SlideShare a Scribd company logo

Testings 1 (1)

A
AndreyZatserklaniy

MWS Audit

Business
1 of 6
Download to read offline
Version 1 1 Acceptable Use 1.1 Do you use Personally Identifiable Information (PII) for any purpose other than Shipping labels and/or tax purposes? If so, please list additional use cases and explain them (e.g. customer profiles, marketing, buyer communication). 1.2 Please list any subsidiaries or additional beneficiaries (e.g. additional business units, customers, vendors, other third-party solutions) that obtain access to Amazon MWS data due to your use as a Developer (other than application users). 1.3 Do you retrieve Amazon.com data from non-Amazon MWS sources? If yes, please specify the type of data and its source. 2 Network Protections 2.1 How is your infrastructure hosted (e.g. on-premise, AWS, non-Amazon cloud solution)? 2.2 How do you restrict network-level access to your infrastructure (web servers, database servers, endpoints, etc)? 2.3 Do you restrict public access to your database/file servers and desktop/developer endpoints? If so, how? 3 Access Management 3.1 Please describe your access management practices. 3.2 Have you assigned a unique ID (for logging and accountability) to each employee who has access to Amazon Information? 3.3 How often do you review (and baseline) access to Amazon Information?
3.4 Do you have a lockout mechanism in place when a malicious activity or log-in attempt is detected? 3.5 Do you keep an inventory of asset hardware and software that stores Amazon information? 3.6 Do you allow employees to store Amazon data on personal devices? 3.7 Do your access controls divide data access between PII and non-PII access? 4 Encryption in Transit 4.1 Are you encrypting all data-in-transit for all internal and external endpoints? Please specify any data transfers, internal or external, which are not encrypted. 5 Incident Response Plan 5.1 "How does your incident response plan address: 1. What to do in case your servers/databases are hacked? 2. What to do in case an unauthorized access to customer data is detected? 3. Who to contact in case of an incident and what steps to follow? 4. What to do in case your servers leaked Amazon Information? 5. How to reach out to Amazon to inform them of the incident?" 6 Request for Deletion or Return 6.1 In case of Amazon's request for data deletion or return, do you have a mechanism in place to destroy Amazon-provided data? 6.2 In case of request, how soon will you be able to destroy Amazon-provided data? 7 Data Governance
7.1 Do you have an external Privacy policy? If "Yes," please provide the URL to your external Privacy policy. 8 Encryption and Storage 8.1 Are you encrypting all data-at-rest, including data backups? 8.2 What protocol are you using to encrypt data-at-rest? 9 Least Privilege Principle 9.1 How does your organization follow the principle of least privilege to ensure that access to PII is granted on a "need-to-know" basis? 10 Logging and Monitoring 10.1 How are you generating logs? 10.2 Are you logging security-related events (like access and authorization events, intrusion attempts, configuration changes, etc.)? 10.3 Are you storing PII in logs? 10.4 Do you have mechanisms in place to monitor the logs and trigger alarms in case of malicious activity?
Version 2 Cyber General 1. Do you have a defined Organization Chart 2. Do you have a defined Data/ Business Process Flow Diagram 3. Please provide your Merchant ID Log 4. Please share (if available) any previous Assessment Reports (SOC 1/2 Type 2 / other Certification Reports such as SOC, HIPAA, PCI-DSS etc.) Cyber - Data Security C5. Do you have a defined Data/ Business Process Flow Diagram C55. Please share (if available) any previous Assessment Reports (SOC 1/2 Type 2 / other Certification Reports such as SOC, HIPAA, PCI-DSS etc.) Cyber - Information security policies C9. Do you have an Access Control Policy or Standard C11. Do you have an Audit & Event Logging Policies or Standards Data breach is in breach policy below https://docs.google.com/document/d/1EgO-GijbuSwp-j_r0yEi3TNK-Y-60MqwYHv hM2OCOmk/edit?usp=sharing - data breach log - here is how we keep breaches. C13. Do you have an Asset Lifecycle Management Policy C15. Do you have a Data Encryption Policy or Standard C17. Do you have a Data Protection and Privacy policy - https://sellbery.com/legal-docs/privacy-policy - privacy policy; - https://docs.google.com/document/d/1X6MEUm3Uz5fiNo72V-_h_Zz-yO-u5HZ-al 51r4LhnIk/edit?usp=sharing C19. Do you have a Data Classification Policy https://sellbery.com/legal-docs/privacy-policy - Personal data in our privacy policy Confidential - in information security policy C21. IDo you have an Information Security Policy and/or Standard - https://docs.google.com/document/d/1X6MEUm3Uz5fiNo72V-_h_Zz-yO-u5HZ-al 51r4LhnIk/edit?usp=sharing C23. Do you have a Password Management Policy
C25. Do you have a Anti-Malware Policy or procedures C27. Do you have a Cloud Security Policy and Associated Standards C29. Do you have a Configuration Management Policy C31. Do you have a Data Destruction and Retention Policy - https://docs.google.com/document/d/1Kdb3pJ1n0fX2d_wimd-G-S6QkSXXT1Ueg E5hzoic4Uc/edit?usp=sharing - Data retention policy draft - https://docs.google.com/spreadsheets/d/1_ImqwEfLB2dkzC7TYSGBUZ1KNYNI MmNiTkuKNp0OrS8/edit#gid=86919022 - data retention matrix draft C33. Do you have a Security Training and Awareness Policy and Content Information C35. Do you have a Risk Management Policy and procedure C37. Do you have a Software Development Policy or Standard C39. Do you have a Network Security Policy C41. Do you have a Third Party Risk Management Policy C43. Do you have a Vulnerability Management Policy C45. Do you have a Data Backup and Restoration Policy C47. Do you have a Incident Management Policy https://docs.google.com/document/d/1EgO-GijbuSwp-j_r0yEi3TNK-Y-60MqwYHv hM2OCOmk/edit?usp=sharing - data breach policy - how we act https://docs.google.com/document/d/1EgO-GijbuSwp-j_r0yEi3TNK-Y-60MqwYHv hM2OCOmk/edit?usp=sharing - data breach log - here is how we keep breaches. C49. Do you have a Mobile computing and mobile devices including BYOD (Bring Your Own Device) Policy C51. Do you have a Remote Access Policy Cyber - Data Security C53. Do you have a Data Handling Procedures for Amazon Data C57. Please provide a description of any security tools utilized (Anti-virus, IDS, Logging tools etc.) C59. Do you have a Network Architecture Diagrams C61. Please describe your IT Change Management Plans or Procedures C63. Do you have a Baseline Configuration documentation or checklist C65. Please provide your Data Disposal Procedures and Logs C67. Do you have a Information Classification Scheme and Information Asset Classification Procedure C69. Do you have a Patch Management Procedures C71. Do you have a Removable Media Handling Procedure C73. Please provide a list of any additional open source library dependencies or 3rd party tools
Testings 1 (1)

