[Tech Business] Amazon AWS Marketplace and SaaS Seller Guide

[Tech Business] Amazon AWS Marketplace and SaaS Seller Guide

1. What is AWS Marketplace

AWS Marketplace enables qualified sellers to market and sell their software to AWS customers (customers). AWS Marketplace is an online software store that helps customers find, buy, and immediately start using the software and services that run on AWS. AWS Marketplace is designed for Independent Software Vendors (ISVs), Value-Added Resellers (VARs), and Systems Integrators (SIs) who have software products they want to offer to customers in the cloud. Sellers use AWS Marketplace to be up and running quickly and to offer their software products to customers around the world.

*  Marketing & New Users: Sellers can take advantage of the Management Portal to better build and analyze their business, while using features such as Free Trials to drive marketing activities and customer adoption.

*  Simplified Delivery: Deliver your software as an easy to build Amazon Machine Image (AMI) or Software as a Service (SaaS) listing and take advantage of our 1-click deployment feature. Enable customers to launch your software in minutes pre-configured to run on AWS.

*  Billing: Leave the metering, billing, collections, and disbursement of payments to AWS – focus on marketing and selling your software.

2. Becoming an AWS Marketplace Seller

If you are interested in selling your software on AWS Marketplace, review the requirements, and then follow the steps to register as a seller. There are different registration requirements based on where you reside and what type of products you want to list. To register as a seller on AWS Marketplace, you can use an existing AWS account or create a new account. All AWS Marketplace interactions will be tied to the AWS account you choose.

2-1. Seller Requirements for Publishing Free Products on AWS Marketplace

*  Sell publicly available, full-feature production-ready software (not a beta product).

*  Provide a means to keep software regularly updated and free of vulnerabilities.

*  Follow best practices and guidelines when marketing your product on AWS Marketplace.

*  Be an AWS customer in good standing and meet the requirements set forth in the terms and conditions for AWS Marketplace sellers.

2-2. Additional Seller Requirements for Publishing Paid or BYOL Products on AWS Marketplace

*  Be a permanent U.S. or European Union (EU) resident or citizen, or a business entity organized or incorporated in the United States or member state of the EU.

*  Tax and bank account information are required. For U.S. based entities, a W-9 and banking account from a U.S. based bank are required.

*  European Union state members are required to provide a W-8, Value Added Tax (VAT) number, and U.S. bank account. If you do not have a U.S. bank account, you can register for a virtual U.S. bank account from Hyperwallet.

To sell into the AWS GovCloud (US) Region, sellers must have an AWS GovCloud account. For details on ITAR requirements, refer to the AWS GovCloud (US) User Guide.

3. Download Guidebook

*  AWS Marketplace Seller Guide

*  AWS Marketplace SaaS Seller Integration Guide

Source: Amazon AWS Marketplace

※ The tax, accounting, or tech business information above is for your reference, and is not legally binding.

[US Corporation] Cloud service, Cybersecurity, and Cloud security

[US Corporation] Cloud service, Cybersecurity, and Cloud security

"March 3, 2016, 700 current and former Snapchat employees had their personal information stolen when hackers used a phishing scam to trick an employee into emailing them the private data."

"September 22, 2016: Yahoo announced that a hacker had stolen information from a minimum of 500 million accounts in late 2014. The thief, believed to be working on behalf of a foreign government, stole email addresses, passwords, full user names, dates of birth, telephone numbers, and, in some cases, security questions and answers."

According to a 2015 study conducted by the Ponemon Institute, the frequency of attacks against the cyber infrastructures of global governments and commercial enterprises continues to grow. These attacks can include stealing an organization's intellectual property, confiscating online bank accounts, creating and distributing computer viruses, posting confidential business information on the Internet, and disrupting a country's critical national infrastructure. Ultimately, the cybersecurity has become the key part of the internal control over the corporation.

Cybersecurity is the set of processes, best practices, and technology that protects critical infrastructure such as networks and databases from accidental or intentional damage due to attacks, unauthorized access, or natural disasters. There are several types of cybersecurity: operational security, data security, application security, network security, cloud security, and payment card industry (PCI) data security.

Especially, the cloud service is the service provided based upon cloud computing which is a model for enabling convenient, on-demand, and configurable computing resources such as servers, file storage, applications, and services and in terms of the cloud security regarding the cloud service, an organization’s scope and control over the cloud computational environment depend on the type of cloud service model.

Type of service model	Infrastructure-as-a-service (IaaS)	Platform-as-a-service (PaaS)	Software-as-a-service (SaaS)
Scope	A model of service delivery where the basic computing infrastructure of servers, software, and network equipment is provided as an on-demand service.	A model of service delivery where the computing platform is provided as an on-demand service upon which applications can be developed and deployed.	A model of service delivery where one or more applications are provided for use on demand.
Control	Security provisions beyond the basic infrastructure are carried out mainly by the cloud consumer.	Security provisions are split between the cloud provider and the cloud consumer.	Security is the cloud provider's responsibility, and the cloud consumer does not control the underlying cloud infrastructure or individual applications.

