Asset Management & Lifecycle
- A centralized IT asset management system tracks hardware and software inventory across devices, with lifecycle management and check-in/check-out, extended to printers, IoT, and infrastructure.
- Software installation is controlled — local administrative rights are restricted and new installations are routed through the Help Desk — with software assets and licenses managed centrally.
- Hardware is standardized on approved models with a defined refresh lifecycle, and end-of-life operating systems are migrated before support deadlines.
Framework Alignment: NIST CSF ID.AM; CIS Control 1, 2; CMMC Level 1; GDPR Art. 32; ISO 27001:2022 A.5.9, A.8.19
Cloud Security & Cost Governance
- Cloud (infrastructure-as-a-service) environments are managed with active cost governance, monitoring, and controls.
- Endpoint detection and response coverage extends to cloud compute instances.
- Public-facing, cloud-hosted applications are isolated from the internal production network.
- Data-residency options are used where available to keep customer data within its region.
Framework Alignment: NIST CSF PR.IR, ID.AM; CIS Control 12, 15; GDPR Art. 32, 44-46; ISO 27001:2022 A.5.23
Infrastructure Automation & Change Control
- All production and dependent-system changes are governed by a change-management policy and tracked in a change-management system, reviewed and authorized by a Change Advisory Board (CAB) on a regular cadence.
- Change types are formally defined — standard, emergency, and recurring (pre-approved) — each with documented submission, approval, and review requirements; emergency changes require prompt documentation and retroactive CAB approval.
- Changes are scheduled against a master change calendar with published blackout/freeze periods, and infrastructure is provisioned through Infrastructure-as-Code for consistent, auditable deployments.
Framework Alignment: NIST CSF PR.PS; CIS Control 4; SOC 1 Type II; GDPR Art. 32; ISO 27001:2022 A.8.32, A.8.9
Patch & Vulnerability Management
- A patch-management capability uses a phased pilot-to-broad-release process to validate updates before enterprise rollout.
- Remediation follows severity-based service-level targets defined in the vulnerability and patch-management policy.
- Anti-malware and protection mechanisms are kept current with timely updates.
Framework Alignment: NIST CSF ID.RA, PR.PS; CIS Control 7; CMMC Level 1 (SI); GDPR Art. 32; ISO 27001:2022 A.8.8
Secure Configuration Baselines (Hardening)
- Cloud (infrastructure-as-a-service) environments are managed with active cost governance, monitoring, and controls.
- Endpoint detection and response coverage extends to cloud compute instances.
- Public-facing, cloud-hosted applications are isolated from the internal production network.
- Data-residency options are used where available to keep customer data within its region.
Framework Alignment: NIST CSF PR.IR, ID.AM; CIS Control 12, 15; GDPR Art. 32, 44-46; ISO 27001:2022
Secure Configuration Baselines (Hardening)
Secure baseline ('golden image') configurations are applied to workstations and servers, following CIS Benchmarks.
Legacy insecure protocols are deprecated across the environment.
Directory services are hardened against attack paths using identity attack-path assessment.
Framework Alignment: NIST CSF PR.PS; CIS Control 4; CMMC Level 1; GDPR Art. 32, 25; ISO 27001:2022 A.8.9
For additional information and documentation, please submit a request.
The controls described in this portal are part of Odyssey Logistics’ security program and are in place across the organization. Across a large environment of modern and legacy systems, implementation may vary by application, and some legacy systems may not yet include every component described. These controls are our organizational standard and continue to be extended across the environment.
