The ODP Corporation is committed to creating and maintaining the highest standards of data security. To that end, we have a comprehensive approach to information security and risk mitigation. This includes vigorously protecting customer personally identifiable information (PII) and company confidential information. Compliance with all applicable laws, rules, and regulations pertaining to collection, storage, and destruction of PII and confidential information is a critical component of this commitment.
The ODP Corporation has enacted company policies to help protect our customers and our company, including a policy prohibiting the public release of any information that could compromise the security of our environment or violate The ODP Corporation’s contractual or legal obligations.
Third-Party Attestations:
- Payment Card Industry Data Security (PCI DSS) Compliance
This standard demonstrates our ongoing commitment to data protection and security by creating compliance guidelines for all credit card information to be handled with the utmost care and precaution. Our compliance with PCI DSS includes an annual audit by a Qualified Security Assessor (QSA), regularly updating and testing our systems, maintaining network security protocols, and following strict access controls to protect confidential data.
We understand the importance of providing our customers with peace of mind with respect to data security and remain dedicated to delivering the highest quality of service. We will continue to maintain our compliance with PCI DSS and can provide customers with our Attestation of Compliance (AOC) on an annual basis.
- IT General Controls Audit
The Company’s IT General Controls are audited annually, and an external auditor's Opinion on Internal Control over Financial Reporting is issued in the Company Form 10-K which can be found here: https://investor.theodpcorp.com/
ODP Business Solutions, LLC has established a Service Organization Control 2 (SOC2) program for our organization. This program is designed to demonstrate our ongoing commitment to data security and provide added assurance to our customers and stakeholders. The SOC2 program demonstrates our focus on data security by providing an independent, third-party assessment of our security controls over a period of time.
With this program in place, we believe our customers can rest easy knowing our organization is continually working to improve our security posture and protect their data. The SOC2 program also enables us to meet the increasing demands of regulatory requirements and industry standards by improving our overall governance and risk management strategies. We are confident that this program will provide peace of mind to our customers. The report can be provided to customers on an annual basis.