This AWS European Sovereign Cloud Addendum (“ESCA”) supplements the AWS Customer Agreement available at http://aws.amazon.com/agreement, as updated from time to time between Customer and AWS, or other agreement between Customer and AWS governing Customer’s use of the Services (the “Agreement”). This ESCA is an agreement between you and the entity you represent (“Customer”, “you” or “your”) and the AWS Contracting Party or AWS Contracting Parties (as applicable) under the Agreement (together “AWS”). Unless otherwise defined in this ESCA or in the Agreement, all capitalized terms used in this ESCA will have the meanings given to them in Section 7 of this ESCA.

This ESCA only applies to AWS European Sovereign Cloud Accounts. This ESCA does not apply to (a) AWS Training & Certification, and (b) AWS Professional Services.

2.1. Your Content and Customer-Created Metadata

(a) AWS personnel outside of the EU do not have access to Your Content or Customer-Created Metadata. There are no technical means available to AWS personnel (including AWS European Sovereign Cloud Staff) outside of the EU to access Your Content or Customer-Created Metadata.

(b) AWS will not move or copy Your Content and Customer-Created Metadata to outside the EU, except as instructed by Customer or as necessary to comply with a valid and binding order of a governmental body and subject to the commitments in accordance with Section 2.2(b).

2.2. Requests for Your Content. If AWS receives a valid and binding order (“Request”) from any governmental body (“Requesting Party”) for disclosure of Your Content, AWS will use every reasonable effort to redirect the Requesting Party to request Your Content directly from Customer. If compelled to disclose Your Content to a Requesting Party:
(a) AWS will promptly notify Customer of the Request to allow Customer to seek a protective order or other appropriate remedy, if AWS is legally permitted to do so. If AWS is prohibited from notifying Customer about the Request, AWS will use all legally valid efforts to obtain a waiver of prohibition, to allow AWS to communicate as much information to Customer as soon as possible; and

(b) AWS will use all legally valid efforts to challenge any Request that conflicts with the laws of the EU (including GDPR) or applicable Member State law, or is otherwise overbroad or inappropriate.

If, after exhausting the steps described in Section 2.2(a) and 2.2(b), AWS remains compelled to disclose Your Content to a Requesting Party, AWS will disclose to the Requesting Party only the minimum amount of Your Content necessary to satisfy the Request.

2.3. AWS European Sovereign Cloud Data Processing Addendum. The AWS European Sovereign Cloud Data Processing Addendum (“ESC DPA”) attached to this ESCA as Annex 1 applies to Customer's use of the Services to process Customer Data (as defined in the ESC DPA).

3.1. AWS European Sovereign Cloud Staff. AWS represents and warrants that only AWS European Sovereign Cloud Staff (a) operate Services running in an AWS European Sovereign Cloud Region, (b) provide AWS Support for AWS European Sovereign Cloud Accounts, (c) operate the compute infrastructure for the AWS European Sovereign Cloud, and (d) control technical and operational systems of the AWS European Sovereign Cloud, including those containing Your Content and Customer-Created Metadata.

3.2. Obligations of AWS European Sovereign Cloud Staff. AWS European Sovereign Cloud Staff are obligated under their terms of employment to follow EU and Member State law. AWS European Sovereign Cloud Staff are trained (a) on how to manage Requests consistent with EU and Member State law and (b) on the workplace protections available for those that report concerns about any potential violation of EU or Member State law.

3.3. Corporate Governance. AWS represents and warrants that in the performance of the Agreement it will comply with the dedicated corporate governance framework, including additional rights vested in the Managing Directors and Advisory Board, as detailed in the publicly available Articles of Association of the AWS European Sovereign Cloud Entity and implemented by the AWS European Sovereign Cloud Entity and its subsidiaries for the AWS European Sovereign Cloud. AWS will provide 12 months’ prior Notice to Customer before the AWS European Sovereign Cloud Entity makes a material change to its Articles of Association, except when (a) the Advisory Board unanimously agrees that the change does not adversely affect (i) the operational independence, data localization controls, or EU-based governance structures established for the AWS European Sovereign Cloud, or (ii) AWS’s obligations to Customer under this ESCA, or (b) the change is necessary to comply with applicable law.

