3. Shipive Developer investigate each Security Incident and document the incident description, remediation actions and associated corrective process/system controls implemented to prevent future recurrence (if applicable).
6. Shipive Developer will not notify any regulatory authority, nor any customer, on behalf of Amazon, unless Amazon specifically requests in writing that the Shipive do so.
8. Shipive Developer will promptly, within 72 hours after Amazon’s request, permanently and securely delete in accordance with industry-standard sanitization processes, using NIST 800-88 or return Amazon Information upon and in accordance with Amazon’s notice requiring deletion and/or return.
9. Shipive Developer will permanently and securely delete all live online or network accessible instances of Amazon Information within 90 days after Amazon’s notice. If requested by Amazon, the Shipive will certify in writing that all Amazon Information has been securely destroyed.