24/7 Managed Detection & Response (SOC / SIEM)
- A managed detection and response (MDR) capability provides continuous, around-the-clock monitoring, threat hunting, and escalation.
- Security telemetry from firewalls, intrusion detection/prevention, endpoints, and cloud is aggregated and correlated centrally (SIEM).
- Logs and critical files are protected from tampering and retained per policy.
Framework Alignment: NIST CSF DE.CM, DE.AE; CIS Control 8, 13; CMMC Level 1 (SI); GDPR Art. 32; ISO 27001:2022 A.8.15, A.8.16
Continuous Vulnerability & Posture Management
- Vulnerability scanning runs continuously with risk-based prioritization and remediation timelines.
- Security posture is measured against standardized configuration and exposure benchmarks.
- External attack-surface monitoring provides an independent, ongoing view of exposure.
Framework Alignment: NIST CSF ID.RA, DE.CM; CIS Control 7; CMMC Level 1 (SI); GDPR Art. 32(1)(d); ISO 27001:2022 A.8.8
Incident Communication & Service Status
- A documented process governs communication during high-priority production incidents and outages, with internal legal and executive escalation required before any external disclosure.
- External notifications align with applicable state and federal legal requirements; regulatory and breach-notification obligations are governed by the incident response plan.
- The process defines timely initial notification, regular status updates through resolution, and a structured post-incident root-cause analysis.
Framework Alignment: NIST CSF RS.CO, RC.CO; CIS Control 17; SOC 1 Type II; GDPR Art. 33, 34; ISO 27001:2022 A.5.26, A.5.5
Incident Response & Recovery
- A formal incident response plan defines a response team, roles, escalation, and pre-approved containment actions, with playbooks for common scenarios.
- The plan is independently reviewed and exercised through executive tabletop exercises.
- Incidents are categorized by impact, with reporting and escalation that includes legal.
Framework Alignment: NIST CSF RS.MA, RS.MI; CIS Control 17; GDPR Art. 33, 34; ISO 27001:2022 A.5.24, A.5.26, A.5.27
Threat Detection & Containment
- Layered controls detect and block malicious sign-ins and applications through conditional access, endpoint detection and response, and security monitoring.
- A defined process triages, contains, and remediates security alerts.
- Detection coverage is mapped to adversary tactics and techniques and reviewed regularly.
Framework Alignment: NIST CSF DE.CM, RS.MI; CIS Control 13; GDPR Art. 32; ISO 27001:2022 A.8.16, A.5.25
Threat Intelligence & Independent Validation
- Sector-specific threat intelligence informs prioritization of security investment.
- External penetration testing and red-team exercises validate controls under adversarial conditions.
- An independent third-party program review periodically assesses effectiveness.
Framework Alignment: NIST CSF ID.RA; CIS Control 18; GDPR Art. 32(1)(d); ISO 27001:2022 A.5.7, A.5.35
For additional information and documentation, please submit a request.
The controls described in this portal are part of Odyssey Logistics’ security program and are in place across the organization. Across a large environment of modern and legacy systems, implementation may vary by application, and some legacy systems may not yet include every component described. These controls are our organizational standard and continue to be extended across the environment.