Recommended

Resensi novel bahasa sunda
Resensi novel bahasa sundaResensi novel bahasa sunda
Resensi novel bahasa sundaAnnisa Khoerunnisya
 
Corso di Concetti base di programmazione
Corso di Concetti base di programmazioneCorso di Concetti base di programmazione
Corso di Concetti base di programmazioneSalvatore Cordiano
 
Barcelona's new bus network
Barcelona's new bus networkBarcelona's new bus network
Barcelona's new bus networkTMB
 
Common Health Complaints ESL
Common Health Complaints ESLCommon Health Complaints ESL
Common Health Complaints ESLGeorge Ramos
 
The eyes have it
The eyes have itThe eyes have it
The eyes have itLavikagureja1
 
Testings 1
Testings 1Testings 1
Testings 1AndreyZatserklaniy
 
McAfee SIEM solution
McAfee SIEM solution McAfee SIEM solution
McAfee SIEM solution hashnees
 
Gdpr ccpa steps to near as close to compliancy as possible with low risk of f...
Gdpr ccpa steps to near as close to compliancy as possible with low risk of f...Gdpr ccpa steps to near as close to compliancy as possible with low risk of f...
Gdpr ccpa steps to near as close to compliancy as possible with low risk of f...Steven Meister
 

Recommended

Resensi novel bahasa sunda
Resensi novel bahasa sundaResensi novel bahasa sunda
Resensi novel bahasa sundaAnnisa Khoerunnisya
 
Corso di Concetti base di programmazione
Corso di Concetti base di programmazioneCorso di Concetti base di programmazione
Corso di Concetti base di programmazioneSalvatore Cordiano
 
Barcelona's new bus network
Barcelona's new bus networkBarcelona's new bus network
Barcelona's new bus networkTMB
 
Common Health Complaints ESL
Common Health Complaints ESLCommon Health Complaints ESL
Common Health Complaints ESLGeorge Ramos
 
The eyes have it
The eyes have itThe eyes have it
The eyes have itLavikagureja1
 
Testings 1
Testings 1Testings 1
Testings 1AndreyZatserklaniy
 
McAfee SIEM solution
McAfee SIEM solution McAfee SIEM solution
McAfee SIEM solution hashnees
 
Gdpr ccpa steps to near as close to compliancy as possible with low risk of f...
Gdpr ccpa steps to near as close to compliancy as possible with low risk of f...Gdpr ccpa steps to near as close to compliancy as possible with low risk of f...
Gdpr ccpa steps to near as close to compliancy as possible with low risk of f...Steven Meister
 
One name unify them all
One name unify them allOne name unify them all
One name unify them allBizTalk360
 
Office 365 Security, Privacy and Compliance - SMB Nation 2015
Office 365 Security, Privacy and Compliance - SMB Nation 2015Office 365 Security, Privacy and Compliance - SMB Nation 2015
Office 365 Security, Privacy and Compliance - SMB Nation 2015Robert Crane
 
