Acceptable Use Policy (AUP)

  • Access Control: Access to Amazon data is granted only to individually identified employees using unique, non-shared credentials and Multi-Factor Authentication (MFA). Access must adhere strictly to the need-to-know principle.

  • Prohibited Data Use: Strictly prohibit unauthorized access, copying, selling, modifying, or transferring Amazon data. Data must be used solely for the approved business purpose.

  • Device Restriction: Prohibit storing Amazon data on employee personal devices or in unsecured cloud storage. Data must only reside on managed, corporate assets that utilize anti-malware/anti-virus software.

  • Data Retention/Disposal: Require employees to adhere to secure data disposal policies, including the secure shredding of any printed documents containing PII.

  • Reporting & Consequences: Require immediate reporting of any suspected misuse or security incident. Detail the disciplinary actions for AUP violations (up to termination).