Industry Coverage icon

Improve OT Governance to Drive Business Results

Managing risk through systematic and collaborative OT governance.

Unlock a Free Sample
  • Your operation isn’t very cautious or knowledgeable about the negative consequences of having OT equipment exposed to the internet.
  • The business is still using a lot of manual paper-based processes such as bankers’ boxes to track, store, and review the quality of your products.
  • You are risking being caught off guard by downstream suppliers if the regulatory bodies conduct a full review of all suppliers’ products/materials/ingredients being used to develop your finished goods.
  • The company isn’t tracking all materials, solvents etc. used within the manufacturing process and may encounter unexpected liabilities or penalties due to residue left on the finished goods being delivered to the customer.
  • You are risking being left behind as the rest of the industry progresses in this digital and ESG conscious era.
  • Your operation has difficulty tracking and tracing across the supply chain and this is slowing the process of adding new products into the portfolio.
  • Niche players have made your operation more vigilant and therefore you need to modernize your processes so that customer satisfaction ratings from audits will be a benefit over the competition vs. a hinderance.
  • The effects of the pandemic are still apparent within your operation, most notably a shortage of labor, acquiring skilled labor, and supply chain disruptions.

Our Advice

Critical Insight

OT governance has gained prominence as businesses need to have 24/7 reliability of equipment, but they are transitioning to an internet-based business landscape. The need to have a collaborative approach for managing and protecting the business has never been greater. Many manufacturers keep equipment well beyond its warranty and support period and can therefore encounter problems as equipment ages and still needs to be supported. Outdated operating systems and weak security systems are a hacker’s easiest targets.

Impact and Result

  • Identify: Discover the methods, people, tools, and approaches that can be used to ensure you have a streamlined OT governance model in place.
  • Prioritize: Further determine a tiered approach to assembling teams and tools.
  • Align: After establishing your teams and understanding your gaps you will have a systematic approach for pulling in the right people with the right tools at the right time. Operations and IT will be tightly aligned.

Improve OT Governance to Drive Business Results Research & Tools

1. OT Governance Phases 1-4 – A guide that includes a comprehensive plan for OT governance that considers the people, processes, technologies, and risks.

This deck highlights what should be developed for effective OT governance across any manufacturing business. It takes a holistic approach that considers both internal and external factors.

2. Evaluate and Design Tools – A group of tools and templates to assess, make the case for, design, and implement a new OT governance process.

Make the case for a governance redesign. Create a custom communication plan to facilitate support for the redesign process. Establish a collectively agreed upon statement of business context.

3. Create the Teams Templates – Use these templates to build out a set of teams for evaluating, preparing, and executing OT governance.

Create committee profiles. Build a governance structure map. Establish governance guidelines.

4. Develop the Plan Tools – Use these tools to create an implementation plan and roadmap for OT governance.

Keep the current and future goals in sight to build an optimized governance framework that maintains the minimum bar of oversight required.

5. Analysis Tools – Use these tools for a holistic analysis of risk and opportunity.

Ensure that all risks are captured and an associated action has been recorded. Determine concrete steps that will harness your company's strengths and target the opportunities.

Unlock a Free Sample

Improve OT Governance to Drive Business Results

Avoid bureaucracy and achieve alignment with a minimalist approach.

Analyst Perspective

Governance will always be part of the fabric of your organization. Make it adaptable so it doesn’t constrain your success.

IT/OT convergence, IT governance, and OT governance are misunderstood.

The purpose of governance isn’t to create a roadblock within the organization but rather it is a mindset of ensuring that the factory operation isn’t causing undo stress on the business.

Success in modern digital organizations depends on their ability to adjust for velocity and uncertainty, requiring a dynamic and responsive approach to governance – one that is embedded and automated in your organization to enable new ways of working, innovation, and change while ensuring security.

OT governance has become critical as organizations become nimbler and the OT areas of the organization leverage greater amounts of automation with often older equipment.

If your governance doesn’t adjust to enable your changing business environment and customer needs, it will quickly become misaligned with your goals and drive you to failure.

IT/OT must build an approach to governance that is effective and relevant today while building in adaptability to keep it relevant tomorrow.

Photo of Kevin Tucker, Principal Research Director, Info-Tech Research Group.

Kevin Tucker
Principal Research Director,
Info-Tech Research Group

Photo of Valence Howden, Principal Research Director, Info-Tech Research Group.

Valence Howden
Principal Research Director,
Info-Tech Research Group

Executive Summary: OT Governance for Manufacturing

Situation: OT Governance becomes a Hot Topic

COVID-19 raised the profile of OT governance as businesses began to grapple with the onslaught of cybersecurity attacks.

Remote and hybrid employees found it difficult to support and communicate with each other.

OT have operated in a silo with walls around the factory that IT wouldn’t enter, and that was fine until their suppliers could no longer come on site to service equipment that now needed to be exposed to the network.

The power of data analytics with AI/ML has become critical for optimal business process.

Complication: A new Playground for Hackers

OT becomes high risk as equipment must be exposed on the internet for external suppliers to perform maintenance and repairs.

