Data Loss Prevention (DLP) Policy

entegratorpro.com (Amazon SP‑API Integration)

Effective Date: 19/03/2025

Last Updated: 19/03/2025

1. Introduction

EntegratorPro is committed to protecting all sensitive data, including Amazon Information and Personally Identifiable Information (PII), against unauthorized access, transfer, or leakage. This Data Loss Prevention (DLP) Policy defines the controls, monitoring mechanisms, and incident response processes implemented to prevent sensitive data from leaving authorized environments.
Technology Principle: EntegratorPro is developed with modern architecture, containerized microservices running on Kubernetes, and using the latest technologies. Automated testing, security scanning, image signing, and versioning are standard in our CI/CD pipeline.

2. Scope

This policy covers the following data and stakeholders: – Amazon Information obtained through Amazon SP‑API,
– Customer and business data stored in EntegratorPro infrastructure, – Employees, contractors, and third-party service providers with access to sensitive data.

3. Definitions (Summary)

  • Amazon Information: Data provided by Amazon or obtained through SP‑API.
  • PII: Information that can directly or indirectly identify an individual.
  • DLP: A set of technologies and processes that detect, prevent, and report data loss/leakage.

4. Roles and Responsibilities

  • Data Owner: Defines the data classification and business purposes; approves access authorization.
  • Security Team: Implements DLP policies, monitors and reports incidents; coordinates audits and training.
  • Engineering/DevOps: Implements encryption, access controls, and monitoring structures; maintains secure configurations on Kubernetes.
  • All Users: Obligated to comply with the policy and immediately report suspicious situations.

5. Data Classification

Data is classified into at least the following categories:

1. Sensitive (Amazon Information/PII): Highest protection. Access is restricted, subject to transfer prohibitions.
2. Internal: Corporate use; external sharing is restricted.
3. Public: External sharing is permitted.

Data classification is defined through labeling and access policies across all systems.

6. Access and Transfer Restrictions

  • Personal device prohibition: Amazon Information cannot under any circumstances be accessed, stored, or retained on personal computers, phones, USB drives, external disks, or unauthorized cloud storage (e.g., personal Google Drive/Dropbox, etc.).
  • Unauthorized transfer prohibition: Amazon Information cannot be sent via email, messaging applications, or unauthorized file sharing services.
  • Minimum privilege: Access is granted with RBAC and the least privilege principle; reviewed periodically.

7. Encryption Standards

  • At rest: Sensitive data is encrypted with AES‑256.
  • In transit: All traffic is required over TLS 1.2+.
  • Secret key management: Kubernetes Secret objects and/or secure vault solutions are used; key rotation is policy-driven.

8. Monitoring and DLP Mechanisms

  • DLP Software: Scans and blocks unauthorized data transfers; generates automatic alerts on suspicious activities.
  • Access Logs & Observability: All user interactions with Amazon Information are monitored through centralized logging; logs are retained for at least 90 days.
  • Anomaly Detection: Automatic alarms and escalation are triggered for unapproved device/location access.
  • Kubernetes Observability: Pod/Node metrics, image integrity, and network policies (NetworkPolicy) compliance are continuously monitored.

9. Endpoint and Infrastructure Security

  • Corporate device requirement: Access is only permitted from managed corporate devices (disk encryption, EDR, screen lock, etc.).
  • CI/CD Security: Dependency and container image scans are mandatory; images are signed and pulled only from trusted registry.
  • Backup: Encrypted backup policy is applied for sensitive data; access to backups is restricted.

10. Incident Response and Sanctions

  • Access is immediately suspended in case of unauthorized access/transfer attempts.
  • Incident recording, root cause analysis (RCA), and corrective/preventive actions (CAPA) are mandatory.
  • Violations are subject to disciplinary processes for employees, contract-based sanctions for third parties.
  • Required notifications for Amazon security incidents are communicated to relevant channels within 24 hours.

11. Compliance, Audits, and Tests

  • Compliance with Amazon SP‑API data protection requirements is continuous.
  • Quarterly security audits are conducted and findings are remediated.
  • Annual security training and regular penetration tests are implemented.

12. Training and Awareness

All employees receive training on DLP, data classification, and secure transfer at onboarding and periodically.
Policy changes are announced and accepted with signature acknowledgment.

13. Policy Review

This policy is periodically reviewed and updated in accordance with industry best practices and regulatory requirements.

14. Contact

Email: [email protected]

Address: Celal Bayar University Technopark Manisa

15. Technology and Architecture Notes (Informational)

  • Scalable architecture on Kubernetes; HPA, ConfigMap/Secret management, Helm-based versionable deployments.
  • .NET / ASP.NET Core, Blazor; EF Core and Dapper for data access, AutoMapper for mapping.
  • MudBlazor and DevExpress DxGrid in the UI layer; advanced filtering and action menus.
  • Monitoring: centralized log and metric collection, alert policies, and audit trails.

Note:
This section is for informational purposes; security architecture and toolsets may be updated over time.

Manage all your customer communications professionally and automatically with EntegratorPRO.
For support and detailed information, contact us: [email protected]