Application Access Governance
- Access to business and financial applications is provisioned through ticketed requests with documented approvals.
- Periodic user-access recertification reviews confirm access remains appropriate.
- Application change activity is tracked and evidenced for audit.
Framework Alignment: NIST CSF PR.AA; CIS Control 6; CMMC Level 1 (AC); SOC 1 Type II; GDPR Art. 32; ISO 27001:2022 A.8.3, A.5.18
Application Penetration Testing & Web Security
- Internet-facing applications undergo annual penetration testing by an external firm.
- Public-facing applications are subject to vulnerability assessment and remediation.
- A web application firewall (WAF) / secure proxy protects public-facing applications.
Framework Alignment: NIST CSF ID.RA; CIS Control 18, 16; GDPR Art. 32; ISO 27001:2022 A.8.29, A.8.26
Certificate & Secrets Management
- Encryption keys and certificates are managed through certificate-authority tooling and a central secrets manager.
- Secure tunnels and certificates govern connectivity to public-facing applications.
- Service-account credentials are vaulted and rotated.
Framework Alignment: NIST CSF PR.DS; CIS Control 16; GDPR Art. 32; ISO 27001:2022 A.8.24
Secure Development Lifecycle (SDLC)
- Software and product development follows an established Secure Development Lifecycle aligned to industry best practices, governed by a secure development policy.
- Security and infrastructure requirements are defined and aligned in the design phase for new applications (security “shift-left”).
- Secrets scanning is performed in code repositories, and application changes are managed through formal change control with documented approvals.
Framework Alignment: NIST CSF PR.PS; CIS Control 16; GDPR Art. 25, 32; ISO 27001:2022 A.8.25, A.8.28, A.8.4
Secure Integrations & Data-in-Transit
- System-to-system integrations are centrally managed and monitored under a secure-integrations policy.
- Data in transit is encrypted with strong, approved algorithms using secure key exchange.
- Connections to systems and applications are authorized and monitored.
Framework Alignment: NIST CSF PR.DS; CIS Control 3; GDPR Art. 32; ISO 27001:2022 A.5.14, A.8.24
For additional information and documentation, please submit a request.
The controls described in this portal are part of Odyssey Logistics’ security program and are in place across the organization. Across a large environment of modern and legacy systems, implementation may vary by application, and some legacy systems may not yet include every component described. These controls are our organizational standard and continue to be extended across the environment.