Cloud security advantages and disadvantages

Advantages	Disadvantages
Although there are date security challenges unique to cloud computing, improvements are continuously made, enabling organizations to enjoy security and privacy benefits by transitioning to a public cloud computing environment. (a) Staff specialization (b) Platform strength (c) Resource availability (d) Backup and recovery (e) Mobile endpoints (f) Data concentration	Cloud computing has several disadvantages over traditional data centers. (a) System complexity (b) Shared multitenant environment (c) Internet-facing services (d) Loss of control the organization's direct control.

AICPA Cybersecurity standards

On April 26, 2017, the AICPA introduced a market‐driven, flexible, and voluntary cybersecurity risk management reporting framework. The new framework will enable all organizations in industries worldwide to take a proactive and agile approach to cybersecurity risk management and to communicate on those activities with stakeholders.

There are Trust Services Criteria for Security, Availability, Processing Integrity, Confidentiality, and Privacy:

(1) Established by the Assurance Services Executive Committee (ASEC) of the AICPA,

(2) May be used when evaluating the design and operating effectiveness of relevant controls of one or more systems or type of information processed, and

(3) Organized consistent with COSO's Internal Control—Integrated Framework (COSO).

Source: Becker Professional

※ The tax, accounting, or tech business information above is for your reference, and is not legally binding.

[Korean Foreign-Invested Company] VAT return filing and the major revision of VAT for July, 2018

[Korean Foreign-Invested Company] VAT return filing and the major revision of VAT for July, 2018

1. Finalized value added tax (VAT) return filing for the 1st period of 2018

(1) Entrepreneurs subject to file a finalized return

(a) Because corporate entrepreneurs file a preliminary return, they should file and pay VAT for the turnover of sales from April to June.

(b) General taxable persons do not file a preliminary return, so they should file and pay VAT for the turnover of sales from January to June (excluding the amount filed through early VAT refund returns).

(c) Because simplified taxable persons file and pay VAT for the turnover of sales from January to December once a year by January 25 of the following year, they are not obligated to file a finalized return.

(2) Finalized VAT filing period

Period	Type of entrepreneur		Classification	Filing period
1st period	Corporation		* Continuing business * Newly commenced business (in or after April)	* Jan. 1-Jun. 30 (excluding the amount filed through preliminary returns and early VAT refund returns) * Business commencement date-Jun.30 (excluding the amount filed through early VAT returns)
	Individual	General taxpayer	* Continuing business * Newly commenced business	* Jan. 1-Jun. 30 (excluding the amount filed through preliminary returns and early VAT refund returns) * Business commencement date-Jun.30 (excluding the amount filed through early VAT returns)

※ Businesses without any sales turnover during the filing period due to temporary business closure, etc. should also file a VAT return.

2. Major revisions to the Value Added Tax Act in 2018

(1) Expanded scope of cases in which issuance of purchaser-issued corrected tax invoice is permitted (Article 34-2 of the Act)

(a) Cases in which issuance of purchaser-issued corrected tax invoice is permitted

* Before: When the seller does not issue a tax invoice

* After: Also possible when a corrected tax invoice cannot be issued by the seller due to business closure, etc.

(b) Reason for revision: To ease the burden of taxpayers due to the non-issuance of a corrected tax invoice

(c) Applicable to goods or services supplied on or after Jan. 1, 2018

(2) Increase in penalty tax rate for false tax invoice (Article 60 of the Act)

(a) When a tax invoice, etc. was issued or received without the supply of goods or services

* Amount stated on the false tax invoice x (Before) 2% -> (After) 3%

(b) When the supply amount on the tax invoice, etc. was stated in excess after supply of goods or service

* Excessively stated supply amount x (Before) 2% -> (After) 3%

(c) Reason for revision: To strengthen restrictions on false transactions, etc.

(d) Applicable to goods or services supplied on or after Jan. 1, 2018

(3) Procedure for issuance of corrected import tax invoice established (New, Article 35)

(a) If the head of a customs office does not issue a corrected import tax invoice, the importer can submit an application for issuance of corrected import tax invoice within five years of the date of import declaration or within one year of the date on which a decision, etc. was made on the lawsuit.

* The head of the customs office should issue a corrected import tax invoice within two months of receiving the application, or notify the applicant that there is no reason to issue an invoice.

(b) Reason for establishment: To strengthen taxpayers’ rights related to corrected import tax invoice

(c) Applied to corrected import declarations by importers or decisions or corrections made by the head of the customs office on or after Jan. 1, 2018.

* The above tax information is translated from Korean for foreign-invested companies, and is not legally binding.

* Source: Korean National Tax Service