3.4. Subcontractors. If AWS uses Subcontractors, AWS will (a) impose appropriate contractual obligations upon its Subcontractors, and (b) be responsible if the acts or omissions of its Subcontractors cause AWS to breach any of its obligations under this ESCA. The use of Subcontractors will not release AWS from any of its obligations under this ESCA.

AWS will comply with the Security Standards and will implement reasonable and appropriate measures for the AWS Network designed to help Customer secure Your Content against accidental or unlawful loss, access, or disclosure. AWS can modify the Security Standards, as long as they will continue to provide at least the same overall level of security as is described in the Security Standards on the Effective Date.

5.1. Independent Operations. The AWS European Sovereign Cloud is designed to operate independently and indefinitely. Specifically, independent of its connection to any non-EU infrastructure, (a) Customer will be able to access and retrieve Your Content processed in the AWS European Sovereign Cloud Region from the EU, in accordance with the Post-Termination terms in Section 5.3 of the Agreement, (b) the Services running in an AWS European Sovereign Cloud Region will be operated and supported by AWS European Sovereign Cloud Staff with the necessary knowledge and experience to do so independently, and (c) AWS will continue to meet its security obligations in Section 4.

5.2. Notification Obligations. AWS will provide at least 12 months’ prior Notice to Customer using Services in the AWS European Sovereign Cloud Region prior to discontinuing the AWS European Sovereign Cloud Region. AWS will not be obligated to provide such Notice under this Section 5.2 if the discontinuation is necessary to comply with law, but in this case AWS will provide as much prior Notice as is reasonably practicable under the circumstances.

This ESCA supersedes all prior or contemporaneous representations, understandings, agreements, or communications between Customer and AWS, whether written or verbal, regarding the subject matter of this ESCA. Except as amended by this ESCA, the Agreement will remain in full force and effect. If there is a conflict between the Agreement and this ESCA, the terms of this ESCA will control.

Unless otherwise defined in the Agreement, all capitalized terms used in this ESCA will have the meanings given to them below:

“Advisory Board” means the advisory board of AWS European Sovereign Cloud GmbH that is staffed with EU citizens residing in the EU.

“AWS European Sovereign Cloud” means the dedicated cloud in the EU, including the infrastructure and Services that AWS makes available to customers through AWS European Sovereign Cloud Regions.

“AWS European Sovereign Cloud Account” means any AWS account that Customer creates in the AWS European Sovereign Cloud that is associated with a valid email address and a valid form of payment.

“AWS European Sovereign Cloud Entity” means AWS European Sovereign Cloud GmbH.

“AWS European Sovereign Cloud Staff” means persons that are (a) employed by an AWS entity registered in the EU, and (b) EU residents or EU citizens, and in each case located in the EU when performing their role.

“Customer-Created Metadata” means metadata that Customer creates to manage and configure AWS resources, including the roles, permissions, resource labels, and configurations Customer uses to run AWS. For example, Customer-Created Metadata includes customer-supplied tags, resource identifiers, system configurations, and AWS Identity and Access Management policies.

“EU” means the European Union.

“Managing Director” means a managing director of AWS European Sovereign Cloud GmbH who is an EU citizen residing in the EU.

“Security Standards” means the security standards attached to this ESCA as Annex 2.

“Subcontractor” means an unaffiliated third party to whom AWS has delegated a material portion of its obligations to provide the Services to Customer under this ESCA.

This AWS European Sovereign Cloud Data Processing Addendum (“ESC DPA”) supplements the AWS European Sovereign Cloud Addendum (“ESCA”) between Customer and AWS. Unless otherwise defined in this ESC DPA, in the ESCA, or in the Agreement, all capitalized terms used in this ESC DPA will have the meanings given to them in Section 17 of this ESC DPA.

1.1 Scope and Roles. This ESC DPA applies when (i) the ESCA applies and (ii) Customer Data is processed by AWS. In this context, AWS will act as processor to Customer, who can act either as controller or processor of Customer Data.

