Last updated: May 31, 2026

This document describes the security, risk management, and incident response program operated by Binam Inc. (“Binam”, “we”, “our”). It applies to all systems, employees, contractors, and sub-processors that handle client data, Amazon Information, or any other sensitive information.

1. Governance and Accountability

Information security is owned at the executive level. We maintain the following accountabilities:

  • Chief Security Officer / Security Lead: Binam Inc. has designated a Security Lead who is the named individual responsible for our information security program, including risk management, security monitoring, and incident response. Contact: info@binaminc.com.
  • Data Protection Officer (DPO): Binam Inc. has appointed a Data Protection Officer responsible for data protection compliance, including GDPR/CCPA, and acts as the point of contact for data subject requests. Contact: info@binaminc.com.
  • The security program is reviewed by leadership on at least an annual basis and after any material change to our environment.

2. Risk Management Program

We operate a documented risk management process that includes:

  • Annual risk assessments: identifying threats, vulnerabilities, and likely impacts across our people, processes, and technology.
  • Targeted assessments before onboarding new vendors, sub-processors, or systems that will handle client or Amazon data.
  • Risk register: an internal log of identified risks, owners, mitigation actions, and target resolution dates.
  • Treatment decisions: for each material risk we document whether the risk is accepted, mitigated, transferred, or avoided.
  • Continuous improvement: findings from incidents, audits, and assessments are fed back into the risk register and into staff training.

3. Security Controls

  • Identity and access: Single sign-on where supported. Mandatory multi-factor authentication (MFA) for all accounts that access client data or Amazon Information. Access granted on a least-privilege, need-to-know basis and reviewed at least quarterly.
  • Credentials: All credentials are stored in an encrypted enterprise password manager. Sharing credentials in plaintext (chat, email, documents) is prohibited.
  • Endpoint protection: Disk encryption, endpoint protection, automatic patching, screen lock, and remote-wipe capability on all company devices.
  • Network security: Production and administrative traffic over TLS 1.2+. No client data is stored on personal devices or unmanaged systems.
  • Cloud security: We use reputable cloud providers and follow vendor-recommended hardening guidance. Logging and alerting are enabled on production systems.
  • Vendor management: All sub-processors are bound by written agreements requiring confidentiality and security commitments at least equivalent to ours.
  • Awareness training: All employees and long-term contractors complete security and privacy training on hire and at least annually thereafter.

4. Security Monitoring

We continuously monitor for security events through a combination of:

  • Audit logging and alerting from cloud, identity, and endpoint systems
  • Email-based reporting channels for staff to escalate suspicious activity
  • Regular review of access logs in critical systems (Amazon Seller Central, Amazon Ads, Amazon DSP, AMC, Shopify, Google Workspace, etc.)
  • Periodic vulnerability scanning of internet-facing assets

Suspected anomalies are triaged by the Security Lead and escalated under the incident response process below.

5. Incident Response Plan

Binam Inc. maintains a written incident response plan that defines roles, communications, and steps to follow when a security event is detected. The plan follows industry-standard phases:

  1. Detection & Reporting — any employee or contractor must report suspected incidents to the Security Lead within 24 hours of discovery.
  2. Triage & Classification — the Security Lead classifies severity and determines whether client data, Amazon Information, or personal data is involved.
  3. Containment — immediate actions are taken to stop the incident: rotating credentials, revoking access, isolating systems, or disabling affected accounts.
  4. Eradication & Recovery — root cause is identified and corrected; affected systems are restored from clean state.
  5. Notification — affected clients, data subjects (where required by law), and Amazon are notified as set out in Section 6 below.
  6. Post-Incident Review — within 30 days of resolution, the Security Lead produces a written post-incident review with findings and corrective actions, which are tracked to closure.

The incident response plan is reviewed and tested at least annually.

6. Notification to Amazon and Affected Parties

Where an incident affects Amazon Information or our access to or use of Amazon systems, Binam Inc. will:

  • Notify Amazon promptly, and in any case within 24 hours of confirming that Amazon Information may have been affected, using Amazon's designated reporting channels.
  • Provide Amazon with available information about scope, root cause, containment steps, and remediation timeline.
  • Cooperate with Amazon's investigation and follow-up requests.
  • Notify affected clients and, where required by law, data protection authorities and data subjects.

Our organization has a policy to notify Amazon within 30 days of any organizational changes that affect our access to or use of Amazon Information. Examples include changes in ownership, leadership with Amazon access, business address, or material changes in how Amazon Information is processed.

7. Business Continuity

Critical client work is documented and at least two team members are familiar with each active client engagement. Cloud-based tools used for core operations have provider-managed redundancy. Backup procedures are reviewed at least annually.

8. Audit and Review

This policy and the underlying program are reviewed at least annually and after any major incident, change in regulation, or change in the scope of services we provide. Updates are approved by leadership.

9. Contact

To report a suspected security incident involving Binam Inc., please contact:

Security Lead
Binam Inc.
8 The Green, Ste R
Dover, Delaware 19901
United States
Phone: +1 (302) 314-3222
Email: info@binaminc.com