Odyssey Logistics Assurance & Trust Portal is designed to provide customers, partners, and stakeholders with clear visibility into the strength and maturity of our cybersecurity and compliance program. Our security framework is aligned to the National Institute of Standards and Technology Cybersecurity Framework (NIST CSF), ensuring a structured, risk-based approach across the core functions of Identify, Protect, Detect, Respond, and Recover. Within the portal, visitors can review how these critical security program functions are operationalized through governance policies, technical safeguards, continuous monitoring, incident response planning, and third-party risk management. By organizing our controls and practices in alignment with NIST CSF, we provide transparency into how we manage cyber risk, protect sensitive data, and support resilient logistics operations for our global customers.
- Cloud & Platform Security
A patch-management capability uses a phased pilot-to-broad-release process to validate updates before enterprise rollout. Remediation follows severity-based service-level targets defined in the vulnerability and patch-management policy. Anti-malware and protection mechanisms are kept current with timely updates.
Framework Alignment: NIST CSF ID.RA, PR.PS; CIS Control 7; CMMC Level 1 (SI); GDPR Art. 32; ISO 27001:2022 A.8.8
- Data Protection & Privacy
A data classification policy defines how information is categorized, handled, and shared by value, sensitivity, criticality, and regulatory requirement. Access to sensitive data is limited to authorized users through role-based, least-privilege controls. Public-facing systems are architected to prevent disclosure of nonpublic information, with review and approval before public release.
Framework Alignment: NIST CSF PR.DS, ID.AM; CIS Control 3; CMMC Level 1 (AC); GDPR Art. 5, 25; ISO 27001:2022 A.5.12, A.5.13
- Data Protection & Privacy
Data at rest is encrypted with strong, industry-standard algorithms in the central cloud data platform and object storage. Data in transit is protected with strong encryption and secure key exchange. Encryption keys and certificates are managed securely.
Framework Alignment: NIST CSF PR.DS; CIS Control 3; GDPR Art. 32(1)(a); ISO 27001:2022 A.8.24
- Data Protection & Privacy
A data loss prevention (DLP) capability identifies and helps prevent unauthorized handling of sensitive content, with classification and auto-labeling continuing to roll out. Collaboration and file-sharing permissions are managed toward least privilege with external-sharing controls. Email is hardened against spoofing and impersonation with authentication controls (DMARC, DKIM, SPF) and automated …
Framework Alignment: NIST CSF PR.DS; CIS Control 3, 9; GDPR Art. 32; ISO 27001:2022 A.8.12
- Data Protection & Privacy
Critical systems and data are backed up with cross-region replication and immutable, encrypted storage. Recovery procedures are documented and tested, including periodic recovery testing. A disaster recovery plan defines priority applications and recovery objectives (RTO/RPO) and is independently reviewed.
Framework Alignment: NIST CSF RC.RP, PR.IR; CIS Control 11; GDPR Art. 32(1)(c); ISO 27001:2022 A.8.13, A.8.14
- Data Protection & Privacy
Media is sanitized or destroyed before disposal or reuse, following NIST SP 800-88 guidance. Data retention and deletion are governed by policy, and legal-hold and eDiscovery capabilities support litigation readiness. Audit logs are retained in line with regulatory requirements.
Framework Alignment: NIST CSF PR.DS; CIS Control 3; CMMC Level 1 (MP); GDPR Art. 5(1)(e), 17; ISO 27001:2022 A.8.10, A.7.14, A.5.33
- Data Protection & Privacy
Privacy accountability sits at the executive level, with the CIO and CDO serving as the organization's privacy leadership. Privacy-incident escalation and notification procedures are defined within the incident response and disaster recovery plans, covering escalation paths and notification obligations. A privacy notice is published describing how personal information is collected, …
Framework Alignment: NIST CSF GV.OC, GV.RR; GDPR Art. 37-39, 33/34, 12-14; ISO 27001:2022 A.5.34, A.5.31
- Data Protection & Privacy
A business continuity plan aligned to business operations sustains critical functions during disruption, with emphasis on customer awareness and communication. Continuity scenarios are exercised through tabletop simulations that evaluate and refine plan and policy material. Continuity provisions include alternate work arrangements for affected personnel.
Framework Alignment: NIST CSF RC.RP, PR.IR; CIS Control 11; GDPR Art. 32(1)(b)(c); ISO 27001:2022 A.5.29, A.5.30
- Endpoint & Device Security
Endpoint detection and response (EDR) is deployed across the workstation and server fleet, replacing legacy antivirus, with coverage extended to cloud compute. Detections are monitored and triaged; layered malicious-code protection spans email, web, servers, and endpoints. Real-time and periodic scanning detect and remediate malicious activity.
Framework Alignment: NIST CSF DE.CM, PR.PS; CIS Control 10; CMMC Level 1 (SI); GDPR Art. 32; ISO 27001:2022 A.8.7
- Endpoint & Device Security
Endpoints follow hardened, CIS-aligned baseline builds, and local administrator passwords are uniquely managed. Mobile and endpoint device management enforces configuration and enables remote response. Operational and field devices (driver tablets, handheld scanners) are centrally managed with configuration enforcement and remote wipe.
Framework Alignment: NIST CSF PR.PS; CIS Control 4; GDPR Art. 32; ISO 27001:2022 A.8.1
The controls described in this portal are part of Odyssey Logistics’ security program and are in place across the organization. Across a large environment of modern and legacy systems, implementation may vary by application, and some legacy systems may not yet include every component described. These controls are our organizational standard and continue to be extended across the environment.
