1) Security logging coverage
SellerUX by Nestos Shop gathers security logs across systems that process Amazon Information, including API channels, administrative interfaces, data-store access paths, and infrastructure events.
- We log event success/failure, timestamp, access attempts, and system errors.
- We log data-change activity, privilege changes, and suspicious request patterns.
- Logs are centrally stored with access controls and anti-tamper protections.
- Restricted backend order, shipment, and retention actions are also written to dedicated audit log records for internal review.
2) Monitoring and suspicious activity detection
- Real-time alerting for high-risk and anomaly-based events is configured as a required production control.
- Examples include repeated unauthorized calls, unusual request volume, abnormal data retrieval, and access to canary records.
- On-call procedures require triage, investigation, and documented outcomes for each triggered security alarm.
3) Incident investigation procedure
- Security alerts generate investigation tickets with assigned ownership.
- Investigations preserve chain-of-custody records for logs and forensic artifacts.
- Corrective actions and preventive controls are documented and tracked to closure.
4) PII logging position and legal exception
Logs must not contain Amazon customer PII unless the PII is strictly necessary to meet legal obligations (including tax or regulatory requirements). Our default control is to avoid PII logging by design.
- Application and infrastructure logs use redaction and masking rules.
- Sensitive request/response fields are excluded from log payloads.
- Legal exceptions include tax invoice obligations, statutory accounting records, and regulator-requested security evidence for incident handling.
- If legal retention of specific fields is required, only minimum necessary data is captured, access is restricted to authorized compliance/security roles, access is audit logged, and retention is policy-limited.