Odyssey Logistics Assurance & Trust Portal is designed to provide customers, partners, and stakeholders with clear visibility into the strength and maturity of our cybersecurity and compliance program. Our security framework is aligned to the National Institute of Standards and Technology Cybersecurity Framework (NIST CSF), ensuring a structured, risk-based approach across the core functions of Identify, Protect, Detect, Respond, and Recover. Within the portal, visitors can review how these critical security program functions are operationalized through governance policies, technical safeguards, continuous monitoring, incident response planning, and third-party risk management. By organizing our controls and practices in alignment with NIST CSF, we provide transparency into how we manage cyber risk, protect sensitive data, and support resilient logistics operations for our global customers.
- Physical Security
Facilities are protected against fire, water damage, vandalism, and other location-specific threats. Uninterruptible power supplies and surge protection guard against power disruptions and voltage events. A clear-desk and clear-screen policy is enforced organization-wide.
Framework Alignment: NIST CSF PR.IR; GDPR Art. 32(1)(b); ISO 27001:2022 A.7.5, A.7.11, A.7.7
- Physical Security
Production infrastructure is hosted in a contracted, secured colocation data center with restricted, documented access. Physical assets are inventoried and access restricted to authorized personnel in owned facilities and third-party hosting locations. Media and equipment are physically secured, and a documented physical-security incident process is in place.
Framework Alignment: NIST CSF PR.AA, ID.AM; CMMC Level 1 (PE); GDPR Art. 32, 28; ISO 27001:2022 A.7.3, A.7.8
- SOC & Threat Management
A managed detection and response (MDR) capability provides continuous, around-the-clock monitoring, threat hunting, and escalation. Security telemetry from firewalls, intrusion detection/prevention, endpoints, and cloud is aggregated and correlated centrally (SIEM). Logs and critical files are protected from tampering and retained per policy.
Framework Alignment: NIST CSF DE.CM, DE.AE; CIS Control 8, 13; CMMC Level 1 (SI); GDPR Art. 32; ISO 27001:2022 A.8.15, A.8.16
- SOC & Threat Management
Vulnerability scanning runs continuously with risk-based prioritization and remediation timelines. Security posture is measured against standardized configuration and exposure benchmarks. External attack-surface monitoring provides an independent, ongoing view of exposure.
Framework Alignment: NIST CSF ID.RA, DE.CM; CIS Control 7; CMMC Level 1 (SI); GDPR Art. 32(1)(d); ISO 27001:2022 A.8.8
- SOC & Threat Management
A formal incident response plan defines a response team, roles, escalation, and pre-approved containment actions, with playbooks for common scenarios. The plan is independently reviewed and exercised through executive tabletop exercises. Incidents are categorized by impact, with reporting and escalation that includes legal.
Framework Alignment: NIST CSF RS.MA, RS.MI; CIS Control 17; GDPR Art. 33, 34; ISO 27001:2022 A.5.24, A.5.26, A.5.27
- SOC & Threat Management
Layered controls detect and block malicious sign-ins and applications through conditional access, endpoint detection and response, and security monitoring. A defined process triages, contains, and remediates security alerts. Detection coverage is mapped to adversary tactics and techniques and reviewed regularly.
Framework Alignment: NIST CSF DE.CM, RS.MI; CIS Control 13; GDPR Art. 32; ISO 27001:2022 A.8.16, A.5.25
- SOC & Threat Management
Sector-specific threat intelligence informs prioritization of security investment. External penetration testing and red-team exercises validate controls under adversarial conditions. An independent third-party program review periodically assesses effectiveness.
Framework Alignment: NIST CSF ID.RA; CIS Control 18; GDPR Art. 32(1)(d); ISO 27001:2022 A.5.7, A.5.35
- SOC & Threat Management
A documented process governs communication during high-priority production incidents and outages, with internal legal and executive escalation required before any external disclosure. External notifications align with applicable state and federal legal requirements; regulatory and breach-notification obligations are governed by the incident response plan. The process defines timely initial notification, regular …
Framework Alignment: NIST CSF RS.CO, RC.CO; CIS Control 17; SOC 1 Type II; GDPR Art. 33, 34; ISO 27001:2022 A.5.26, A.5.5
- Third Party & Supply Chain Risk
A third-party risk-management program is maintained under a dedicated policy, with defined roles and processes. External system connections are identified, verified, and controlled, and third parties are expected to meet security requirements. Vendors handling sensitive data are governed by non-disclosure agreements and security expectations.
Framework Alignment: NIST CSF GV.SC; CIS Control 15; CMMC Level 1 (AC); GDPR Art. 28; ISO 27001:2022 A.5.19, A.5.20, A.5.21
- Third Party & Supply Chain Risk
Background checks (screening/vetting) are performed on personnel who access or process confidential information. Contracted personnel sign non-disclosure agreements before access to systems or premises is granted. Formal offboarding ensures asset return and prompt access removal for departing staff and contractors.
Framework Alignment: NIST CSF GV.SC; CIS Control 15; GDPR Art. 28, 32; ISO 27001:2022 A.6.1, A.6.6
The controls described in this portal are part of Odyssey Logistics’ security program and are in place across the organization. Across a large environment of modern and legacy systems, implementation may vary by application, and some legacy systems may not yet include every component described. These controls are our organizational standard and continue to be extended across the environment.