1.2 Customer Controls. Customer can use the Service Controls to assist it with its obligations under Applicable Data Protection Law, including its obligations to respond to requests from data subjects. Taking into account the nature of the processing, Customer agrees that it is unlikely that AWS would become aware that Customer Data is inaccurate or outdated. Nonetheless, if AWS becomes aware that Customer Data is inaccurate or outdated, it will inform Customer without undue delay. AWS will cooperate with Customer to erase or rectify inaccurate or outdated Customer Data by providing the Service Controls that Customer can use to erase or rectify Customer Data.

1.3 Details of Data Processing.

1.3.1 Subject matter. The subject matter of the data processing under this ESC DPA is Customer Data.

1.3.2 Duration. As between AWS and Customer, the duration of the data processing under this ESC DPA is determined by Customer.

1.3.3 Purpose. The purpose of the data processing under this ESC DPA is the provision of the Services initiated by Customer from time to time.

1.3.4 Nature of the processing. Compute, storage and such other Services as described in the Documentation and initiated by Customer from time to time.

1.3.5 Type of Customer Data. Customer Data uploaded to the Services under Customer’s AWS European Sovereign Cloud Accounts.

1.3.6 Categories of data subjects. The data subjects could include Customer’s customers, employees, suppliers, and End Users.

1.4 Compliance with Laws. Each party will comply with all laws, rules and regulations applicable to it and binding on it in the performance of this ESC DPA, including Applicable Data Protection Law.

The parties agree that this ESC DPA, the ESCA, and the Agreement (including Customer providing instructions via configuration tools such as the AWS management console and APIs made available by AWS for the Services) constitute Customer’s documented instructions regarding AWS’s processing of Customer Data (“Documented Instructions”). AWS will process Customer Data only in accordance with Documented Instructions (which if Customer is acting as a processor, could be based on the instructions of its controllers). Additional instructions outside the scope of the Documented Instructions (if any) require prior written agreement between AWS and Customer, including agreement on any additional fees payable by Customer to AWS for carrying out such instructions.  Customer is entitled to terminate this ESC DPA and the Agreement if AWS declines to follow instructions requested by Customer that are outside the scope of, or changed from, those given or agreed to be given in this ESC DPA. Taking into account the nature of the processing, Customer agrees that it is unlikely AWS can form an opinion on whether Documented Instructions infringe Applicable Data Protection Law. If AWS forms such an opinion, it will immediately inform Customer, in which case, Customer is entitled to withdraw or modify its Documented Instructions.

AWS will not access or use, or disclose to any third party, any Customer Data, except, in each case, as necessary to maintain or provide the Services, or as necessary to comply with the law or a valid and binding order of a governmental body (such as a subpoena or court order). Following a valid and binding order from a Requesting Party for disclosure of Customer Data, AWS will follow the same process as described for Your Content in the ESCA. As part of AWS’s effort to redirect the Requesting Party to request that data directly from Customer, AWS may provide Customer’s basic contact information to the Requesting Party.

AWS restricts its personnel from processing Customer Data without authorization by AWS as described in the Security Standards. AWS imposes appropriate contractual obligations upon its personnel, including relevant obligations regarding confidentiality, data protection and data security.

5.1 AWS has implemented and will maintain the technical and organizational measures for the AWS Network as described in the Security Standards and this Section. In particular, AWS has implemented and will maintain the following technical and organizational measures:

(a) security of the AWS Network as set out in Section 1.1 of the Security Standards;

(b) physical security of the facilities as set out in Section 1.2 of the Security Standards;

(c) measures to control access rights for authorized personnel to the AWS Network as set out in Section 1.3 of the Security Standards; and

(d) processes for regularly testing, assessing and evaluating the effectiveness of the technical and organizational measures implemented by AWS as described in Section 2 of the Security Standards.

5.2 Customer can elect to implement technical and organizational measures to protect Customer Data. Such technical and organizational measures include the following which can be obtained by Customer from AWS as described in the Documentation, or directly from a third-party supplier:

(a) pseudonymization and encryption to ensure an appropriate level of security;

(b) measures to ensure the ongoing confidentiality, integrity, availability and resilience of the processing systems and services that are operated by Customer;

(c) measures to allow Customer to backup and archive appropriately in order to restore availability and access to Customer Data in a timely manner in the event of a physical or technical incident; and

(d) processes for regularly testing, assessing and evaluating the effectiveness of the technical and organizational measures implemented by Customer.