Data Lost Prevention (DLP).pdf
Data Lost Prevention (DLP).pdfData Lost Prevention (DLP).pdf
Data Lost Prevention (DLP).pdfAgusto Sipahutar
 
Soluzioni per la sicurezza aziendale di hp
Soluzioni per la sicurezza aziendale di hpSoluzioni per la sicurezza aziendale di hp
Soluzioni per la sicurezza aziendale di hpat MicroFocus Italy ❖✔
 
IRJET- Data Leak Prevention System: A Survey
IRJET- Data Leak Prevention System: A SurveyIRJET- Data Leak Prevention System: A Survey
IRJET- Data Leak Prevention System: A SurveyIRJET Journal
 
Data Loss Prevention in O365
Data Loss Prevention in O365Data Loss Prevention in O365
Data Loss Prevention in O365Don Daubert
 
Symantec Data Loss Prevention - Technical Proposal (General)
Symantec Data Loss Prevention - Technical Proposal (General)Symantec Data Loss Prevention - Technical Proposal (General)
Symantec Data Loss Prevention - Technical Proposal (General)Iftikhar Ali Iqbal
 
SPSUK - When do you decide to go to the cloud?
SPSUK - When do you decide to go to the cloud?SPSUK - When do you decide to go to the cloud?
SPSUK - When do you decide to go to the cloud?Mark Stokes
 
Global Security and Compliance Community conference 2021
Global Security and Compliance Community conference 2021Global Security and Compliance Community conference 2021
Global Security and Compliance Community conference 2021Albert Hoitingh
 
Information protection and compliance
Information protection and complianceInformation protection and compliance
Information protection and complianceDean Iacovelli
 
How to Maximize Data Governance in Snowflake Test Environment
How to Maximize Data Governance in Snowflake Test EnvironmentHow to Maximize Data Governance in Snowflake Test Environment
How to Maximize Data Governance in Snowflake Test EnvironmentJade Global
 
iDEAFest Enteprise InfoSec Program Lessons Learned
iDEAFest Enteprise InfoSec Program Lessons LearnediDEAFest Enteprise InfoSec Program Lessons Learned
iDEAFest Enteprise InfoSec Program Lessons LearnedMichael King
 
18 Tips for Data Classification - Data Sheet by Secure Islands
18 Tips for Data Classification - Data Sheet by Secure Islands18 Tips for Data Classification - Data Sheet by Secure Islands
18 Tips for Data Classification - Data Sheet by Secure IslandsSecure Islands - Data Security Policy
 
CIS 560 Entire Course NEW
CIS 560 Entire Course NEWCIS 560 Entire Course NEW
CIS 560 Entire Course NEWshyamuopuop
 
Tsc2021 cyber-issues
Tsc2021 cyber-issuesTsc2021 cyber-issues
Tsc2021 cyber-issuesErnest Staats
 
Deep dive into Microsoft Purview Data Loss Prevention
Deep dive into Microsoft Purview Data Loss PreventionDeep dive into Microsoft Purview Data Loss Prevention
Deep dive into Microsoft Purview Data Loss PreventionDrew Madelung
 
Compliance to privacy act and mandatory data breach reporting for corporates
Compliance to privacy act and mandatory data breach reporting for corporatesCompliance to privacy act and mandatory data breach reporting for corporates
Compliance to privacy act and mandatory data breach reporting for corporatese-Safe Systems
 
SC-900 Capabilities of Microsoft Compliance Solutions
SC-900 Capabilities of Microsoft Compliance SolutionsSC-900 Capabilities of Microsoft Compliance Solutions
SC-900 Capabilities of Microsoft Compliance SolutionsFredBrandonAuthorMCP
 
Data Protection Forum meetup 23052017
Data Protection Forum meetup 23052017 Data Protection Forum meetup 23052017
Data Protection Forum meetup 23052017 John M Walsh
 
Wp security-data-safe
Wp security-data-safeWp security-data-safe
Wp security-data-safeALI ANWAR, OCP®
 
Case study on tata clothing brand zudio in detail
Case study on tata clothing brand zudio in detailCase study on tata clothing brand zudio in detail
Case study on tata clothing brand zudio in detailAriel592675
 
Lowrate Call Girls In Sector 18 Noida ❤️8860477959 Escorts 100% Genuine Servi...
Lowrate Call Girls In Sector 18 Noida ❤️8860477959 Escorts 100% Genuine Servi...Lowrate Call Girls In Sector 18 Noida ❤️8860477959 Escorts 100% Genuine Servi...
Lowrate Call Girls In Sector 18 Noida ❤️8860477959 Escorts 100% Genuine Servi...lizamodels9
 

More Related Content

Similar to Testings 1 (1)

One name unify them all
One name unify them allOne name unify them all
One name unify them allBizTalk360
 
Office 365 Security, Privacy and Compliance - SMB Nation 2015
Office 365 Security, Privacy and Compliance - SMB Nation 2015Office 365 Security, Privacy and Compliance - SMB Nation 2015
Office 365 Security, Privacy and Compliance - SMB Nation 2015Robert Crane
 
