Incident Response Plan

1. Shipive Developer have in place and maintain a plan and/or runbook for detecting and handling Security Incidents by:

2. Shipive Developer review and verify the plan every six (6) months and after any major infrastructure or system change.

3. Shipive Developer investigate each Security Incident and document the incident description, remediation actions and associated corrective process/system controls implemented to prevent future recurrence (if applicable).
4. Shipive Developer maintains the chain of custody for all evidence or records collected and such documentation is made available to Amazon on request (if applicable).
5. Shipive Developer will inform Amazon via email (3p-security@amazon.com) within 24 hours of detecting any Security Incidents.
6. Shipive Developer will not notify any regulatory authority, nor any customer, on behalf of Amazon, unless Amazon specifically requests in writing that the Shipive do so.
7. Shipive Developer will inform Amazon within 24 hours when their data is being sought in response to legal process or by applicable law.
8. Shipive Developer will promptly, within 72 hours after Amazon’s request, permanently and securely delete in accordance with industry-standard sanitization processes, using NIST 800-88 or return Amazon Information upon and in accordance with Amazon’s notice requiring deletion and/or return.
9. Shipive Developer will permanently and securely delete all live online or network accessible instances of Amazon Information within 90 days after Amazon’s notice. If requested by Amazon, the Shipive will certify in writing that all Amazon Information has been securely destroyed.