eXpress badging® maintains compliance and accountability through documented policies and processes
📘 eXpress badging® maintains compliance and accountability through documented policies and processes that govern:
-
How employees report compliance or ethics concerns
-
How records (paper, electronic, and email) are retained and deleted
-
How customer confidential data is destroyed within defined timelines
These processes are aligned with NIST CSF 2.0 and enforced as part of our EOS Accountability structure.
📢 Ethics Reporting & Training
-
Employees are trained on compliance and ethics reporting as part of our Cybersecurity Training & Accountability Program.
-
Issues can be reported through:
-
Department Heads, who carry accountability within their teams.
-
Direct escalation to the Compliance Lead.
-
Anonymous reporting via flagged internal emails.
-
-
Compliance issues are tracked in Jira or HubSpot, and progress is reviewed in quarterly EOS Scorecards.
🔗 Related Article: Cybersecurity Awareness Education and Training
🗄️ Records Retention & Obliteration
-
Paper & electronic records are retained only as long as required by contract or regulation.
-
Emails with PII are auto-rejected and deleted — customers must use the Upload Center or the Veonics® Portal for submissions.
-
Veonics® Portal Data is obliterated 30 days after project completion or upon customer request.
-
Customers using the Veonics® Portal subscription are responsible for retention within their account, with automatic obliteration after license expiration.
🔗 Related Article: Data Retention & Deletion
🔒 Data Destruction & Certification
-
eXpress badging® destroys all customer confidential information within 30 calendar days unless otherwise specified by contract.
-
Examples are destroyed within the specified calendar days notification; 15 or 45-days.
-
-
Certificates of Destruction are available upon request and issued within 10 business days of acceptance.
-
Process:
-
Scoped Data is obliterated from Veonics® Portal within 30 days.
-
Local PII for We Print projects is deleted from secure storage.
-
Written certification is issued to the customer.
-
🔗 Related Article: Cybersecurity Incident & Breach Response Process
📊 NIST CSF 2.0 Alignment
Function | Example Practice |
---|---|
Identify (ID) | Accountability Chart defines compliance ownership |
Protect (PR) | Policies for retention, obliteration, and reporting |
Detect (DE) | Compliance issues logged in Jira/HubSpot |
Respond (RS) | Certificates of Destruction, customer notifications |
Recover (RC) | Review of retention/deletion processes in quarterly EOS reviews |
Govern (GV) | Management-approved compliance processes |