Data Lost Prevention (DLP).pdf
Data Lost Prevention (DLP).pdfData Lost Prevention (DLP).pdf
Data Lost Prevention (DLP).pdfAgusto Sipahutar
 
IRJET- Data Leak Prevention System: A Survey
IRJET- Data Leak Prevention System: A SurveyIRJET- Data Leak Prevention System: A Survey
IRJET- Data Leak Prevention System: A SurveyIRJET Journal
 
Data Loss Prevention in O365
Data Loss Prevention in O365Data Loss Prevention in O365
Data Loss Prevention in O365Don Daubert
 
Symantec Data Loss Prevention - Technical Proposal (General)
Symantec Data Loss Prevention - Technical Proposal (General)Symantec Data Loss Prevention - Technical Proposal (General)
Symantec Data Loss Prevention - Technical Proposal (General)Iftikhar Ali Iqbal
 
SPSUK - When do you decide to go to the cloud?
SPSUK - When do you decide to go to the cloud?SPSUK - When do you decide to go to the cloud?
SPSUK - When do you decide to go to the cloud?Mark Stokes
 
Global Security and Compliance Community conference 2021
Global Security and Compliance Community conference 2021Global Security and Compliance Community conference 2021
Global Security and Compliance Community conference 2021Albert Hoitingh
 
Information protection and compliance
Information protection and complianceInformation protection and compliance
Information protection and complianceDean Iacovelli
 
How to Maximize Data Governance in Snowflake Test Environment
How to Maximize Data Governance in Snowflake Test EnvironmentHow to Maximize Data Governance in Snowflake Test Environment
How to Maximize Data Governance in Snowflake Test EnvironmentJade Global
 
iDEAFest Enteprise InfoSec Program Lessons Learned
iDEAFest Enteprise InfoSec Program Lessons LearnediDEAFest Enteprise InfoSec Program Lessons Learned
iDEAFest Enteprise InfoSec Program Lessons LearnedMichael King
 
CIS 560 Entire Course NEW
CIS 560 Entire Course NEWCIS 560 Entire Course NEW
CIS 560 Entire Course NEWshyamuopuop
 
Tsc2021 cyber-issues
Tsc2021 cyber-issuesTsc2021 cyber-issues
Tsc2021 cyber-issuesErnest Staats
 
Deep dive into Microsoft Purview Data Loss Prevention
Deep dive into Microsoft Purview Data Loss PreventionDeep dive into Microsoft Purview Data Loss Prevention
Deep dive into Microsoft Purview Data Loss PreventionDrew Madelung
 
Compliance to privacy act and mandatory data breach reporting for corporates
Compliance to privacy act and mandatory data breach reporting for corporatesCompliance to privacy act and mandatory data breach reporting for corporates
Compliance to privacy act and mandatory data breach reporting for corporatese-Safe Systems
 
SC-900 Capabilities of Microsoft Compliance Solutions
SC-900 Capabilities of Microsoft Compliance SolutionsSC-900 Capabilities of Microsoft Compliance Solutions
SC-900 Capabilities of Microsoft Compliance SolutionsFredBrandonAuthorMCP
 
Data Protection Forum meetup 23052017
Data Protection Forum meetup 23052017 Data Protection Forum meetup 23052017
Data Protection Forum meetup 23052017 John M Walsh
 

Similar to Testings 1 (1) (20)

One name unify them all
One name unify them allOne name unify them all
One name unify them all
 
Office 365 Security, Privacy and Compliance - SMB Nation 2015
Office 365 Security, Privacy and Compliance - SMB Nation 2015Office 365 Security, Privacy and Compliance - SMB Nation 2015
Office 365 Security, Privacy and Compliance - SMB Nation 2015
 
Data Lost Prevention (DLP).pdf
Data Lost Prevention (DLP).pdfData Lost Prevention (DLP).pdf
Data Lost Prevention (DLP).pdf
 
Soluzioni per la sicurezza aziendale di hp
Soluzioni per la sicurezza aziendale di hpSoluzioni per la sicurezza aziendale di hp
Soluzioni per la sicurezza aziendale di hp
 
IRJET- Data Leak Prevention System: A Survey
IRJET- Data Leak Prevention System: A SurveyIRJET- Data Leak Prevention System: A Survey
IRJET- Data Leak Prevention System: A Survey
 
Data Loss Prevention in O365
Data Loss Prevention in O365Data Loss Prevention in O365
Data Loss Prevention in O365
 
Symantec Data Loss Prevention - Technical Proposal (General)
Symantec Data Loss Prevention - Technical Proposal (General)Symantec Data Loss Prevention - Technical Proposal (General)
Symantec Data Loss Prevention - Technical Proposal (General)
 
SPSUK - When do you decide to go to the cloud?
SPSUK - When do you decide to go to the cloud?SPSUK - When do you decide to go to the cloud?
SPSUK - When do you decide to go to the cloud?
 
