Bixme Developer Incident Response Plan

Bixme developers maintain and implement a plan or runbook for detecting and handling security incidents by:

a. Identifying incident response roles and responsibilities.
b. Defining types of incidents that may impact Amazon.
c. Establishing response procedures for each defined incident type.
d. Outlining an escalation path and procedures to escalate security incidents to Amazon.

Bixme developers review and verify the plan every six (6) months or after any major infrastructure or system changes.

For every security incident, Bixme developers will conduct an investigation and document the incident description, remediation actions, and the corrective process/system controls implemented to prevent future recurrence (if applicable).

Bixme developers will maintain the chain of custody for all evidence or records collected during the incident, and such documentation will be made available to Amazon upon request (if applicable).

Bixme developers will notify Amazon via email (3p-security@amazon.com) within 24 hours of detecting any security incidents.

Bixme developers will not notify any regulatory authority or customer on behalf of Amazon unless specifically requested in writing by Amazon.

Bixme developers will notify Amazon within 24 hours if any Amazon-related data is being sought as part of a legal process or by applicable law.

Bixme developers will promptly, within 72 hours of Amazon’s request, permanently and securely delete or return Amazon’s information in accordance with industry-standard sanitization processes (using NIST 800-88), upon Amazon’s request for deletion or return.

Bixme developers will permanently and securely delete all live online or network-accessible instances of Amazon information within 90 days after Amazon’s notice. Upon request, Bixme developers will provide a written certification confirming that all Amazon information has been securely destroyed.