An unmapped OT system makes any subsequent analysis unreliable
When working on an existing machine, on systems intended for non-EU markets or at preliminary stages not related to CE marking, the priority is to understand how the OT system is structured and how it is managed over time. Layered configurations, low-visibility assets and inconsistent operational practices make any subsequent assessment — whether technical or regulatory — difficult to carry out.
The OT Cyber System Overview is designed to provide a clear and structured view of the automation and control systems of an industrial machine, bringing order to perimeter, assets, architecture and basic operational practices.
When is it needed
The service is particularly indicated when:
- Existing or already operational machines are being analysed;
- The machine is intended for non-EU markets;
- A preliminary analysis not aimed at CE marking is required;
- A structured view of OT systems, roles and operational responsibilities is lacking.
How the assessment is carried out
The activity is descriptive and structural in nature:
- Definition of the OT perimeter of the machine;
- Mapping of the main OT assets;
- High-level analysis of the command system architecture;
- Review of access methods and operational practices;
- Review of fundamental OT cybersecurity practices.
NOTE: The activity does not include regulatory compliance checks, structured risk analysis, vulnerability assessment, penetration testing or Security Level determination in accordance with IEC 62443.
What we deliver
At the end of the assessment, we provide:
- Summary report on the status of OT systems;
- Clear representation of perimeter, assets and architecture;
- Evidence of main baseline issues;
- Operational recommendations to improve the technical order of the system.