Global Security and Compliance Community conference 2021
Global Security and Compliance Community conference 2021Global Security and Compliance Community conference 2021
Global Security and Compliance Community conference 2021
 
Information protection and compliance
Information protection and complianceInformation protection and compliance
Information protection and compliance
 
How to Maximize Data Governance in Snowflake Test Environment
How to Maximize Data Governance in Snowflake Test EnvironmentHow to Maximize Data Governance in Snowflake Test Environment
How to Maximize Data Governance in Snowflake Test Environment
 
iDEAFest Enteprise InfoSec Program Lessons Learned
iDEAFest Enteprise InfoSec Program Lessons LearnediDEAFest Enteprise InfoSec Program Lessons Learned
iDEAFest Enteprise InfoSec Program Lessons Learned
 
18 Tips for Data Classification - Data Sheet by Secure Islands
18 Tips for Data Classification - Data Sheet by Secure Islands18 Tips for Data Classification - Data Sheet by Secure Islands
18 Tips for Data Classification - Data Sheet by Secure Islands
 
CIS 560 Entire Course NEW
CIS 560 Entire Course NEWCIS 560 Entire Course NEW
CIS 560 Entire Course NEW
 
Tsc2021 cyber-issues
Tsc2021 cyber-issuesTsc2021 cyber-issues
Tsc2021 cyber-issues
 
Deep dive into Microsoft Purview Data Loss Prevention
Deep dive into Microsoft Purview Data Loss PreventionDeep dive into Microsoft Purview Data Loss Prevention
Deep dive into Microsoft Purview Data Loss Prevention
 
Compliance to privacy act and mandatory data breach reporting for corporates
Compliance to privacy act and mandatory data breach reporting for corporatesCompliance to privacy act and mandatory data breach reporting for corporates
Compliance to privacy act and mandatory data breach reporting for corporates
 
SC-900 Capabilities of Microsoft Compliance Solutions
SC-900 Capabilities of Microsoft Compliance SolutionsSC-900 Capabilities of Microsoft Compliance Solutions
SC-900 Capabilities of Microsoft Compliance Solutions
 
Data Protection Forum meetup 23052017
Data Protection Forum meetup 23052017 Data Protection Forum meetup 23052017
Data Protection Forum meetup 23052017
 
Wp security-data-safe
Wp security-data-safeWp security-data-safe
Wp security-data-safe
 

Recently uploaded

Case study on tata clothing brand zudio in detail
Case study on tata clothing brand zudio in detailCase study on tata clothing brand zudio in detail
Case study on tata clothing brand zudio in detailAriel592675
 
Lowrate Call Girls In Sector 18 Noida ❤️8860477959 Escorts 100% Genuine Servi...
Lowrate Call Girls In Sector 18 Noida ❤️8860477959 Escorts 100% Genuine Servi...Lowrate Call Girls In Sector 18 Noida ❤️8860477959 Escorts 100% Genuine Servi...
Lowrate Call Girls In Sector 18 Noida ❤️8860477959 Escorts 100% Genuine Servi...lizamodels9
 
Marketplace and Quality Assurance Presentation - Vincent Chirchir
Marketplace and Quality Assurance Presentation - Vincent ChirchirMarketplace and Quality Assurance Presentation - Vincent Chirchir
Marketplace and Quality Assurance Presentation - Vincent Chirchirictsugar
 
Future Of Sample Report 2024 | Redacted Version
Future Of Sample Report 2024 | Redacted VersionFuture Of Sample Report 2024 | Redacted Version
Future Of Sample Report 2024 | Redacted VersionMintel Group
 
Kenya Coconut Production Presentation by Dr. Lalith Perera
Kenya Coconut Production Presentation by Dr. Lalith PereraKenya Coconut Production Presentation by Dr. Lalith Perera
Kenya Coconut Production Presentation by Dr. Lalith Pereraictsugar
 
Buy gmail accounts.pdf Buy Old Gmail Accounts
Buy gmail accounts.pdf Buy Old Gmail AccountsBuy gmail accounts.pdf Buy Old Gmail Accounts
Buy gmail accounts.pdf Buy Old Gmail AccountsBuy Verified Accounts
 
Organizational Structure Running A Successful Business
Organizational Structure Running A Successful BusinessOrganizational Structure Running A Successful Business
Organizational Structure Running A Successful BusinessSeta Wicaksana
 
8447779800, Low rate Call girls in Saket Delhi NCR
8447779800, Low rate Call girls in Saket Delhi NCR8447779800, Low rate Call girls in Saket Delhi NCR
8447779800, Low rate Call girls in Saket Delhi NCRashishs7044
 
Kenya’s Coconut Value Chain by Gatsby Africa
Kenya’s Coconut Value Chain by Gatsby AfricaKenya’s Coconut Value Chain by Gatsby Africa
Kenya’s Coconut Value Chain by Gatsby Africaictsugar
 
