1) Security logging coverage
SellerUX by Nestos Shop gathers security logs across systems that process Amazon Information, including API channels, administrative interfaces, data-store access paths, and infrastructure events.
- We log event success/failure, timestamp, access attempts, and system errors.
- We log data-change activity, privilege changes, and suspicious request patterns.
- Logs are centrally stored with access controls and anti-tamper protections.
2) Monitoring and suspicious activity detection
- Real-time alerting is enabled for high-risk and anomaly-based events.
- Examples include repeated unauthorized calls, unusual request volume, abnormal data retrieval, and access to canary records.
- On-call procedures require triage, investigation, and documented outcomes for each triggered security alarm.
3) Incident investigation procedure
- Security alerts generate investigation tickets with assigned ownership.
- Investigations preserve chain-of-custody records for logs and forensic artifacts.
- Corrective actions and preventive controls are documented and tracked to closure.
4) PII logging position and legal exception
Logs must not contain Amazon customer PII unless the PII is strictly necessary to meet legal obligations (including tax or regulatory requirements). Our default control is to avoid PII logging by design.
- Application and infrastructure logs use redaction and masking rules.
- Sensitive request/response fields are excluded from log payloads.
- If legal retention of specific fields is required, only minimum required data is captured, access is restricted, and retention is policy-limited.