FYERP Security & Data Protection

FYERP is built to protect Amazon Information and seller business data. The controls below align with our Privacy Policy and the Amazon Data Protection Policy.

Encryption

TLS 1.2+ in transit; AES-256 at rest; database volumes use LUKS with managed keys; keys rotated every 90 days and stored separately from data.

Access Control

Corporate SSO with MFA enforced on all user and administrative accounts; role-based, least-privilege access; quarterly access reviews; no shared or generic accounts. Passwords require a 15-character minimum with mixed character types and are rotated regularly.

Network Protection

Web application firewall (OWASP Top 10, rate limiting, geo-restrictions); private VPC subnets; databases reachable only from the application tier; bastion access requires SSH key + MFA + IP allowlist.

Logging & Monitoring

IDS/IPS and SIEM with real-time correlation; logs retained at least 12 months in append-only storage with integrity verification; logs exclude buyer PII by default.

Backup & Recovery

Encrypted backups replicated to a geographically separated location; documented, tested restore procedures; target RTO 4 hours, RPO 1 hour.

Incident Response

Documented incident-response plan; Amazon notified at security@amazon.com within 24 hours of detection.

Credential Management

Secrets stored in a managed vault, never hardcoded; pre-commit and CI secret scanning; separate credentials per environment.

Vulnerability Management

Vulnerability scans are performed at least every 30 days on systems handling Amazon Information. Third-party penetration testing is performed at least annually. Application code is scanned before each release. Critical findings are remediated within 7 days and high findings within 30 days.

AI Data Handling

Buyer PII redacted before any model call; no buyer PII used for AI/LLM model training; local AI keeps seller data inside the customer's dedicated environment.

If Amazon Information may be affected by a security incident, we notify Amazon at security@amazon.com within 24 hours of detection.