Contracting & Compliance
      Back to home
      1. Help Center
      2. Veonics® Portal Users Manual
      3. Contracting & Compliance

      Compliance Policies: Reporting, Records Retention & Data Destruction

      eXpress badging® maintains compliance and accountability through documented policies and processes

      📘 eXpress badging® maintains compliance and accountability through documented policies and processes that govern:

      • How employees report compliance or ethics concerns

      • How records (paper, electronic, and email) are retained and deleted

      • How customer confidential data is destroyed within defined timelines

      These processes are aligned with NIST CSF 2.0 and enforced as part of our EOS Accountability structure.

      📢 Ethics Reporting & Training

      • Employees are trained on compliance and ethics reporting as part of our Cybersecurity Training & Accountability Program.

      • Issues can be reported through:

        • Department Heads, who carry accountability within their teams.

        • Direct escalation to the Compliance Lead.

        • Anonymous reporting via flagged internal emails.

      • Compliance issues are tracked in Jira or HubSpot, and progress is reviewed in quarterly EOS Scorecards.

      🔗 Related Article: Cybersecurity Awareness Education and Training

      🗄️ Records Retention & Obliteration

      • Paper & electronic records are retained only as long as required by contract or regulation.

      • Emails with PII are auto-rejected and deleted — customers must use the Upload Center or the Veonics® Portal for submissions.

      • Veonics® Portal Data is obliterated 30 days after project completion or upon customer request.

      • Customers using the Veonics® Portal subscription are responsible for retention within their account, with automatic obliteration after license expiration.

      🔗 Related Article: Data Retention & Deletion

      🔒 Data Destruction & Certification

      • eXpress badging® destroys all customer confidential information within 30 calendar days unless otherwise specified by contract.

        • Examples are destroyed within the specified calendar days notification; 15 or 45-days.

      • Certificates of Destruction are available upon request and issued within 10 business days of acceptance.

      • Process:

        1. Scoped Data is obliterated from Veonics® Portal within 30 days.

        2. Local PII for We Print projects is deleted from secure storage.

        3. Written certification is issued to the customer.

      🔗 Related Article: Cybersecurity Incident & Breach Response Process

      📊 NIST CSF 2.0 Alignment

      Function Example Practice
      Identify (ID) Accountability Chart defines compliance ownership
      Protect (PR) Policies for retention, obliteration, and reporting
      Detect (DE) Compliance issues logged in Jira/HubSpot
      Respond (RS) Certificates of Destruction, customer notifications
      Recover (RC) Review of retention/deletion processes in quarterly EOS reviews
      Govern (GV) Management-approved compliance processes