Contracting & Compliance
      Back to home
      1. Help Center
      2. Veonics® Portal Users Manual
      3. Contracting & Compliance

      Scoped Systems and Data Controls

      Reasonable physical security and environmental controls are present in the facilities that host Scoped Systems and Data.

      For cloud-hosted systems, we inherit AWS’s audited data-center controls (physical access logging/monitoring, layered protection, and environmental safeguards) and combine them with our own application, identity, and operational security measures.

      Data may be brought into the theeXpress badging server network for various reasons such as data cleanup, sorting, merging, parsing, etc., and our facility has hardened controls securing access.

      🌐 AWS Cloud Facility Controls (US East – N. Virginia)

      Where customer data lives: All production Veonics® Portal data is hosted in AWS US East (N. Virginia). We rely on AWS’s audited physical and environmental controls for the facilities (“security of the cloud”) and implement our own application, identity, and data controls on top (“security in the cloud”) per the AWS Shared Responsibility Model. Amazon Web Services, Inc.

      What AWS provides (summarized)

      • Layered physical security from the perimeter inward (guards, fencing, CCTV, intrusion detection, badge/biometric checkpoints; access is strictly approved, logged, monitored, and retained). Amazon Web Services, Inc.+1

      • Environmental safeguards (power redundancy/UPS, fire detection & suppression, climate control) as part of AWS’s standardized data-center hardening. Amazon Web Services, Inc.

      • Independent audits & attestations (SOC 1/2/3, ISO/IEC programs, PCI DSS, FedRAMP where applicable). The SOC 3 report is public; additional detailed reports (SOC 2, PCI AOC) are available via AWS Artifact. Amazon Web Services, Inc.+1AWS Static

      • Global infrastructure resilience with multiple Availability Zones in a Region to maximize continuity and recovery options. Amazon Web Services, Inc.

      Assurance note: AWS publicly documents its data-center controls and compliance programs; customers inherit those controls for workloads in Regions such as US East (N. Virginia). Amazon Web Services, Inc.

      What eXpress badging® provides on top

      • No customer data in our building security system. Building cameras/locks protect premises only; customer PII and badge data are not stored in those systems.

      • Customer data stored within our local network is protected by operational and physical  security measures.

      • Operational security (vulnerability scanning via Fortra VM, quarterly remediation, incident response, risk assessments) as documented in our KB.

      • Physical office controls (key management, camera coverage, lock schedules) where our staff work with endpoints—separate from AWS facilities.

      • Application and identity controls in the Veonics® Portal (encryption in transit/at rest, role-based access, least privilege, logging, periodic reviews).

      Last Update: 8/30/2025