eXpress badging® enforces role-based access control for all systems, ensuring every team member and customer knows their cybersecurity responsibilities.
👤 Identity Management, Roles & Access Control in the Veonics® Ecosystem
Summary
eXpress badging® manages authentication and authorization through a documented identity lifecycle and a role-based accountability framework. This ensures each user has only the access they need, for as long as they need it, and no more. Security is aligned with NIST CSF 2.0 and enforced using both organizational processes and cloud technology.
🟢 Identity Lifecycle
🏗️ Provisioning
-
New users are created by designated Admins.
-
Accounts are tied to an organization in the Veonics® Portal hierarchy to ensure isolation.
-
Access follows least privilege principles.
🔑 Authentication
-
Unique credentials required for all users.
-
Strong password requirements; MFA available for Enterprise accounts.
-
Session timeouts default to 15 minutes (customer-configurable).
🛡️ Authorization
-
Role-based access restricts visibility and functions:
-
Admins – full oversight, obliteration rights, support functions.
-
Production Users – manage We Print accounts only.
-
Subscription Users – manage Subscription accounts only.
-
Customer Users – scoped to their organization’s hierarchy.
-
-
Unique Users Defined in Access Control & Remote Access Policy, and the matrix below.
📜 Change Management
-
All role changes require Admin User approval.
-
Logged and reviewed by Technical Operations.
⛔ Deactivation / Termination
-
Terminated accounts are removed within minutes.
-
Credentials are never reused.
-
Actions are documented in the audit trail.
📊 Monitoring & Logging
-
All activity logged by user ID.
-
Quarterly account reviews conducted via EOS Scorecards and SOC oversight.
👥 Security Roles & Responsibilities
| Role Type | Responsibilities | Restrictions |
|---|---|---|
| Computer Admin PC Users | Manage server folders (except Executive), system patching, backups, quarterly remediation | No access to customer SaaS accounts |
| General Employee PC Users | Cyber training, phishing reports, handle PII per policy, use assigned folders | No portable storage or local data copies |
| Executive PC Users | Approve policies, review incidents, own risk decisions | Must follow same restrictions as general users |
| Production Veonics Portal Users | Full We Print account management, PII handling, user status control | No Subscription account access |
| Subscription Veonics Portal Users | Full Subscription account management, PII handling, user status control | No Production account access |
| Admin Veonics Portal Users | Technical Support with dual access, manages obliteration, AWS access (with approval) | Strict compliance monitoring required |
| Dev-Partner Users | Full rights to QA environment, restricted test org in live portal | Cannot access production organizations |
| Customer Portal Users | Access scoped to their org hierarchy only | Cannot see outside their assigned org |
🛠️ Technology Enablers
-
Veonics® Portal – organizational hierarchy, role-based access, and audit logging.
-
AWS IAM – enforces encryption, identity separation, and access management.
-
Managed SOC – provides 24/7 monitoring and escalation.
-
Jira & HubSpot – manage identity change requests and incident workflow.
📊 NIST CSF 2.0 Alignment
| Function | Practices in Identity Lifecycle |
|---|---|
| Identify (ID) | User roles, organizational hierarchy |
| Protect (PR) | MFA, session timeout, least privilege |
| Detect (DE) | SOC monitoring, audit logs |
| Respond (RS) | Ticketed role changes, incident workflow |
| Recover (RC) | Immediate deactivation, credential rotation |
| Govern (GV) | Management-approved access control policy |