6.1 Authorized Sub-processors. Customer provides general authorization to AWS’s use of sub-processors to provide processing activities on Customer Data on behalf of Customer (“Sub-processors”) in accordance with this Section. The AWS website (currently posted at https://aws.amazon.com/compliance/sub-processors/) lists Sub-processors that are currently engaged by AWS.  At least 30 days before AWS engages a Sub-processor, AWS will update the applicable website and provide Customer with a mechanism to obtain notice of that update. To object to a Sub-processor, Customer can: (i) terminate the Agreement pursuant to its terms; (ii) cease using the Service for which AWS has engaged the Sub-processor; or (iii) move the relevant Customer Data to another Region in the EU (which may not be an AWS European Sovereign Cloud Region) where AWS has not engaged the Sub-processor.

6.2 Sub-processor Obligations. Where AWS authorizes a Sub-processor as described in Section 6.1:

(i) AWS will restrict the Sub-processor’s access to Customer Data only to what is necessary to provide or maintain the Services in accordance with the Documentation, and AWS will prohibit the Sub-processor from accessing Customer Data for any other purpose;

(ii) AWS will enter into a written agreement with the Sub-processor and, to the extent that the Sub-processor performs the same data processing services provided by AWS under this ESC DPA, AWS will impose on the Sub-processor the same contractual obligations that AWS has under this ESC DPA; and

(iii) AWS will remain responsible for its compliance with the obligations of this ESC DPA and for any acts or omissions of the Sub-processor that cause AWS to breach any of AWS’s obligations under this ESC DPA.

Taking into account the nature of the processing, the Service Controls are the technical and organizational measures by which AWS will assist Customer in fulfilling Customer’s obligations to respond to data subjects’ requests under Applicable Data Protection Law. If a data subject makes a request to AWS, AWS will promptly forward such request to Customer once AWS has identified that the request is from a data subject for whom Customer is responsible. Customer authorizes on its behalf, and on behalf of its controllers when Customer is acting as a processor, AWS to respond to any data subject who makes a request to AWS, to confirm that AWS has forwarded the request to Customer. The parties agree that Customer’s use of the Service Controls and AWS forwarding data subjects’ requests to Customer in accordance with this Section, represent the scope and extent of Customer’s required assistance.

AWS makes available many Service Controls that Customer can elect to use. Customer is responsible for (a) implementing the measures described in Section 5.2, as appropriate, (b) properly configuring the Services, (c) using the Service Controls to allow Customer to restore the availability and access to Customer Data in a timely manner in the event of a physical or technical incident (for example backups and routine archiving of Customer Data), and (d) taking such steps as Customer considers adequate to maintain appropriate security, protection, and deletion of Customer Data, which includes use of encryption technology to protect Customer Data from unauthorized access and measures to control access rights to Customer Data.

9.1 Security Incident. AWS will (a) notify Customer of a Security Incident without undue delay after becoming aware of the Security Incident, and (b) take appropriate measures to address the Security Incident, including measures to mitigate any adverse effects resulting from the Security Incident.

9.2 AWS Assistance. To enable Customer to notify a Security Incident to supervisory authorities or data subjects (as applicable), AWS will cooperate with and assist Customer by including in the notification under Section 9.1(a) such information about the Security Incident as AWS is able to disclose to Customer, taking into account the nature of the processing, the information available to AWS, and any restrictions on disclosing the information, such as confidentiality. Taking into account the nature of the processing, Customer agrees that it is best able to determine the likely consequences of a Security Incident.

9.3 Unsuccessful Security Incidents. Customer agrees that:

(i) an unsuccessful Security Incident will not be subject to this Section 9. An unsuccessful Security Incident is one that results in no unauthorized access to Customer Data or to any of AWS’s equipment or facilities storing Customer Data, and could include, without limitation, pings and other broadcast attacks on firewalls or edge servers, port scans, unsuccessful log-on attempts, denial of service attacks, packet sniffing (or other unauthorized access to traffic data that does not result in access beyond headers) or similar incidents; and

(ii) AWS’s obligation to report or respond to a Security Incident under this Section 9 is not and will not be construed as an acknowledgement by AWS of any fault or liability of AWS with respect to the Security Incident.