Flow Your Strategy at Flight Levels Day 2024
Flow Your Strategy at Flight Levels Day 2024Flow Your Strategy at Flight Levels Day 2024
Flow Your Strategy at Flight Levels Day 2024Kirill Klimov
 
Islamabad Escorts | Call 03274100048 | Escort Service in Islamabad
Islamabad Escorts | Call 03274100048 | Escort Service in IslamabadIslamabad Escorts | Call 03274100048 | Escort Service in Islamabad
Islamabad Escorts | Call 03274100048 | Escort Service in IslamabadAyesha Khan
 
8447779800, Low rate Call girls in New Ashok Nagar Delhi NCR
8447779800, Low rate Call girls in New Ashok Nagar Delhi NCR8447779800, Low rate Call girls in New Ashok Nagar Delhi NCR
8447779800, Low rate Call girls in New Ashok Nagar Delhi NCRashishs7044
 
Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...
Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...
Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...lizamodels9
 
Investment in The Coconut Industry by Nancy Cheruiyot
Investment in The Coconut Industry by Nancy CheruiyotInvestment in The Coconut Industry by Nancy Cheruiyot
Investment in The Coconut Industry by Nancy Cheruiyotictsugar
 
Youth Involvement in an Innovative Coconut Value Chain by Mwalimu Menza
Youth Involvement in an Innovative Coconut Value Chain by Mwalimu MenzaYouth Involvement in an Innovative Coconut Value Chain by Mwalimu Menza
Youth Involvement in an Innovative Coconut Value Chain by Mwalimu Menzaictsugar
 
Intro to BCG's Carbon Emissions Benchmark_vF.pdf
Intro to BCG's Carbon Emissions Benchmark_vF.pdfIntro to BCG's Carbon Emissions Benchmark_vF.pdf
Intro to BCG's Carbon Emissions Benchmark_vF.pdfpollardmorgan
 
2024 Numerator Consumer Study of Cannabis Usage
2024 Numerator Consumer Study of Cannabis Usage2024 Numerator Consumer Study of Cannabis Usage
2024 Numerator Consumer Study of Cannabis UsageNeil Kimberley
 
FULL ENJOY Call girls in Paharganj Delhi | 8377087607
FULL ENJOY Call girls in Paharganj Delhi | 8377087607FULL ENJOY Call girls in Paharganj Delhi | 8377087607
FULL ENJOY Call girls in Paharganj Delhi | 8377087607dollysharma2066
 
(Best) ENJOY Call Girls in Faridabad Ex | 8377087607
(Best) ENJOY Call Girls in Faridabad Ex | 8377087607(Best) ENJOY Call Girls in Faridabad Ex | 8377087607
(Best) ENJOY Call Girls in Faridabad Ex | 8377087607dollysharma2066
 

Recently uploaded (20)

Case study on tata clothing brand zudio in detail
Case study on tata clothing brand zudio in detailCase study on tata clothing brand zudio in detail
Case study on tata clothing brand zudio in detail
 
Lowrate Call Girls In Sector 18 Noida ❤️8860477959 Escorts 100% Genuine Servi...
Lowrate Call Girls In Sector 18 Noida ❤️8860477959 Escorts 100% Genuine Servi...Lowrate Call Girls In Sector 18 Noida ❤️8860477959 Escorts 100% Genuine Servi...
Lowrate Call Girls In Sector 18 Noida ❤️8860477959 Escorts 100% Genuine Servi...
 
Marketplace and Quality Assurance Presentation - Vincent Chirchir
Marketplace and Quality Assurance Presentation - Vincent ChirchirMarketplace and Quality Assurance Presentation - Vincent Chirchir
Marketplace and Quality Assurance Presentation - Vincent Chirchir
 
Future Of Sample Report 2024 | Redacted Version
Future Of Sample Report 2024 | Redacted VersionFuture Of Sample Report 2024 | Redacted Version
Future Of Sample Report 2024 | Redacted Version
 
Kenya Coconut Production Presentation by Dr. Lalith Perera
Kenya Coconut Production Presentation by Dr. Lalith PereraKenya Coconut Production Presentation by Dr. Lalith Perera
Kenya Coconut Production Presentation by Dr. Lalith Perera
 
Buy gmail accounts.pdf Buy Old Gmail Accounts
Buy gmail accounts.pdf Buy Old Gmail AccountsBuy gmail accounts.pdf Buy Old Gmail Accounts
Buy gmail accounts.pdf Buy Old Gmail Accounts
 
Organizational Structure Running A Successful Business
Organizational Structure Running A Successful BusinessOrganizational Structure Running A Successful Business
Organizational Structure Running A Successful Business
 
8447779800, Low rate Call girls in Saket Delhi NCR
8447779800, Low rate Call girls in Saket Delhi NCR8447779800, Low rate Call girls in Saket Delhi NCR
8447779800, Low rate Call girls in Saket Delhi NCR
 
