Contracting & Compliance
      Back to home
      1. Help Center
      2. Veonics® Portal Users Manual
      3. Contracting & Compliance

      Vulnerability Assessments, Penetration Testing & Remediation

      eXpress badging® performs continuous vulnerability management and periodic penetration testing using Fortra Vulnerability Management (VM) tools.

      🛡️ Identified risks are triaged, tracked, and remediated on a quarterly cycle in alignment with industry standards (NIST CSF 2.0 / ISO 27001).

      🔍 Vulnerability Management Program

      • Fortra VM Solution

        • Scans our cloud and network environments for known vulnerabilities.

        • Identifies misconfigurations, outdated software, or exploitable components.

        • Assigns risk levels (Critical, High, Medium, Low) to each finding.

      • Scope of Testing

        • Application-level vulnerabilities.

        • Network device exposures (including badge printers, servers, endpoints).

        • Cloud infrastructure vulnerabilities in AWS.

      • Frequency

        • Continuous scanning.

        • Formal reviews held quarterly with leadership and IT.

      🧪 Penetration Testing

      • External penetration testing is conducted using the Fortra VM platform and validated by our IT and security partners.

      • Simulated attacks mirror real-world threat activity (phishing, lateral movement, known exploit attempts).

      • Reports are documented, reviewed internally, and shared with customers under mutual NDA.

      🔄 Quarterly Remediation Process

      1. Identification – Fortra VM scans flag vulnerabilities and produce risk-ranked reports.

      2. Analysis & Assignment – IT/Security Lead reviews findings, creates issue tickets,  and assigns owners.

      3. Remediation – Patches, configuration changes, or mitigations applied and tracked.

      4. Verification – Re-scan confirms closure; updates are logged to issue tickets until they are resolved.

      5. Reporting – Quarterly summary presented to leadership; critical issues escalated immediately.

      📑 Proof of Scan Requests

      To balance transparency with security, eXpress badging® follows these guidelines for providing scan evidence:

      • Not Standard Practice: Proof of scans and raw reports are not released as part of routine operational requests.

      • Eligibility: Only customers with an Enterprise Veonics® Portal Account and a mutual NDA in place may request redacted proof of scans.

      • Format: A security-redacted version of the VAPT report will be provided. Sensitive details (e.g., IP addresses, internal configurations) are removed to protect platform security.

      • Process: Requests must be made formally through the account manager.

      • Timeline: Reports may take up to 30 days to process and deliver.

      📖 Related Documentation

      ✅ Key Takeaways

      • eXpress badging® uses Fortra VM for vulnerability and penetration testing.

      • Risks are remediated quarterly, with critical issues handled immediately.

      • Proof of scans is available only for Enterprise customers under NDA and may take up to a month to process.

      Last Updated: 08/29/2025