9.4 Communication. Notification(s) of Security Incidents, if any, will be delivered to one or more of Customer’s administrators by any means AWS selects, including via email. It is Customer’s sole responsibility to ensure Customer’s administrators maintain accurate contact information on the AWS management console and secure transmission at all times.

9.5 Notification Obligations. If AWS notifies Customer of a Security Incident, or Customer otherwise becomes aware of any accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Customer Data, Customer will be responsible for (a) determining if there is any resulting notification or other obligation under Applicable Data Protection Law and (b) taking necessary action to comply with those obligations. This does not limit AWS’s obligations under this Section 9.

10.1 AWS ISO-Certification and SOC Reports. In addition to the information contained in this ESC DPA, upon Customer’s request, and provided that the parties have an applicable NDA in place, AWS will make available the following documents and information:

(i) the certificates issued for the ISO 27001 certification, the ISO 27017 certification, the ISO 27018 certification, and the ISO 27701 certification (or the certifications or other documentation evidencing compliance with such alternative standards as are substantially equivalent to ISO 27001, ISO 27017, ISO 27018, and ISO 27701); and

(ii) the System and Organization Controls (SOC) 1 Report, the System and Organization Controls (SOC) 2 Report and the System and Organization Controls (SOC) 3 Report (or the reports or other documentation describing the controls implemented by AWS that replace or are substantially equivalent to the SOC 1, SOC 2 and SOC 3).

10.2 AWS Audits. AWS uses external auditors to verify the adequacy of its security measures, including the security of the physical data centers from which AWS provides the Services. This audit: (a) will be performed at least annually; (b) will be performed according to ISO 27001 standards or such other alternative standards that are substantially equivalent to ISO 27001; (c) will be performed by independent third-party security professionals at AWS’s selection and expense; and (d) will result in the generation of an audit report (“Report”), which will be AWS’s Confidential Information.

10.3 Audit Reports. At Customer’s written request, and provided that the parties have an applicable NDA in place, AWS will provide Customer with a copy of the Report so that Customer can reasonably verify AWS’s compliance with its obligations under this ESC DPA.

10.4 Privacy Impact Assessment and Prior Consultation. Taking into account the nature of the processing and the information available to AWS, AWS will assist Customer in complying with Customer’s obligations in respect of data protection impact assessments and prior consultation, by providing the information AWS makes available under this Section 10.

If Customer chooses to conduct any audit, including any inspection, it has the right to request or mandate on its own behalf, and on behalf of its controllers when Customer is acting as a processor, under Applicable Data Protection Law, by instructing AWS to carry out the audit described in Section 10. If Customer wishes to change this instruction regarding the audit, then Customer has the right to request a change to this instruction by sending AWS written notice as provided for in the Agreement. If AWS declines to follow any instruction requested by Customer regarding audits, including inspections, Customer is entitled to terminate the Agreement in accordance with its terms.

12.1 Regions. Customer can specify the location(s) where Customer Data will be processed within the AWS Network (each a “Region”). Once Customer has made its choice, AWS will not transfer Customer Data from Customer’s selected Region(s) except as set out for Your Content in the ESCA.

12.2 Application of Standard Contractual Clauses. Subject to Section 12.3, AWS has implemented intracompany Standard Contractual Clauses, which will only apply if Customer Data subject to the GDPR is transferred, either directly or via onward transfer, to any Third Country (each a “Data Transfer”).

12.3 Alternative Transfer Mechanism. The Standard Contractual Clauses will not apply to a Data Transfer if AWS has adopted Binding Corporate Rules for Processors or an alternative recognised compliance standard for lawful Data Transfers.

This ESC DPA will continue in force until the termination of the Agreement (the “Termination Date”).

At any time up to the Termination Date, and for 90 days following the Termination Date, subject to the terms and conditions of the Agreement, AWS will return or delete Customer Data when Customer uses the Service Controls to request such return or deletion. No later than the end of this 90-day period, Customer will close all AWS European Sovereign Cloud Accounts containing Customer Data.

