MWS API Incident Response Plan


#1

A while back we had to complete the Developer Assessment Template to maintain access to MWS.

After completing, we’ve received a warning from amazon that they will take away our ability to download PII (Personally identifiable information) such as buyer’s delivery address through the API. unless we produce an “Incident Response Plan”.

Is anyone else facing this issue?

Any idea what this plan must contain? Does anyone have a template?


#2

Basically, if you find you are or have been hacked…
(a) How you are going to stop it
(b) How you are going to fix it
© What records you are going to keep
(d) Who you are going to notify (including notifying Amazon in the method they specify)

David Nelson
Dynamic Enterprise Technologies Inc
Seattle Washington USA


#3

Thanks for the reply David!

We were also advised we need to create an internal policy to government data access. Any idea what this must contain?


#4

Are you talking about a “Privacy Policy”? If not, please quote the exact requirement so it is clearer to me what you are talking about.

David Nelson
Dynamic Enterprise Technologies Inc
Seattle Washington USA


#5

Hi David, We got this question from amazon: “We also have need more information, do you have internal policy to government your data access?”


#6

They mean “govern”.

Isn’t it great that illiterates have control over your business? “Have need” forsooth.

I’m intrigued that they even raised additional questions with you. They did not do so with us.

bunga bunga!


Amazon has destroyed my textbook selling business
#7

I think they are not sure you are following “Least Privilege Principle.”. I suggest you study that section hard, compare the requirements to your previous answer, then adjust your procedures and your answer accordingly.

David Nelson
Dynamic Enterprise Technologies Inc
Seattle Washington USA