Security and Compliance

Last updated: 9/25/2025

Wilen Consulting is committed to protecting Amazon Information and complying with Amazon’s Acceptable Use Policy (AUP) and Data Protection Policy (DPP). This page summarizes our security, compliance, and data handling practices.

Data Sharing (AUP 4.6)

  • Amazon Information is shared only with the Selling Partner’s own authorized systems (e.g., ERP/WMS like NetSuite, Extensiv, SellerCloud).

  • We also use sub-processors required to deliver our services, such as:

    • Hosting/Infrastructure: Amazon Web Services (AWS)

    • Monitoring/Email Delivery: Security and notification providers

  • Data is always encrypted in transit and at rest.

  • We do not sell or disclose Amazon Information to unrelated third parties.

Access Management & Least Privilege (DPP 1.2 & 1.3)

  • Unique accounts only; no shared credentials.

  • Role-based access control (RBAC) with least privilege.

  • Quarterly access reviews and 24-hour offboarding.

  • MFA required for all administrative accounts.

  • Employees are individually identified by HR-linked user IDs, with all access logged.

  • Amazon Information cannot be stored on personal devices.

Data Governance (DPP 2.2)

  • Amazon Information is collected/processed only for seller-authorized purposes (order fulfillment, reporting, reconciliation).

  • Encrypted in transit (TLS 1.2+) and at rest (AES-256).

  • PII is retained ≤30 days after delivery unless required by law.

  • Secure deletion follows NIST 800-88.

Logging & Monitoring (DPP 2.6)

  • Centralized, tamper-evident logs track authentication, access attempts, changes, and errors.

  • Logs are access-controlled, retained ≥90 days, and reviewed daily.

  • Real-time alerts detect anomalies such as unusual request rates or canary record access.

Incident Response (DPP 1.6)

  • Documented IR plan includes detection, containment, eradication, recovery, and root-cause analysis.

  • Amazon notified at security@amazon.com within 24 hours of any Security Incident involving Amazon Information.

  • Clients notified as required.

  • IR plan reviewed semi-annually.

Credential Management (DPP 1.4)

  • Passwords: 12+ characters, complexity enforced, expiration every 90 days, no reuse.

  • MFA enforced for all accounts.

  • Keys/credentials encrypted, never hard-coded or in public repos.

Vulnerability Management (DPP 2.7)

  • Secure baselines, routine patching, and static code analysis.

  • Vulnerability scans at least every 180 days; pen-tests annually.

  • High-severity issues remediated within 30 days.

  • All findings tracked until resolved.

Commitment to Compliance

  • We maintain processes, documentation, and controls to comply with Amazon’s AUP and DPP.

  • We cooperate with Amazon audits and provide remediation evidence as requested.