Researching and understanding the specific encryption standards and laws applicable to each country where the offices are located is essential to maintain compliance when conducting the penetration test. The choice of employing an international legal team to review the standards ensures that the penetration test is legally sound across all jurisdictions. Merely avoiding datacenters in strict jurisdictions or assuming client awareness of international encryption standards does not address the complexity of adhering to disparate legal requirements. Additionally, the refusal to sign any engagements could potentially lead to loss of business and does not directly assist with legal compliance.