Description of how we monitor, detect and log malicious activity in applications

Data Protection Policy

Description of how we monitor, detect and log malicious activity in applications.

 

We have a runbook for detecting and managing security incidents. The runbook identify incident response roles and responsibilities, define the types of incidents that may affect Amazon, define incident response procedures for the defined incident types, and define an escalation path and procedures for escalating security incidents to Amazon.

We review and test the plan every six 6 months and after any major infrastructure or system changes, including changes to the system, controls, operating environments, risk levels and supply chain.

We are able to notify Amazon at 3p-security@amazon.com within 24 hours of detecting a security incident or suspecting that a security incident has occurred. Our security partner is able to take action on any security incident and document the incident, set out remedial actions and corrective process or system controls to prevent future incidents.

We maintain a chain of custody for all evidence or records collected, and such documentation must be made available to Amazon upon request. If a security incident has occurred, we will not disclose information on behalf of Amazon to any regulatory authority or to customers unless Amazon specifically requests us in writing to do so.