Kenya’s Coconut Value Chain by Gatsby Africa
Kenya’s Coconut Value Chain by Gatsby AfricaKenya’s Coconut Value Chain by Gatsby Africa
Kenya’s Coconut Value Chain by Gatsby Africa
 
Flow Your Strategy at Flight Levels Day 2024
Flow Your Strategy at Flight Levels Day 2024Flow Your Strategy at Flight Levels Day 2024
Flow Your Strategy at Flight Levels Day 2024
 
Islamabad Escorts | Call 03274100048 | Escort Service in Islamabad
Islamabad Escorts | Call 03274100048 | Escort Service in IslamabadIslamabad Escorts | Call 03274100048 | Escort Service in Islamabad
Islamabad Escorts | Call 03274100048 | Escort Service in Islamabad
 
8447779800, Low rate Call girls in New Ashok Nagar Delhi NCR
8447779800, Low rate Call girls in New Ashok Nagar Delhi NCR8447779800, Low rate Call girls in New Ashok Nagar Delhi NCR
8447779800, Low rate Call girls in New Ashok Nagar Delhi NCR
 
Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...
Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...
Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...
 
Investment in The Coconut Industry by Nancy Cheruiyot
Investment in The Coconut Industry by Nancy CheruiyotInvestment in The Coconut Industry by Nancy Cheruiyot
Investment in The Coconut Industry by Nancy Cheruiyot
 
Youth Involvement in an Innovative Coconut Value Chain by Mwalimu Menza
Youth Involvement in an Innovative Coconut Value Chain by Mwalimu MenzaYouth Involvement in an Innovative Coconut Value Chain by Mwalimu Menza
Youth Involvement in an Innovative Coconut Value Chain by Mwalimu Menza
 
Intro to BCG's Carbon Emissions Benchmark_vF.pdf
Intro to BCG's Carbon Emissions Benchmark_vF.pdfIntro to BCG's Carbon Emissions Benchmark_vF.pdf
Intro to BCG's Carbon Emissions Benchmark_vF.pdf
 
2024 Numerator Consumer Study of Cannabis Usage
2024 Numerator Consumer Study of Cannabis Usage2024 Numerator Consumer Study of Cannabis Usage
2024 Numerator Consumer Study of Cannabis Usage
 
FULL ENJOY Call girls in Paharganj Delhi | 8377087607
FULL ENJOY Call girls in Paharganj Delhi | 8377087607FULL ENJOY Call girls in Paharganj Delhi | 8377087607
FULL ENJOY Call girls in Paharganj Delhi | 8377087607
 
(Best) ENJOY Call Girls in Faridabad Ex | 8377087607
(Best) ENJOY Call Girls in Faridabad Ex | 8377087607(Best) ENJOY Call Girls in Faridabad Ex | 8377087607
(Best) ENJOY Call Girls in Faridabad Ex | 8377087607
 
Corporate Profile 47Billion Information Technology
Corporate Profile 47Billion Information TechnologyCorporate Profile 47Billion Information Technology
Corporate Profile 47Billion Information Technology
 

Testings 1 (1)

