · ‎Oct 17, 2025

Any US firearm manufacturing company that works globally has to deal with the same rules.

PetrH

avillanueva · ‎Oct 20, 2025

That is correct. I briefly had a system that had replication setup where the replicate site was local to the remote site but all files were also stored locally to the main service in the master vault. That being said, for compliance reasons, I think you will have to contend with data ONLY residing in one country or another. Let's say server is in USA and you are also managing UK and India data. If there is no issue with their data all residing in USA, you would have your normal master vaults and then remote replica vaults for their local data. Keep in mind there might be shared data like libraries and such. You would not replicate data from UK to India or visa versa for example, or USA only data out to those other sites. This would be normal use case.

But if you had a situation where data in India could not be replicated to USA, then I think you need to setup a Master vault that was remote to India. Performance would not be ideal. I think in that case, you can still have a local replica vault but data would transit back to USA except not stored there but instead resouted back to India. Correct me if I have this setup wrong. Security labels would help enforce rules in case of accidental movement of data in context to wrong area.

jlecoz · ‎Oct 21, 2025

If you have visualization activated for CAD Documents and if data has to stay in the Master vault don't forget to set up a remote CAD worker localized in the same country. Doing so will ensure that worker will take the CAD files from your master vault and not from another vault.

HelesicPetr · ‎Oct 21, 2025

Hi @LewisLawrence

I was thinking about the legislative and I can say that you do not have a tool to proof if data are (or are not) transferred between states in the Windchill :D.

there is a communication but proof if it is a model. You can't 😄

Also the government office can not do that 😄

PetrH

Data sovereignty for multiple countries in a single system

Data sovereignty for multiple countries in a single system