Veonics® Portal Cloud Security & Data Management Policy

The Veonics® Portal is a cloud-hosted SaaS solution powered by AWS (North Virginia). Since 2013, it has provided near-perfect uptime, strong encryption, and secure data segregation for all customers.

☁️ This article outlines our Cloud Security and Data Management policies to address client audit requirements and align with NIST CSF 2.0 and ISO 27001 principles.


🧩 Cloud Services

Are Cloud Services provided?
✅ Yes — The Veonics® Portal is delivered as a secure SaaS application hosted on AWS N. Virginia.

Is Scoped Data encrypted?
✅ Yes — Data and photos are encrypted in transit (TLS 1.2/1.3) and at rest (AES-256).

  • Supporting Evidence: AWS KMS/S3 encryption settings (generic AWS screenshot provided).

    aws encryption screenshot
  • Reference: Security at a Glance


🔑 Key Management

Are clients provided with the ability to generate a unique encryption key?
⚖️ Context-dependent — By default, eXpress badging® manages encryption keys via AWS KMS. If necessary, Enterprise clients can request a dedicated instance where they manage their own keys and environment. This requires eXpress badging to create and maintain a separate instance, and involves significant costs and terms. 


📋 Cloud Audit Program

Is there a cloud audit program?
✅ Yes — Security is validated via:

  • Quarterly Fortra VM vulnerability scans

  • Annual penetration testing

  • Periodic manual observation of all organizations and users
  • AWS SOC 2/ISO 27001 certifications

Reference: Vulnerability Management & Remediation Process


🚨 Incident Response Status

Is there an online incident/outage portal?
⚠️ Internal only — AWS provides internal health dashboards. eXpress badging® notifies customers/express badging   via our Incident Response process if an outage impacts services.

Application availability/uptime screenshots can be provided under NDA if required.


📞 Customer Contact

Is there a 24x7x365 staffed phone line for incidents?
❌ No — Customers report incidents via:


🧪 Penetration Testing

Are automated penetration tests performed?
✅ Yes — Regular penetration and vulnerability tests are conducted.

  • Supporting Documentation: Latest VAPT report available under NDA.


🗄️ Data Location & Storage

Can clients specify data location?
✅ Yes (with upgrade) — By default, all data is stored in AWS N. Virginia. Enterprise clients may upgrade to a dedicated instance (significant costs and terms apply) in a region of their choice.

Reference: System Architecture


🧩 Data Segmentation

Can eXpress badging® demonstrate data segmentation (subpoena/forensics)?
✅ Yes — Customers are segmented via the Veonics Portal organizational hierarchy. Each organization is isolated and cannot see beyond its assigned scope.

Supporting Documentation: Screenshot of Org Hierarchy layers.

organization tree screenshot 1


⚖️ Legal Hold

Can clients place a legal hold?
✅ Yes — Clients may deactivate all of their users except one Super User, if access is required, but one eXpress badging Super User is required on the account.

  • Super User login is retained exclusively under client/court control.

  • Clients may also clone Card Groups (empty of data) to resume operations separately.

  • Reference: [Veonics Portal API Documentation].


👩‍💻 Cloud Access

Can clients list who from eXpress badging® has access?
✅ Yes — Limiting access to one eXpress badging Super User is available upon request, and will restrict the level of support to only this person. AWS staff may have access to and operate under AWS T&Cs, but cannot access raw customer data. Scoped Data is encrypted and segregated.

Are staff prevented from using non-managed devices?
❌ No — As a SaaS service, Veonics Portal can be accessed from any device with internet access.
⚠️ Enterprise clients may request IP/device restrictions at additional cost under a new feature cost development if required.

Are controls in place to prevent one client from compromising another?
✅ Yes — Enforced by organizational hierarchy (internal firewall segmentation/refer to the above image in data segregation).


🛡️ Customer Security Services

Can clients run their own security services within our cloud environment?
❌ No — The Veonics Portal is a managed SaaS platform, similar to HubSpot, not a customer-managed IaaS (Infrastructure as a Service).


🔄 Redundancy & Failover

Are failover sites on different supplier systems?
❌ No — We operate a single primary AWS instance with strong backup/restore capability.

  • Enterprise option: Dedicated instance or multi-region redundancy (additional cost).

Is there redundancy for peak loads in multi-tenancy?
❌ Not beyond existing AWS scaling. Custom redundancy may be provisioned under Enterprise agreements.

Reference: System Architecture


🧭 NIST CSF 2.0 Alignment

Function Cloud Control Examples
Identify (ID) Scoped Data defined; org-level segmentation
Protect (PR) Encryption in transit/at rest; access policies
Detect (DE) VAPT, AWS monitoring
Respond (RS) Incident response, customer notifications
Recover (RC) Datto + AWS restore processes
Govern (GV) Management-approved cloud policy, Enterprise upgrade options

✅ Key Takeaways

  • Yes, Veonics® Portal is a secure, AWS-hosted SaaS service.

  • Yes, encryption is enforced at rest and in transit.

  • Yes, data segmentation prevents cross-client access.

  • Yes, legal holds are possible via Super User restrictions.

  • Yes, customers may upgrade for redundancy, region selection, or unique keys.

  • No, 24/7 staffed phone support is not provided — but support@expressbadging.com and after-hours escalation ensure coverage.