  • 1. Version 1 1 Acceptable Use 1.1 Do you use Personally Identifiable Information (PII) for any purpose other than Shipping labels and/or tax purposes? If so, please list additional use cases and explain them (e.g. customer profiles, marketing, buyer communication). 1.2 Please list any subsidiaries or additional beneficiaries (e.g. additional business units, customers, vendors, other third-party solutions) that obtain access to Amazon MWS data due to your use as a Developer (other than application users). 1.3 Do you retrieve Amazon.com data from non-Amazon MWS sources? If yes, please specify the type of data and its source. 2 Network Protections 2.1 How is your infrastructure hosted (e.g. on-premise, AWS, non-Amazon cloud solution)? 2.2 How do you restrict network-level access to your infrastructure (web servers, database servers, endpoints, etc)? 2.3 Do you restrict public access to your database/file servers and desktop/developer endpoints? If so, how? 3 Access Management 3.1 Please describe your access management practices. 3.2 Have you assigned a unique ID (for logging and accountability) to each employee who has access to Amazon Information? 3.3 How often do you review (and baseline) access to Amazon Information?
  • 2. 3.4 Do you have a lockout mechanism in place when a malicious activity or log-in attempt is detected? 3.5 Do you keep an inventory of asset hardware and software that stores Amazon information? 3.6 Do you allow employees to store Amazon data on personal devices? 3.7 Do your access controls divide data access between PII and non-PII access? 4 Encryption in Transit 4.1 Are you encrypting all data-in-transit for all internal and external endpoints? Please specify any data transfers, internal or external, which are not encrypted. 5 Incident Response Plan 5.1 "How does your incident response plan address: 1. What to do in case your servers/databases are hacked? 2. What to do in case an unauthorized access to customer data is detected? 3. Who to contact in case of an incident and what steps to follow? 4. What to do in case your servers leaked Amazon Information? 5. How to reach out to Amazon to inform them of the incident?" 6 Request for Deletion or Return 6.1 In case of Amazon's request for data deletion or return, do you have a mechanism in place to destroy Amazon-provided data? 6.2 In case of request, how soon will you be able to destroy Amazon-provided data? 7 Data Governance
  • 3. 7.1 Do you have an external Privacy policy? If "Yes," please provide the URL to your external Privacy policy. 8 Encryption and Storage 8.1 Are you encrypting all data-at-rest, including data backups? 8.2 What protocol are you using to encrypt data-at-rest? 9 Least Privilege Principle 9.1 How does your organization follow the principle of least privilege to ensure that access to PII is granted on a "need-to-know" basis? 10 Logging and Monitoring 10.1 How are you generating logs? 10.2 Are you logging security-related events (like access and authorization events, intrusion attempts, configuration changes, etc.)? 10.3 Are you storing PII in logs? 10.4 Do you have mechanisms in place to monitor the logs and trigger alarms in case of malicious activity?
  • 4. Version 2 Cyber General 1. Do you have a defined Organization Chart 2. Do you have a defined Data/ Business Process Flow Diagram 3. Please provide your Merchant ID Log 4. Please share (if available) any previous Assessment Reports (SOC 1/2 Type 2 / other Certification Reports such as SOC, HIPAA, PCI-DSS etc.) Cyber - Data Security C5. Do you have a defined Data/ Business Process Flow Diagram C55. Please share (if available) any previous Assessment Reports (SOC 1/2 Type 2 / other Certification Reports such as SOC, HIPAA, PCI-DSS etc.) Cyber - Information security policies C9. Do you have an Access Control Policy or Standard C11. Do you have an Audit & Event Logging Policies or Standards Data breach is in breach policy below https://docs.google.com/document/d/1EgO-GijbuSwp-j_r0yEi3TNK-Y-60MqwYHv hM2OCOmk/edit?usp=sharing - data breach log - here is how we keep breaches. C13. Do you have an Asset Lifecycle Management Policy C15. Do you have a Data Encryption Policy or Standard C17. Do you have a Data Protection and Privacy policy - https://sellbery.com/legal-docs/privacy-policy - privacy policy; - https://docs.google.com/document/d/1X6MEUm3Uz5fiNo72V-_h_Zz-yO-u5HZ-al 51r4LhnIk/edit?usp=sharing C19. Do you have a Data Classification Policy https://sellbery.com/legal-docs/privacy-policy - Personal data in our privacy policy Confidential - in information security policy C21. IDo you have an Information Security Policy and/or Standard - https://docs.google.com/document/d/1X6MEUm3Uz5fiNo72V-_h_Zz-yO-u5HZ-al 51r4LhnIk/edit?usp=sharing C23. Do you have a Password Management Policy
  • 5. C25. Do you have a Anti-Malware Policy or procedures C27. Do you have a Cloud Security Policy and Associated Standards C29. Do you have a Configuration Management Policy C31. Do you have a Data Destruction and Retention Policy - https://docs.google.com/document/d/1Kdb3pJ1n0fX2d_wimd-G-S6QkSXXT1Ueg E5hzoic4Uc/edit?usp=sharing - Data retention policy draft - https://docs.google.com/spreadsheets/d/1_ImqwEfLB2dkzC7TYSGBUZ1KNYNI MmNiTkuKNp0OrS8/edit#gid=86919022 - data retention matrix draft C33. Do you have a Security Training and Awareness Policy and Content Information C35. Do you have a Risk Management Policy and procedure C37. Do you have a Software Development Policy or Standard C39. Do you have a Network Security Policy C41. Do you have a Third Party Risk Management Policy C43. Do you have a Vulnerability Management Policy C45. Do you have a Data Backup and Restoration Policy C47. Do you have a Incident Management Policy https://docs.google.com/document/d/1EgO-GijbuSwp-j_r0yEi3TNK-Y-60MqwYHv hM2OCOmk/edit?usp=sharing - data breach policy - how we act https://docs.google.com/document/d/1EgO-GijbuSwp-j_r0yEi3TNK-Y-60MqwYHv hM2OCOmk/edit?usp=sharing - data breach log - here is how we keep breaches. C49. Do you have a Mobile computing and mobile devices including BYOD (Bring Your Own Device) Policy C51. Do you have a Remote Access Policy Cyber - Data Security C53. Do you have a Data Handling Procedures for Amazon Data C57. Please provide a description of any security tools utilized (Anti-virus, IDS, Logging tools etc.) C59. Do you have a Network Architecture Diagrams C61. Please describe your IT Change Management Plans or Procedures C63. Do you have a Baseline Configuration documentation or checklist C65. Please provide your Data Disposal Procedures and Logs C67. Do you have a Information Classification Scheme and Information Asset Classification Procedure C69. Do you have a Patch Management Procedures C71. Do you have a Removable Media Handling Procedure C73. Please provide a list of any additional open source library dependencies or 3rd party tools