Odyssey Logistics Assurance & Trust Portal is designed to provide customers, partners, and stakeholders with clear visibility into the strength and maturity of our cybersecurity and compliance program. Our security framework is aligned to the National Institute of Standards and Technology Cybersecurity Framework (NIST CSF), ensuring a structured, risk-based approach across the core functions of Identify, Protect, Detect, Respond, and Recover. Within the portal, visitors can review how these critical security program functions are operationalized through governance policies, technical safeguards, continuous monitoring, incident response planning, and third-party risk management. By organizing our controls and practices in alignment with NIST CSF, we provide transparency into how we manage cyber risk, protect sensitive data, and support resilient logistics operations for our global customers.
- Third Party & Supply Chain Risk
A defined external-workforce lifecycle framework governs contractor access. Remote and third-party access is restricted to compliant devices through Zero Trust and conditional-access controls. Third-party IT service delivery is consolidated into a single, tiered model with service-level agreements for consistent security enforcement.
Framework Alignment: NIST CSF GV.SC, PR.AA; CIS Control 6, 15; CMMC Level 1 (AC); GDPR Art. 28; ISO 27001:2022 A.5.19, A.5.22
- Third Party & Supply Chain Risk
Independent penetration tests, red-team exercises, and a third-party program review validate controls. An external cyber-insurer continuously and independently monitors security posture. Customer and vendor security questionnaires are supported by a dedicated GRC function for consistent, sourced responses.
Framework Alignment: NIST CSF GV.SC; CIS Control 15; SOC 1 Type II; GDPR Art. 28; ISO 27001:2022 A.5.35
The controls described in this portal are part of Odyssey Logistics’ security program and are in place across the organization. Across a large environment of modern and legacy systems, implementation may vary by application, and some legacy systems may not yet include every component described. These controls are our organizational standard and continue to be extended across the environment.
