SECURITY PROGRAM
Data Protection & Security
Access Control
Access to Amazon information and internal applications is limited to authorized personnel according to job responsibilities and least-privilege principles.
Authentication
Company systems use strong passwords and multi-factor authentication where supported. Credentials and refresh tokens are not embedded in public source code.
Encryption
Information is transmitted using HTTPS/TLS. Sensitive credentials are stored separately from application code.
Endpoint and Network Security
Company-managed devices use operating-system updates, anti-malware protection, firewall controls, restricted permissions and secure backups.
Incident Response
Suspected security incidents are investigated, contained and documented. Incidents involving Amazon information are escalated and reported as required.