Compliance Standards: AWS data centers comply with various industry standards such as ISO 27001, SOC 1, SOC 2, and SOC 3, ensuring a high level of physical security and data protection. Strict Personnel Vetting: AWS implements a rigorous personnel screening process to ensure only trustworthy individuals have access. Role-Based Access Control: Access to physical locations is limited based on roles, ensuring only necessary personnel can access sensitive areas. Visitor Control: All visitors are logged and escorted at all times within AWS facilities. Continuous Monitoring: Ongoing surveillance and security audits are conducted to maintain the integrity of access controls. To mitigate risk of heat, fire, water Climate Control Systems: AWS employs advanced climate control systems to maintain optimal temperatures and humidity levels. Fire Detection and Suppression: AWS data centers are equipped with state-of-the-art fire detection and suppression systems. Water Damage Prevention: Facilities are designed to prevent water damage, with sensors and barriers in place to detect and mitigate any potential water hazards. Risk of hurricane, tornado, earthquake Strategic Location Selection: AWS data centers are strategically located in areas with a reduced risk of natural disasters. Structural Integrity: The buildings are designed to withstand various natural disaster scenarios, including hurricanes, tornadoes, and earthquakes. Disaster Recovery Protocols: AWS has comprehensive disaster recovery plans, including data backup and redundant systems, to ensure quick recovery and minimal service interruption in the event of a natural disaster. Our physical infrastructure for data storage and maintenance is hosted entirely on AWS, which involves a network of highly secure data centers across various locations. Due to the stringent security and privacy controls that AWS implements, direct physical access to these data centers by customers, including inspections or audits, is not typically permitted. This policy is in place to protect the integrity and security of the infrastructure, which hosts data for numerous customers globally. If the data you will be managing, storing, maintaining, or using on behalf of the Customer includes personally identifiable details, what provisions do you have in place to: ● Ensure compliance with European data privacy provisions (GDPR), as needed. ● Ensure compliance with data privacy provisions in other countries or regions. ● Ensure compliance with United States data breach laws (as needed, in those states where notification is required). 47 of 53