There is a problem of opening access to SP-API Restricted roles for working with customer addresses.
The questionnaire contains questions that need to be answered correctly in order for Amazon to open access to customers' private information.
I need someone who has had a successful experience with this.
Here are the questions:
Describe the network protection controls used by your organization to restrict public access to databases, file servers and desktop/developer endpoints.
Describe how your organization individually identifies employees who have access to Amazon Information and restricts employee access to Amazon Information on a need-to-know basis.
Describe the mechanism your organization has in place to monitor and prevent Amazon Information from being accessed from employee personal devices (such as USB flash drives, mobile phones) and how you are alerted in the event that such incidents occur.
Provide your organization's privacy and data-handling policies to describe how Amazon data is collected, processed, stored, used, shared, and disposed of. You may provide this in the form of a public website URL.
Describe where your organization stores Amazon Information at rest and provide details on any encryption algorithm used.
Describe how your organisation backs up or archives Amazon Information and provide details on any encryption algorithm used.
Describe how your organisation monitors, detects and logs malicious activity in your application(s).
Summarise the steps taken within your organisation's incident response plan to handle database hacks, unauthorised access, and data leaks.
How do you enforce password management practices throughout the organisation as it relates to required length, complexity (upper/lower case, numbers, special characters) and expiry period?
How is Personally Identifiable Information (PII) protected during testing?
What measures are taken to prevent exposure of credentials?
How do you track remediation progress of findings identified from vulnerability scans and penetration tests?
How do you address code vulnerabilities identified in the development lifecycle and during runtime?
Who is responsible for change management and how is their access granted? Please specify job title.