Where Customer Data becomes subject to confiscation during bankruptcy or insolvency proceedings, or similar measures by third parties while being processed by AWS, AWS will inform Customer without undue delay. AWS will, without undue delay, notify all relevant parties in such action (for example creditors, bankruptcy trustee) that any Customer Data subjected to those proceedings is Customer’s property and area of responsibility and that Customer Data is at Customer’s sole disposition.

This ESC DPA supersedes all prior or contemporaneous representations, understandings, agreements, or communications between Customer and AWS, whether written or verbal, regarding the subject matter of this ESC DPA. Except as amended by this ESC DPA, the ESCA will remain in full force and effect. If there is a conflict between the ESCA and this ESC DPA, the terms of this ESC DPA will control.

Unless otherwise defined in the ESCA, all capitalized terms used in this ESC DPA will have the meanings given to them below:

“API” means an application program interface.

“Applicable Data Protection Law” means all laws and regulations applicable to and binding on the processing of Customer Data by a party, including, as applicable, the GDPR.

“AWS Network” means the servers, networking equipment, and host software systems (for example, virtual firewalls) that are within AWS’s control and are used to provide the Services.

“controller” has the meaning given to it in the GDPR.

“Customer Data” means the Personal Data that is uploaded to the Services under Customer’s AWS European Sovereign Cloud Accounts.

“Documentation” means the then-current documentation for the Services located at http://aws.amazon.com/documentation (and any successor locations designated by AWS).

“EEA” means the European Economic Area.

“GDPR” means Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation).

“Personal Data” means personal data, personal information, personally identifiable information or other equivalent term (each as defined in Applicable Data Protection Law).

https://aws.amazon.com/compliance/privacy-features/“processing” has the meaning given to it in the GDPR and “process”, “processes” and “processed” will be interpreted accordingly.

“processor” has the meaning given to it in the GDPR.

“Region” has the meaning given to it in Section 12.1 of this DPA.

“Security Incident” means a breach of AWS’s security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Customer Data.

“Security Standards” means the security standards attached to the ESCA as Annex 2.

“Service Controls” means the controls, including security features and functionalities, that the Services provide, as described in the Documentation.

“Standard Contractual Clauses” means the European Commission’s Standard Contractual Clauses, specifically Module Three, which is designed for international data transfers from a processor within or outside the EU/EEA to a processor in a Third Country introduced by the European Commission Implementing Decision (EU) 2021/914 of 4 June 2021 as implemented between AWS entities in accordance with Section 12.2.

“Third Country” means a country outside the EEA not recognised by the European Commission as providing an adequate level of protection for personal data (as described in the GDPR).

Capitalized terms not otherwise defined in this document have the meanings assigned to them in the Agreement.

AWS will maintain an information security program designed to (a) enable Customer to secure Customer Data against accidental or unlawful loss, access, or disclosure, (b) identify reasonably foreseeable risks to the security and availability of the AWS Network, and (c) minimize physical and logical security risks to the AWS Network, including through regular risk assessment and testing. AWS will designate one or more employees to coordinate and be accountable for the information security program. AWS’s information security program will include the following measures:

1.1 Logical Security.

1.1.1 Access Controls. AWS will make the AWS Network accessible only to authorized personnel, and only as necessary to maintain and provide the Services. AWS will maintain access controls and policies to manage authorizations for access to the AWS Network from each network connection and user, including through the use of firewalls or functionally equivalent technology and authentication controls. AWS will maintain access controls designed to (i) restrict unauthorized access to data, and (ii) segregate each customer’s data from other customers’ data.

1.1.2 Restricted User Access. AWS will (i) provision and restrict user access to the AWS Network in accordance with least privilege principles based on personnel job functions, (ii) require review and approval prior to provisioning access to the AWS Network above least privileged principles, including administrator accounts, (iii) require at least quarterly review of AWS Network access privileges and, where necessary, revoke AWS Network access privileges in a timely manner, and (iv) require two-factor authentication for access to the AWS Network from remote locations.

