On October 20, 2025, a single DNS misconfiguration inside AWS triggered a ripple effect that brought portions of the internet to a crawl. From retail apps to healthcare platforms, systems buckled — not because of a cyberattack, but because of a routine infrastructure bug buried deep in a third-party provider. Many of the businesses affected weren’t even direct AWS customers.
For logistics leaders, the lesson is clear: You need a secure fulfillment platform that’s both a functioning part of your tech stack and part of your risk management strategy. And when that platform connects to a network of partners, APIs and infrastructure providers, it must be built to withstand whatever the ecosystem throws its way.
At OneRail, we’ve long recognized that building resilience means looking beyond our own stack. That’s why we pursued and achieved ISO 27001:2022 certification — the globally recognized standard for information security management. It’s our way of saying: Security is built into everything we do — not just our platform, but across the delivery ecosystem we support.
A Wake-Up Call: What Happened with AWS
The October 2025 AWS outage wasn’t the result of malicious code or a coordinated cyberattack — it was a bug. A timing glitch in the way AWS managed DNS records for its DynamoDB service led to the accidental removal of IP addresses that countless applications depended on. In seconds, core components of the internet began to fail.
The outage impacted a wide swath of industries (logistics, retail, fintech, healthcare and more), paralyzing customer-facing platforms and backend systems alike. According to industry analysts, insured business losses may reach as high as $581 million, not including unmeasured impacts like customer churn, SLA violations and reputational damage.
But perhaps the most sobering is that many of the companies affected weren’t even direct customers of AWS. They were connected through partners, platforms or APIs that relied on AWS in the background — an invisible dependency until it broke.
As WIRED noted in its coverage of the AWS outage, the incident reflects how deeply embedded and often invisible cloud infrastructure has become in the everyday workings of the internet.
The lesson is that it’s no longer enough to secure what you own. In today’s delivery ecosystem, third-party infrastructure failures can disrupt your business just as surely as a cyberattack.
Third-Party Risk Is Supply Chain Risk
When a package arrives late, customers don’t blame the API. They blame you.
That’s the unforgiving reality of logistics today. Behind every “out for delivery” notification is a complex web of cloud platforms, third-party carriers, middleware and data exchanges — all stitched together by real-time integrations. Fulfillment has evolved into a distributed ecosystem where your performance is only as strong as your weakest link.
And increasingly, that weakest link is outside your four walls.
Consider recent examples:
In September 2023, United Natural Foods Inc. (UNFI) suffered a major cyberattack that shut down key systems for days. Though it was the distributor, not the retailers, that was breached, grocers relying on UNFI for inventory and fulfillment felt the downstream effects immediately — including stockouts, missed deliveries and lost sales.
In early 2024, global retailer MUJI was forced to halt online sales after a ransomware attack hit one of its suppliers. Though MUJI wasn’t the direct target, the ripple effect disrupted customer-facing operations, underscoring just how exposed retailers can be to partner vulnerabilities.
These incidents reinforce the reality: Even when you’re not the one under attack, you can still suffer the consequences.
Your data flows across partners. Your systems depend on third-party APIs. Your customer experience hinges on infrastructure you don’t even own. And when just one of those layers falters, the business impact is immediate:
- Missed or delayed deliveries
- Data leakage or compliance exposure
- SLA violations and reputational damage
This is why supply chain data security must extend beyond internal controls. In the modern age, it’s about ensuring the trustworthiness of the entire ecosystem you operate within — from suppliers to platforms to infrastructure providers.
Why ISO 27001 Matters — Especially Now
In a world where third-party risk can ripple through an entire supply chain, ISO 27001 has become a necessity.
At its core, ISO 27001:2022 is a globally recognized standard for managing information security. It outlines how to build a holistic, organization-wide system for safeguarding data — across people, processes and technology.
What sets ISO 27001 apart is its depth. Certification requires:
- Thorough risk assessments across business functions
- Structured vendor and third-party reviews
- Access control policies that align with the principle of least privilege
- Documented incident-response plans and audit trails
- A culture of continuous improvement and measurable compliance
For logistics and fulfillment platforms like OneRail, this means ensuring every node in the delivery ecosystem (from integrations to partners) aligns with a high-security benchmark.
As OneRail Chief Information Security Officer Julius Tubbs put it:
“Security is built into everything we do at OneRail. Achieving ISO 27001:2022 certification reinforces our commitment to protecting customer data and delivering reliability at scale. In a time when AI and automation are transforming how businesses operate and how threats emerge, this certification validates that our safeguards and governance evolve with those changes.”
With ISO 27001, OneRail is helping customers scale delivery operations without scaling risk — even as ecosystems grow more complex and threats grow more sophisticated.
How OneRail Reduces Ecosystem Risk
Certification is just the starting point. At OneRail, security is embedded across the entire fulfillment stack — from platform architecture to driver networks, and every integration in between.
We’re proud to be ISO 27001:2022 certified, demonstrating our end-to-end commitment to information security. But we didn’t stop there — we also maintain SOC 2 Type II compliance, adding an extra layer of validation around how we manage data availability, confidentiality and integrity.
What sets OneRail apart is how deeply these controls are woven into the operation of our platform:
- OmniPoint® Real-Time Visibility Platform: Designed with security and redundancy built in, giving shippers transparency without compromising data integrity.
- Driver Network: With over 12 million drivers, every interaction is governed by strict data-access protocols and authentication layers.
- System Integrations & APIs: Every connection, whether to a WMS, ERP or eCommerce storefront, is reviewed, secured and monitored for anomalous behavior.
- Internal Workflows & Support Teams: Our 24/7 exceptions team operates under strict governance policies that ensure customer and partner data is always protected.
While no system can guarantee zero disruptions, we design our platform to contain risk, maintain visibility and recover fast. When events like the AWS outage occur, OneRail’s layered architecture and failover strategy ensure that customers remain in control — not in the dark.
What Supply Chain Leaders Should Ask Themselves
As fulfillment ecosystems grow more connected and more dependent on third-party infrastructure, supply chain leaders must ask themselves some hard questions:
- Do you know which vendors have access to your customer data?
- How is risk managed across your integrations and delivery partners?
- If a critical third-party fails, can your systems recover without disruption?
These are business continuity questions. Increasingly, they’re becoming questions of brand trust.
In logistics, it’s no longer enough to focus on speed or uptime. Your customers expect confidence — that their data is protected, their deliveries are on time and their experience won’t be derailed by the unseen failure of a partner’s partner.
At OneRail, ISO 27001:2022 certification is our framework for living up to those expectations. We strive to ensure our platform, our people and our partners are all aligned around the same goal: secure, scalable fulfillment built to withstand the unexpected.
Want to learn how OneRail builds secure fulfillment at scale? Schedule a demo.
