Amazon SP API эксперт

Здравствуйте.

Есть проблема открытия доступа к SP-API Restricted roles для работы с адресами заказчиков.

В анкете есть вопросы, на которые нужно дать правильные ответы, чтобы Амазон открыл доступ к приватной информации заказчиков.

Нужен человек, который имел успешный опыт с этим.

Вот вопросы:

Describe the network protection controls used by your organization to restrict public access to databases, file servers and desktop/developer endpoints.

Describe how your organization individually identifies employees who have access to Amazon Information and restricts employee access to Amazon Information on a need-to-know basis.

Describe the mechanism your organization has in place to monitor and prevent Amazon Information from being accessed from employee personal devices (such as USB flash drives, mobile phones) and how you are alerted in the event that such incidents occur.

Provide your organization's privacy and data-handling policies to describe how Amazon data is collected, processed, stored, used, shared, and disposed of. You may provide this in the form of a public website URL.

Describe where your organization stores Amazon Information at rest and provide details on any encryption algorithm used.

Describe how your organisation backs up or archives Amazon Information and provide details on any encryption algorithm used.

Describe how your organisation monitors, detects and logs malicious activity in your application(s).

Summarise the steps taken within your organisation's incident response plan to handle database hacks, unauthorised access, and data leaks.

How do you enforce password management practices throughout the organisation as it relates to required length, complexity (upper/lower case, numbers, special characters) and expiry period?

How is Personally Identifiable Information (PII) protected during testing?

What measures are taken to prevent exposure of credentials?

How do you track remediation progress of findings identified from vulnerability scans and penetration tests?

How do you address code vulnerabilities identified in the development lifecycle and during runtime?

Who is responsible for change management and how is their access granted? Please specify job title.

После попытки ответить на эти вопросы, получил ответ:

Hello,

Thank you for updating your Amazon Selling Partner API (SP-API) Developer Profile. We have completed our assessment and have determined that you are not eligible for an update to your access to the SP-API Restricted roles. Please read this message carefully and review the Case Appeals section below if you would like to appeal this decision.

 We have identified the following areas that do not meet the requirements set forth in the Acceptable Use Policy and Data Protection Policies, please refer to the links provided below and look for the information for each corresponding Policy link. If you would like to appeal this decision, or you believe your responses were submitted incorrectly, please do not reopen this case.

 RDA - Restricted Data Access

 https://sellercentral-europe.amazon.com/mws/static/policy?documentType=DPP&locale=en_GB

- Access Management 1.2 and Least Privilege Principle 1.3.
 Question - Describe how your organization individually identifies employees who have access to Amazon information, and restricts employee access to Amazon information on a need-to-know basis.

- Asset Management 2.3.
Question - Describe the mechanism your organization has in place to monitor and prevent Amazon Information from being accessed from employee personal devices (such as USB flash drives, cellphones) and how are you alerted in the event such incidents occur.

- Data Governance 2.2
 Question - Provide your organization´s privacy and data handling policies to describe how Amazon data is collected, processed, stored, used shared and disposed. You may provide this in the form of a public website URL.

- Encryption at Rest 2.4
 Question - Describe where your organization stores Amazon Information at rest and provide details on any encryption algorithm used.

- Data Retention 2.1
 Question - Describe how your organization backups or archives Amazon Information and provide details on any encryption algorithm used.

- Incident Response Plan 1.6
 Question - Summarize the steps taken within your organization's incident response plan to handle database hacks, unauthorized access, and data leaks.

 -Vulnerability Management 2.7
- Question - How do you track remediation progress of findings identified from vulnerability scans and penetration tests?
- Question - How do you address code vulnerabilities identified in the development lifecycle and during runtime?

 No changes have been made to your SP-API access at this time.

 -----------------------------------------------------------------------------------------------------------------------------------------------------------------
 Case Appeals：

 If you would like to appeal this decision, or you believe your responses were submitted incorrectly, please do not reopen this case. We require a new case to be submitted with your updated Developer Profile responses to address the missing controls listed above.

 When you update your Developer Profile responses, please include additional or corrected information that may have been missing in the responses of your previous submission:
 https://sellercentral-europe.amazon.com/developer/register
------------------------------------------------------------------------------------------------------------------------------------------------------------------