Network Protection 

1. BTO Systems have active, in force, AES-256 encryption and a network firewall to deny access to unauthorized IP addresses. All public access is denied.
2. BTO Systems are assigned a unique ID/Keys/Authentication to control and monitor computer access to Amazon Information and employees cannot create or use generic, shared, default login credentials or user accounts. All access/authorization is controlled by BTO CEO.
3. BTO Systems have active, in force, baseline mechanisms to ensure that at all times only the required user accounts can access Amazon Information. 
4. BTO CEO, solely reviews the authorized list of people and services with access to Amazon Information on a monthly basis, and removes accounts that no longer require access. 
5. BTO Systems developer employees are restricted from storing Amazon data on personal devices. 
6. BTO Systems maintain and enforce "account lockout" by detecting anomalous usage patterns, log-in attempts and disables accounts with access to Amazon Information as needed.
7. BTO Systems have, in force, HTTPS encryption for all Amazon Information in transit within, but not limited to our network or between hosts. 
8. BTO Systems enforce this security control on all applicable external endpoints used in internal communication channels including, but not limited to data propagation channels among storage layer nodes, connections to external dependencies and operational tooling. 
9. BTO Systems disable communication channels which do not provide encryption in transit even if unused, including, but not limited to removing the related dead code, configuring dependencies only with encrypted channels, and restricting access credentials to the use of encrypted channels. 

Data Retention and Recovery: 

1. BTO Systems retain PII only for the purpose of, and as long as is necessary to fulfill orders, but no longer than 30 days after order shipment or to calculate/remit taxes.

Data Governance:

1. BTO Systems create, document, and abide by the BTO Systems privacy and data handling policy for their Applications or services which govern the appropriate conduct and technical controls to be applied in managing and protecting information assets. 
2. BTO Systems keep inventory of software and physical assets such as, but not limited to computers and mobile device with access to PII, and update regularly. A record of data processing activities such as specific data fields and how they are collected, processed, stored, used, shared, and disposed for all PII Information is maintained to establish accountability and compliance with regulations. 
3. BTO Systems have established and abide by the BTO Systems privacy policy for customer consent and data rights to access, rectify, erase, or stop sharing/processing their information where applicable or required by data privacy regulation.

 Encryption and Storage: 

1. BTO Systems encrypt all PII at rest including, but not limited to,when the data is persisted, using industry best practice standards by using  AES-256. All cryptographic materials including, but not limited to encryption/decryption keys and cryptographic capabilities, daemons implementing virtual Trusted Platform Modules and providing encryption/decryption APIs used for encryption of PII at rest are only accessible to the BTO Systems developer's processes and services. 
2. BTO Systems do not store PII in removable media including, but not limited to USB, unsecured public cloud applications and/or public links made available through Google Drive.
3. BTO Systems securely dispose of any printed documents containing PII.

 Least Privilege Principle:

1. BTO Systems implement fine-grained access control mechanisms to allow granting rights to any party using the Application including, but not limited to access to a specific set of data at its custody and the Application's operators with access to specific configuration and maintenance APIs such as kill switches following the principle of least privilege. Application sections or features that vend PII are protected under a unique access role, and access is only granted on a "need-to-know" basis.

 Logging and Monitoring:

1. BTO Systems gather logs to detect security-related events including, but not limited to access and authorization, intrusion attempts or configuration changes to their Applications and systems. 
2. BTO Systems have, in force, this logging mechanism on all channels including, but not limited to service APIs, storage-layer APIs or administrative dashboards providing access to Amazon Information. All logs have, in force, access controls to prevent any unauthorized access and tampering throughout their lifecycle. Logs themselves do not contain PII and are retained for at least 90 days for reference in the event of a Security Incident. 
3. BTO Systems have, in force, mechanisms to monitor the logs and all system activities to trigger investigative alarms on suspicious actions, including, but not limited to, multiple unauthorized calls, unexpected request rate and data retrieval volume, or access to canary data records. 
4. BTO Systems perform an investigation when monitoring alarms are triggered. This event is documented in the Developer's Incident Response Plan.

Audit:

1. BTO Systems maintain all appropriate books and records reasonably required to verify compliance with the Acceptable Use Policy, Data Protection Policy, and Amazon Marketplace Developer Agreement during the period of agreement and for 12 months thereafter. 
2. Upon Amazon's written request, BTO Systems will certify in writing to Amazon that they are in compliance with these policies.
3. BTO Systems will cooperate with Amazon or Amazon's auditor in connection with the audit, which may occur at the facilities and/or subcontractor facilities. If the audit reveals deficiencies, breaches, and/or failures to comply with Amazon or Amazon’s auditor’s terms, conditions, or policies, BTO Systems, at its sole cost and expense, take all actions necessary to remediate those deficiencies within an agreed-upon timeframe.

Access Management: 

1. The BTO Systems Application uses a unique ID assigned to each individual with computer access to Amazon Information. Under no circumstances do we create or use generic, shared, or default login credentials or user accounts. We have implemented baselining mechanisms to ensure that at all times only the required user accounts have access Amazon Information. We review the list of people and services with access to Amazon Information on a monthly basis and remove accounts that no longer require access. We restrict employees from accessing or storing Amazon data on personal devices. We maintain and enforce "account lockout" by detecting anomalous usage patterns and log-in attempts and disabling accounts with access to Amazon Information as needed.

Incident Response Plan: 

1. As part of the BTO Systems's Incident Response Plan our runbook includes response roles and responsibilities, as well as steps to detect and handle various Security Incident types that may impact Amazon Data. In this plan we define incident response procedures for specific incident types, and we define an escalation path and procedures to escalate Security Incidents to Amazon. Our Incident Response Plan is reviewed every six (6) months as well as after any major infrastructure or system change. We investigate each Security Incident, and document the incident description, remediation actions, and associated corrective process/system controls implemented to prevent future recurrence (if applicable). Additionally, we maintain the chain of custody for all records collected, and such documentation (if applicable) is made available to Amazon upon request.

Request for Deletion or Return: 

1. Within 72 hours of Amazon's request, BTO Systems will permanently and securely delete (in accordance with NIST 800-88 industry-standard sanitization processes) or return Amazon Information in accordance with Amazon's notice requiring deletion and/or return. BTO Systems will also permanently and securely delete all live (online or network accessible) instances of Amazon Information within 90 days after Amazon's notice. If requested by Amazon, we will certify in writing that all Amazon Information has been securely destroyed.

Encryption in Transit: 

1. The BTO Systems Application encrypts all Amazon Information in transit, when the data traverses a network, or is otherwise sent between hosts using HTTP over TLS (HTTPS). We enforce this security control on all applicable external endpoints used by customers as well as internal communication channels and during operational tooling. We don't use communication channels which do not provide encryption in transit even if unused. In addition, the BTO Systems Application uses message-level encryption where channel encryption terminates in untrusted multi-tenant hardware.