Shopperllo Developer Incident Response Plan
1. Shopperllo Developer Incident Response Plan Shopperllo developers have in place and maintain a plan and/or runbook for detecting and handling Security Incidents by:
a. Identifying the incident response roles and responsibilities
b. Defining incident types that may impact Amazon
c. Defining incident response procedures for defining incident types
d. Defining an escalation path and procedures to escalate Security Incidents to Amazon.
2. Shopperllo developers review and verify the plan every six (6) months and after any major infrastructure or system change.
3. Shopperllo developers investigate each Security Incident and document the incident description, remediation actions and associated corrective process/system controls implemented to prevent future recurrence (if applicable).
4. Shopperllo developers maintain the chain of custody for all evidence or records collected and such documentation is made available to Amazon on request (if applicable).
5. Shopperllo developers will inform Amazon via email (3p-security@amazon.com) within 24 hours of detecting any Security Incidents.
6. Shopperllo developers will not notify any regulatory authority, nor any customer, on behalf of Amazon, unless Amazon specifically requests in writing that the Shopperllo developer do so.
7. Shopperllo developers will inform Amazon within 24 hours when their data is being sought in response to legal process or by applicable law.
8. Shopperllo developers will promptly, within 72 hours after Amazon's request, permanently and securely delete in accordance with industry-standard sanitization processes, using NIST 800-88 or return Amazon Information upon and in accordance with Amazon's notice requiring deletion and/or return.
9. Shopperllo developers will permanently and securely delete all live online or network accessible instances of Amazon Information within 90 days after Amazon's notice. If requested by Amazon, the Shopperllo developer will certify in writing that all Amazon Information has been securely destroyed.
