Security Roles & Responsibilities in the Veonics® Ecosystem

eXpress badging® enforces role-based access control for all systems, ensuring every team member and customer knows their cybersecurity responsibilities.

Access: All server folders except Executive.
Responsibilities:
- System security, patching, and monitoring.
- Backups and recovery testing.
- Quarterly assessments and remediations.

Access: Assigned folders only.
Responsibilities:
- Complete cybersecurity training.
- Report phishing and suspicious activity.
- Handle PII securely; never copy to personal devices.
- Portable storage devices are strictly prohibited.

Access: All server folders.
Responsibilities:
- Approve policies and oversee risk management.
- Review security incidents.
- Abide by General Employee responsibilities and restrictions.

Assigned to production staff.
Permissions: Create orgs, manage records, batch imports, add/update badge data, manage user status.
Restrictions:
- Access limited to We Print accounts only.
- No access to Subscription accounts (must use separate login).
- Obliteration disabled — must request Admin Portal User via ticket for tracking.

Assigned to sales and leadership employees.
Permissions: Create orgs, manage records, batch imports, add/update badge data, manage user status.
Restrictions:
- Access limited to Subscription accounts only.
- No access to Production accounts (must use separate login).
- Obliteration disabled — must request Admin Portal User via ticket.

Assigned to technical support staff.
Permissions: Access to both Production and Subscription accounts.
Responsibilities:
- Complete obliteration tickets.
- Manage user status (create, deactivate, delete).
- AWS instance access upon approval.
Restrictions: Stricter compliance controls, unique credentials, monitored activity.

Assigned to approved development partners.
Permissions: Full access to QA instances.
Restrictions:
- Live Portal access limited to a test-only organization.
- Cannot access customer orgs in the hierarchy tree.
- AWS instance access requires Executive approval.

Access limited to their own organization hierarchy.
Isolation enforced: Cannot see other organizations outside of their assigned scope.

Terminations: Accounts are disabled within minutes of HR or direct manager confirmation. Employees return all assigned equipment, and access to PCs, servers, and Veonics® Portal accounts is revoked. If building access is assigned, access privileges are revoked as well.
Change of Status: Role changes trigger a security review. Permissions are adjusted to the new job function using role-based access controls (least privilege).
Tracking: Changes are documented with in HR Records and logged for accountability.
Portal Controls: User status (creation, inactivation, deactivation, and deletion) is managed in the Veonics® Portal and restricted to authorized Admin Users.

Every user is assigned to a role with defined permissions and restrictions.
Least privilege is enforced — users only access what they need to perform their job.
Obliteration (secure deletion) is restricted to Admin Portal Users under a ticketing process.
Activities are logged and auditable, ensuring accountability at every level.

Last Updated: 08/29/2025