Odyssey Logistics Assurance & Trust Portal is designed to provide customers, partners, and stakeholders with clear visibility into the strength and maturity of our cybersecurity and compliance program. Our security framework is aligned to the National Institute of Standards and Technology Cybersecurity Framework (NIST CSF), ensuring a structured, risk-based approach across the core functions of Identify, Protect, Detect, Respond, and Recover. Within the portal, visitors can review how these critical security program functions are operationalized through governance policies, technical safeguards, continuous monitoring, incident response planning, and third-party risk management. By organizing our controls and practices in alignment with NIST CSF, we provide transparency into how we manage cyber risk, protect sensitive data, and support resilient logistics operations for our global customers.
- Application & Integration Security
Software and product development follows an established Secure Development Lifecycle aligned to industry best practices, governed by a secure development policy. Security and infrastructure requirements are defined and aligned in the design phase for new applications (security “shift-left”). Secrets scanning is performed in code repositories, and application changes are managed …
Framework Alignment: NIST CSF PR.PS; CIS Control 16; GDPR Art. 25, 32; ISO 27001:2022 A.8.25, A.8.28, A.8.4
- Application & Integration Security
Internet-facing applications undergo annual penetration testing by an external firm. Public-facing applications are subject to vulnerability assessment and remediation. A web application firewall (WAF) / secure proxy protects public-facing applications.
Framework Alignment: NIST CSF ID.RA; CIS Control 18, 16; GDPR Art. 32; ISO 27001:2022 A.8.29, A.8.26
- Application & Integration Security
System-to-system integrations are centrally managed and monitored under a secure-integrations policy. Data in transit is encrypted with strong, approved algorithms using secure key exchange. Connections to systems and applications are authorized and monitored.
Framework Alignment: NIST CSF PR.DS; CIS Control 3; GDPR Art. 32; ISO 27001:2022 A.5.14, A.8.24
- Application & Integration Security
Access to business and financial applications is provisioned through ticketed requests with documented approvals. Periodic user-access recertification reviews confirm access remains appropriate. Application change activity is tracked and evidenced for audit.
Framework Alignment: NIST CSF PR.AA; CIS Control 6; CMMC Level 1 (AC); SOC 1 Type II; GDPR Art. 32; ISO 27001:2022 A.8.3, A.5.18
- Application & Integration Security
Encryption keys and certificates are managed through certificate-authority tooling and a central secrets manager. Secure tunnels and certificates govern connectivity to public-facing applications. Service-account credentials are vaulted and rotated.
Framework Alignment: NIST CSF PR.DS; CIS Control 16; GDPR Art. 32; ISO 27001:2022 A.8.24
- Cloud & Platform Security
- Endpoint & Device Security
A centralized IT asset management system tracks hardware and software inventory across devices, with lifecycle management and check-in/check-out, extended to printers, IoT, and infrastructure. Software installation is controlled — local administrative rights are restricted and new installations are routed through the Help Desk — with software assets and licenses managed …
Framework Alignment: NIST CSF ID.AM; CIS Control 1, 2; CMMC Level 1; GDPR Art. 32; ISO 27001:2022 A.5.9, A.8.19
- Cloud & Platform Security
Cloud (infrastructure-as-a-service) environments are managed with active cost governance, monitoring, and controls. Endpoint detection and response coverage extends to cloud compute instances. Public-facing, cloud-hosted applications are isolated from the internal production network. Data-residency options are used where available to keep customer data within its region.
Framework Alignment: NIST CSF PR.IR, ID.AM; CIS Control 12, 15; GDPR Art. 32, 44-46; ISO 27001:2022 A.5.23
- Cloud & Platform Security
Cloud (infrastructure-as-a-service) environments are managed with active cost governance, monitoring, and controls. Endpoint detection and response coverage extends to cloud compute instances. Public-facing, cloud-hosted applications are isolated from the internal production network. Data-residency options are used where available to keep customer data within its region.
Framework Alignment: NIST CSF PR.IR, ID.AM; CIS Control 12, 15; GDPR Art. 32, 44-46; ISO 27001:2022
- Cloud & Platform Security
Secure baseline ('golden image') configurations are applied to workstations and servers, following CIS Benchmarks. Legacy insecure protocols are deprecated across the environment. Directory services are hardened against attack paths using identity attack-path assessment.
Framework Alignment: NIST CSF PR.PS; CIS Control 4; CMMC Level 1; GDPR Art. 32, 25; ISO 27001:2022 A.8.9
- Cloud & Platform Security
All production and dependent-system changes are governed by a change-management policy and tracked in a change-management system, reviewed and authorized by a Change Advisory Board (CAB) on a regular cadence. Change types are formally defined — standard, emergency, and recurring (pre-approved) — each with documented submission, approval, and review requirements; …
Framework Alignment: NIST CSF PR.PS; CIS Control 4; SOC 1 Type II; GDPR Art. 32; ISO 27001:2022 A.8.32, A.8.9
The controls described in this portal are part of Odyssey Logistics’ security program and are in place across the organization. Across a large environment of modern and legacy systems, implementation may vary by application, and some legacy systems may not yet include every component described. These controls are our organizational standard and continue to be extended across the environment.
