Contracting & Compliance
      Back to home
      1. Help Center
      2. Veonics® Portal Users Manual
      3. Contracting & Compliance

      Vulnerability Management Remediation Process

      At Express Badging®, safeguarding customer data is a top priority. To maintain the highest levels of security, we conduct regular vulnerability and penetration assessments using Fortra Vulnerability Management (VM). 

      Our remediation program aligns with industry-recognized standards, including the NIST Cybersecurity Framework (CSF 2.0) and ISO/IEC 27001 controls, ensuring that risks are identified, prioritized, and addressed in a structured, standards-driven manner. This approach provides our customers with confidence that their data is protected under a governance model that meets modern compliance expectations.

      Vulnerability Management (VM) is the ongoing process of identifying, evaluating, prioritizing, and remediating security weaknesses across an organization’s technology environment. It involves regular scanning of servers, applications, devices, and networked equipment to detect known vulnerabilities, misconfigurations, or outdated software that could be exploited by attackers.

      How Our Remediation Process Works

      1. Review of the Fortra VM Report

        • Each quarter, we run a full vulnerability and penetration scan across our systems.

        • The report provides a prioritized list of findings based on severity (High, Medium, Low, Informational).

      2. Analysis of Findings

        • Our cybersecurity and IT team reviews each item for relevance and potential impact.

        • Vulnerabilities that require addressing are assigned a support ticket in our HubSpot system, assigned to an employee, and remain open until closed.
        • Vulnerabilities that apply only to unused services or isolated systems are documented within a ticket as “acceptable risk” and closed.

      3. Prioritization by Severity

        • High Severity issues (e.g., SNMP misconfigurations, exposed services) are remediated immediately.

        • Medium Severity issues (e.g., protocol or configuration weaknesses) are resolved within 30 days.

        • Low Severity and Best Practice issues (e.g., weak ciphers, legacy protocols) are addressed in regular maintenance cycles.

      4. Remediation Actions

        • Examples of fixes include:

          • Disabling outdated protocols (TLS 1.0/1.1, SMBv1).

          • Replacing expired or weak SSL/TLS certificates.

          • Updating firmware on network devices and printers.

          • Enforcing stronger authentication and encryption settings.

      5. Validation and Reporting

        • After changes are made, we re-run scans to confirm issues are resolved.

        • Results are documented for compliance and customer assurance.

      Our Commitment

      • No customer data has ever been breached in our history.

      • We follow best practices from NIST Cybersecurity Framework (CSF 2.0) and vendor hardening guides.

      • If/when it happens, we will follow our breach process until it is completed.