Domain 6Team Deployment, Security & Enterprise Readiness

Compliance Gaps

TL;DR

The specific regulatory frameworks Cowork cannot currently satisfy: HIPAA (healthcare), SOX (financial reporting), PCI-DSS (payment card data), and SOC 2 (service organisation controls).

Definition

The specific regulatory frameworks Cowork cannot currently satisfy: HIPAA (healthcare), SOX (financial reporting), PCI-DSS (payment card data), and SOC 2 (service organisation controls). The combination of unauditable activity, local-only storage, and no compliance exports makes chain-of-custody documentation impossible.

Exam Context

Questions test whether you can identify the specific blocker for regulated workloads. The answer is always the audit gap — not sandbox isolation, not training policies, but the inability to produce an audit trail.

Related Lessons

Related Terms in Domain 6

Plan TiersRate Limit ResetsTenant RestrictionsThe Audit GapData Training PoliciesLocal-Only HistoryWeb Search Egress BypassData Exfiltration Channels
← Back to Domain 6 glossaryAll domains →