1.1.3 Vulnerability Assessments. AWS will perform regular external vulnerability assessments and penetration testing of the AWS Network, and will investigate identified issues and track them to resolution in a timely manner.

1.1.4 Application Security. Before publicly launching new Services or significant new features of Services, AWS will perform application security reviews designed to identify, mitigate, and remediate security risks.

1.1.5 Change Management. AWS will maintain controls designed to log, authorize, test, approve, and document changes to existing AWS Network resources, and will document change details within its change management or deployment tools. AWS will test changes according to its change management standards prior to migration to production. AWS will maintain processes designed to detect unauthorized changes to the AWS Network and track identified issues to a resolution.

1.1.6 Data Integrity. AWS will maintain controls designed to provide data integrity during transmission, storage, and processing within the AWS Network. AWS will provide Customer the ability to delete Customer Data from the AWS Network.

1.1.7 Business Continuity and Disaster Recovery. AWS will maintain a formal risk management program designed to support the continuity of its critical business functions (“Business Continuity Program”). The Business Continuity Program includes processes and procedures for identification of, response to, and recovery from, events that could prevent or materially impair AWS’s provision of the Services (a “BCP Event”). The Business Continuity Program includes a three-phased approach that AWS will follow to manage BCP Events:

(i) Activation and Notification Phase. As AWS identifies issues likely to result in a BCP Event, AWS will escalate, validate and investigate those issues. During this phase, AWS will analyze the root cause of the BCP Event.

(ii) Recovery Phase. AWS assigns responsibility to the appropriate teams to take steps to restore normal system functionality or stabilize the affected Services.

(iii) Reconstitution Phase. AWS leadership reviews actions taken and confirms that the recovery effort is complete and the affected portions of the Services and AWS Network have been restored. Following such confirmation, AWS conducts a post-mortem analysis of the BCP Event.

1.1.8 Incident Management. AWS will maintain corrective action plans and incident response plans to respond to potential security threats to the AWS Network. AWS incident response plans will have defined processes to detect, mitigate, investigate, and report security incidents. The AWS incident response plans include incident verification, attack analysis, containment, data collection, and problem remediation. AWS will maintain an AWS Security Bulletin (as of the Effective Date, http://aws.amazon.com/security/security-bulletins/) which publishes and communicates security related information that may affect the Services and provides guidance to mitigate the risks identified.

1.1.9 Storage Media Decommissioning. AWS will maintain a media decommissioning process that is conducted prior to final disposal of storage media used to store Customer Data. Prior to final disposal, storage media that was used to store Customer Data will be degaussed, erased, purged, physically destroyed, or otherwise sanitized in accordance with industry standard practices designed to ensure that the Customer Data cannot be retrieved from the applicable type of storage media.

1.2 Physical Security.

1.2.1 Access Controls. AWS will (i) implement and maintain physical safeguards designed to prevent unauthorized physical access, damage, or interference to the AWS Network, (ii) use appropriate control devices to restrict physical access to the AWS Network to only authorized personnel who have a legitimate business need for such access, (iii) monitor physical access to the AWS Network using intrusion detection systems designed to monitor, detect, and alert appropriate personnel of security incidents, (iv) log and regularly audit physical access to the AWS Network, and (v) perform periodic reviews to validate adherence with these standards.

1.2.2 Availability. AWS will (i) implement redundant systems for the AWS Network designed to minimize the effect of a malfunction on the AWS Network, (ii) design the AWS Network to anticipate and tolerate hardware failures, and (iii) implement automated processes designed to move customer data traffic away from the affected area in the case of hardware failure.

1.3 AWS Employees.

1.3.1 Employee Security Training. AWS will implement and maintain employee security training programs regarding AWS information security requirements. The security awareness training programs will be reviewed and updated at least annually.

1.3.2 Background Checks. Where permitted by law, and to the extent available from applicable governmental authorities, AWS will require that each employee undergo a background investigation that is reasonable and appropriate for that employee’s position and level of access to the AWS Network.

AWS will conduct periodic reviews of the information security program for the AWS Network. AWS will update or alter its information security program as necessary to respond to new security risks and to take advantage of new technologies.