The Veonics® Portal is a cloud-hosted SaaS solution powered by AWS (North Virginia). Since 2013, it has provided near-perfect uptime, strong encryption, and secure data segregation for all customers.
☁️ This article outlines our Cloud Security and Data Management policies to address client audit requirements and align with NIST CSF 2.0 and ISO 27001 principles.
🧩 Cloud Services
Are Cloud Services provided?
✅ Yes — The Veonics® Portal is delivered as a secure SaaS application hosted on AWS N. Virginia.
Is Scoped Data encrypted?
✅ Yes — Data and photos are encrypted in transit (TLS 1.2/1.3) and at rest (AES-256).
-
Supporting Evidence: AWS KMS/S3 encryption settings (generic AWS screenshot provided).
-
Reference: Security at a Glance
🔑 Key Management
Are clients provided with the ability to generate a unique encryption key?
⚖️ Context-dependent — By default, eXpress badging® manages encryption keys via AWS KMS. If necessary, Enterprise clients can request a dedicated instance where they manage their own keys and environment. This requires eXpress badging to create and maintain a separate instance, and involves significant costs and terms.
📋 Cloud Audit Program
Is there a cloud audit program?
✅ Yes — Security is validated via:
-
Quarterly Fortra VM vulnerability scans
-
Annual penetration testing
- Periodic manual observation of all organizations and users
-
AWS SOC 2/ISO 27001 certifications
Reference: Vulnerability Management & Remediation Process
🚨 Incident Response Status
Is there an online incident/outage portal?
⚠️ Internal only — AWS provides internal health dashboards. eXpress badging® notifies customers/express badging via our Incident Response process if an outage impacts services.
Application availability/uptime screenshots can be provided under NDA if required.
📞 Customer Contact
Is there a 24x7x365 staffed phone line for incidents?
❌ No — Customers report incidents via:
-
🌐 Contact Us form on our website
-
📞 Phone (business hours)
Enterprise clients may receive after-hours responses if personnel are available.
🧪 Penetration Testing
Are automated penetration tests performed?
✅ Yes — Regular penetration and vulnerability tests are conducted.
-
Supporting Documentation: Latest VAPT report available under NDA.
🗄️ Data Location & Storage
Can clients specify data location?
✅ Yes (with upgrade) — By default, all data is stored in AWS N. Virginia. Enterprise clients may upgrade to a dedicated instance (significant costs and terms apply) in a region of their choice.
Reference: System Architecture
🧩 Data Segmentation
Can eXpress badging® demonstrate data segmentation (subpoena/forensics)?
✅ Yes — Customers are segmented via the Veonics Portal organizational hierarchy. Each organization is isolated and cannot see beyond its assigned scope.
Supporting Documentation: Screenshot of Org Hierarchy layers.
⚖️ Legal Hold
Can clients place a legal hold?
✅ Yes — Clients may deactivate all of their users except one Super User, if access is required, but one eXpress badging Super User is required on the account.
-
Super User login is retained exclusively under client/court control.
-
Clients may also clone Card Groups (empty of data) to resume operations separately.
-
Reference: [Veonics Portal API Documentation].
👩💻 Cloud Access
Can clients list who from eXpress badging® has access?
✅ Yes — Limiting access to one eXpress badging Super User is available upon request, and will restrict the level of support to only this person. AWS staff may have access to and operate under AWS T&Cs, but cannot access raw customer data. Scoped Data is encrypted and segregated.
Are staff prevented from using non-managed devices?
❌ No — As a SaaS service, Veonics Portal can be accessed from any device with internet access.
⚠️ Enterprise clients may request IP/device restrictions at additional cost under a new feature cost development if required.
Are controls in place to prevent one client from compromising another?
✅ Yes — Enforced by organizational hierarchy (internal firewall segmentation/refer to the above image in data segregation).
🛡️ Customer Security Services
Can clients run their own security services within our cloud environment?
❌ No — The Veonics Portal is a managed SaaS platform, similar to HubSpot, not a customer-managed IaaS (Infrastructure as a Service).
🔄 Redundancy & Failover
Are failover sites on different supplier systems?
❌ No — We operate a single primary AWS instance with strong backup/restore capability.
-
Enterprise option: Dedicated instance or multi-region redundancy (additional cost).
Is there redundancy for peak loads in multi-tenancy?
❌ Not beyond existing AWS scaling. Custom redundancy may be provisioned under Enterprise agreements.
Reference: System Architecture
🧭 NIST CSF 2.0 Alignment
| Function | Cloud Control Examples |
|---|---|
| Identify (ID) | Scoped Data defined; org-level segmentation |
| Protect (PR) | Encryption in transit/at rest; access policies |
| Detect (DE) | VAPT, AWS monitoring |
| Respond (RS) | Incident response, customer notifications |
| Recover (RC) | Datto + AWS restore processes |
| Govern (GV) | Management-approved cloud policy, Enterprise upgrade options |
✅ Key Takeaways
-
Yes, Veonics® Portal is a secure, AWS-hosted SaaS service.
-
Yes, encryption is enforced at rest and in transit.
-
Yes, data segmentation prevents cross-client access.
-
Yes, legal holds are possible via Super User restrictions.
-
Yes, customers may upgrade for redundancy, region selection, or unique keys.
-
No, 24/7 staffed phone support is not provided — but support@expressbadging.com and after-hours escalation ensure coverage.