This profile is a lighter version of the full security profile which is only available for partners who have an existing NDA in place.

The full version of the profile contains supporting policy, procedures, and evidence for questionnaires.  Please ask your Optilogic sales or other contact for a link to the full version of this security profile.

Security

Supply chain design activities often require the use of sensitive or confidential data to build models representing the real-world operations of a company’s supply chain. Optilogic takes the subject of cybersecurity very seriously and recognizes its responsibility to safeguard all customer and government data used in its cloud product, as well as any data provided directly to Optilogic consultants or other agents. Optilogic solutions take data describing the supply chain and how it operates to build models of potential future supply chain configurations to test which ones will perform best in the future expected business environment.

The data used for supply chain modeling is generally low sensitivity, it DOES NOT include any confidential information including any Health Insurance Portability and Accountability Act of 1996 (HIPAA), SSN or other Personally Identifiable Information (PII), credit card, or other Gramm-Leach-Bliley ACT (GLBA) data.

The scope of data expected for Optilogic projects DOES include the following:

• Information about Optilogic customer’s assets
  • Geographic information
  • Capacity and throughput data
  • Product information
• Information about Optilogic customer’s operations
  • Transportation carrier routes and rates
  • Business rules governing operations
  • Forecasted business growth projections
• Information about Optilogic customer’s customers
  • Geographic information
  • Order history

Optilogic has chosen to implement the United States Department of Defense information security standard known as the Cybersecurity Maturity Model Certification (CMMC 2.0) as the basis for its cybersecurity practices (https://dodcio.defense.gov/CMMC/). This framework has been developed by the Chief Information Officer of the Department of Defense and is designed to safeguard confidential data through a set of protocols and procedures that cover all aspects of cybersecurity.

Optilogic has assessed its controls and confirmed that it has fully implemented all required controls necessary to achieve CMMC 2.0 Level 1 compliance. Level 1 provides controls in six cybersecurity domains: Access Control, Identification and Authentication, Media Protection, Physical Protection, System and Communications Protections, and System and Information Integrity. While CMMC Level 1 compliance provides thorough protection of data, Optilogic is continuing to harden its cybersecurity posture by proceeding to implement CMMC Level 2 compliance. It is expected that Level 2 compliance will be achieved in late 2024. Optilogic's self-certification attestation letter is included in the documents provided below.

In addition, Optilogic is pursuing the SOC 2 certification which is less stringent than the CMMC certification, though it has a wider acceptance within the industry. Optilogic is working on a questionnaire to show compliance with the SOC 2 protocols, that document is expected to be included in this repository in early Q2 2024. Optilogic's plan is to achieve SOC 2 certification in Q4 of 2024.