Ücretsiz Deneyin
menu
Ücretsiz Deneyin

Amazon Data Protection and Handling Policy

Network Protection

  • Omicron developers have active, in force, AES-256 encryption and a network firewall to deny access to unauthorized IP addresses. All public access is denied
  • Omicron developers are assigned a unique ID/Keys/Authentication to control and monitor computer access to Amazon Information and developers cannot create or use generic, shared, default login credentials or user accounts. All access/authorization is controlled by Software Development Team Leader
  • Omicron developers have active, in force, baseline mechanisms to ensure that at all times only the required user accounts can access Amazon Information.
  • Omicron Software Developlemt Team Leader solely reviews the authorized list of people and services with access to Amazon Information on a monthly basis, and removes accounts that no longer require access.
  • Omicron developer employees are restricted from storing Amazon data on personal devices.
  • Omicron developers maintain and enforce "account lockout" by detecting anomalous usage patterns, log-in attempts and disables accounts with access to Amazon Information as needed.
  • Omicron developers have, in force, HTTPS encryption for all Amazon Information in transit within, but not limited to our network or between hosts.
  • Omicron developers enforce this security control on all applicable external endpoints used in internal communication channels including, but not limited to data propagation channels among storage layer nodes, connections to external dependencies and operational tooling.
  • Omicron developers disable communication channels which do not provide encryption in transit even if unused, including, but not limited to removing the related dead code, configuring dependencies only with encrypted channels, and restricting access credentials to the use of encrypted channels.
  • Omicron developers use AWS Encryption SDK where channel encryption such as TLS, terminates in untrusted multi-tenant hardware such as untrusted proxies.

Data Retention and Recovery

  • Omicron developers retain PII only for the purpose of, and as long as is necessary to fulfill orders, but no longer than 30 days after order shipment or to calculate/remit taxes. If a Omicron developer is required by law to retain archival copies of PII for tax or similar regulatory purposes, this archived Amazon Information is stored as a "cold" or offline and is not available for immediate or interactive use. All backup is stored in a physically secure facility, and all archived data on backup media is encrypted. In the event that PII is lost, Omicron will be able to recover all PII lost.

Data Governance

  • Omicron developers create, document, and abide by the Omicron privacy and data handling policy for their Applications or services which govern the appropriate conduct and technical controls to be applied in managing and protecting information assets.
  • Omicron developers keep inventory of software and physical assets such as, but not limited to computers and mobile device with access to PII, and update regularly. A record of data processing activities such as specific data fields and how they are collected, processed, stored, used, shared, and disposed for all PII Information is maintained to establish accountability and compliance with regulations.
  • Omicron developers have established and abide by the Omicron privacy policy for customer consent and data rights to access, rectify, erase, or stop sharing/processing their information where applicable or required by data privacy regulation.
  • The Employee undertakes to keep all information to which he/she is authorized to have access strictly confidential and, in particular, not to disclose any information or records belonging to the Employer to anyone and not to use them for his/her own benefit, or contractually agrees that such confidential information may not be used for the benefit of third parties. The obligations undertaken by the Employee as set out in this clause are binding on the Employee for the duration of the Contract and at all times after its termination. All content to which the Employee has access and which contains such information shall remain the property of the Employer and must be returned upon completion of their duties or upon request. The Employee undertakes not to use any materials, equipment or information in the possession of the Employer or entrusted to him/her by or on behalf of the Employer for purposes other than those authorized by the Employer. The Employee may not, without the express authorization of the Employer, (i) disclose any confidential information to third parties, (ii) disclose any customer files, Employer's records, opinions, except to the extent necessary for the performance of his/her duties, provided that he/she is bound by the obligation of confidentiality, store, copy or reproduce certificates, reports, printed materials, software, disks, records, notes, electronic files or the like in any form (electronic, mechanical, recording, photocopying or otherwise) for itself or for anyone else.

Encryption and Storage

  • Omicron developers encrypt all PII at rest including, but not limited to,when the data is persisted, using industry best practice standards by using AES-256. All cryptographic materials including, but not limited to encryption/decryption keys and cryptographic capabilities, daemons implementing virtual Trusted Platform Modules and providing encryption/decryption APIs used for encryption of PII at rest are only accessible to the Omicron developer's processes and services.
  • Omicron developers do not store PII in removable media including, but not limited to USB, unsecured public cloud applications and/or public links made available through Google Drive.
  • Omicron developers securely dispose of any printed documents containing PII.

Least Privilege Principle

  • Omicron developers implement fine-grained access control mechanisms to allow granting rights to any party using the Application including, but not limited to access to a specific set of data at its custody and the Application's operators with access to specific configuration and maintenance APIs such as kill switches following the principle of least privilege. Application sections or features that vend PII are protected under a unique access role, and access is only granted on a "need-to-know" basis.

Logging and Monitoring

  • Omicron developers gather logs to detect security-related events including, but not limited to access and authorization, intrusion attempts or configuration changes to their Applications and systems.
  • Omicron developers have, in force, this logging mechanism on all channels including, but not limited to service APIs, storage-layer APIs or administrative dashboards providing access to Amazon Information. All logs have, in force, access controls to prevent any unauthorized access and tampering throughout their lifecycle. Logs themselves do not contain PII and are retained for at least 90 days for reference in the event of a Security Incident.
  • Omicron developers have, in force, mechanisms to monitor the logs and all system activities to trigger investigative alarms on suspicious actions, including, but not limited to, multiple unauthorized calls, unexpected request rate and data retrieval volume, or access to canary data records.
  • Omicron developers perform an investigation when monitoring alarms are triggered. This event is documented in the Developer's Incident Response Plan.

Audit

  • Omicron developers maintain all appropriate books and records reasonably required to verify compliance with the Acceptable Use Policy, Data Protection Policy, and Amazon Marketplace Developer Agreement during the period of agreement and for 12 months thereafter.
  • Upon Amazon's written request, Omicron developers will certify in writing to Amazon that they are in compliance with these policies.
  • Omicron developers will cooperate with Amazon or Amazon's auditor in connection with the audit, which may occur at the Omicron developer's facilities and/or subcontractor facilities. If the audit reveals deficiencies, breaches, and/or failures to comply with Amazon or Amazon’s auditor’s terms, conditions, or policies, Omicron, at its sole cost and expense, take all actions necessary to remediate those deficiencies within an agreed-upon timeframe.