Outdated mindsets hamper the organization’s ability to recognize the volatility they are exposed to.

Skills are lacking with regards to justifying, planning, implementing and maintaining the commissioning and decommissioning of OT services so it becomes management by chaos as businesses are compromised.

Most don’t measure the cost avoidance and value delivery generated from intentional OT governance.

Solution: Tools & Processes

Use this OT governance deck to assess your business and harden OT governance:
  • Gain insight into the risks associated with weak OT governance.
  • Understand OT governance and how it offers reliability as well as value delivery.
  • Determine which tools should be used to plan and execute OT governance within your business.
  • Learn to measure success associated with new and expanded OT governance services.

Info-Tech Overarching Insight

OT Governance Compliance must keep up with the changing state of business. In order to do so companies need to have clarity as to the regulations governing their industry and the tools at their disposal.

OT governance is…

  • An enabling framework for decision-making context and accountabilities for related processes.
  • A means of ensuring IT-OT collaboration, leading to increased consistency and transparency in decision making and prioritization of initiatives.
  • A critical component of ensuring delivery of business value from OT spend and driving high satisfaction with OT solutions that are aligned with the business and IT.

OT governance is not…

  • An annoying, finger-waving roadblock in the way of getting things done.
  • Limited to making decisions about technology.
  • A way for IT to take over the OT ownership and decision making.
  • It’s isn’t a one-time project as a set and forget.

Governance needed to regain confidence

Companies in Manufacturing are at an ever increasing risk of a data breach as was evidenced from the responses of 225 companies.

Lacking Protection Confidence
50%

Experienced a Breach
39%

AVERAGE LOSS PER BREACH
$1,000,000 – $10,000,000
(Sources: Deloitte; Cyber Policy; Arctic Wolf)

What is governance?

Governance is a critical and embedded practice that ensures information and technology investments, risks, and resources are aligned in the best interests of the operation and the organization to produce insights and business value.

Effective governance ensures that the right technology investments and integrations are made at the right time to support and enable your organization’s mission, vision, and goals.

FIVE KEY OUTCOMES OF GOOD GOVERNANCE

STRATEGIC ALIGNMENT

Technology investments and portfolios are aligned with the organization's strategic objectives.

RISK OPTIMIZATON

Operational and organizational risks are understood and addressed to minimize impact and optimize opportunities.

VALUE DELIVERY

OT investments and initiatives deliver the expected benefits without new unplanned risks.

RESOURCE OPTIMIZATION

Resources (people, finances, time) are appropriately allocated across the organization to optimal organizational benefit.

PERFORMANCE MEASUREMENT

The performance of technology investments are monitored and used to determine future courses of action and validate success.

Double-sided arrow spanning the 5 categories that reads 'Evaluate - Direct - Monitor'.

Holistic Operational Technology (OT) Governance

Operational Technology (OT) Governance is the policies, processes, and practices that a company implements to oversee and control the use and functionality of its OT systems. Typically, these systems are employed to automate and manage vital infrastructure, including production facilities, electricity grids, and transportation networks.

Effective OT Governance is crucial because these technologies frequently have a direct impact on the security, dependability, and effectiveness of an organization's operations. Additionally, it is essential for protecting these systems' integrity and security because they might be exposed to online dangers.

Tasks Within OT Governance

Defining roles and responsibilities for managing OT systems.

Establishing policies and procedures for the use and maintenance of OT systems.

Making sure OT systems are updated with the latest software and security patches.
Monitoring performance and availability of OT systems.

Putting security measures in place to guard against cyber threats.

Making sure OT systems are compliant.

Management of OT Governance

Models of effective OT governance are those that have the organization's IT and OT departments oversee OT governance, under the direction of top management. To make sure that the organization's OT systems are managed successfully, it is crucial that these departments have excellent communication and coordination.

Avoid common misconceptions of OT governance

Governance and management each have unique roles to play. Confusing the two results in wasted time and uncertainty around ownership.

Governance

OT governance sets direction through prioritization and decision making and monitors overall OT performance.

Governance aligns with the mission and vision of the organization to guide OT and protect OT assets.

Cycle of 'Governance Processes: Evaluate, Direct, and Monitor' and 'Management Processes: Plan, Build, Run, Monitor'.

Management

Management is responsible for executing on, operating, and monitoring activities as determined by OT governance.

Management makes decisions for implementing based on governance direction.

(Image Source: ISACA, 2012
* Adapted for OT Governance)

Mature your governance by transitioning from ad hoc to automated

Organizations should look to progress in their governance stages.

Ad hoc and controlled governance practices tend to be more rigid, making these a poor fit for organizations requiring higher velocity delivery or using more agile and adaptive practices.

The goal as you progress through these stages is to delegate governance and empower teams based on your fit and culture. This enables teams where needed to make optimal decisions in real time, ensuring that they are aligned with the best interests of OT and the broader organization.

Automate governance for optimal velocity while mitigating risks and driving value.

This puts your organization in the best position to be adaptive and able to react effectively to volatility and uncertainty.
Graph with y-axis 'Process Integration' and x-axis 'Trust & Empowerment'. A curved line from the origin has labels in order: 'Ad Hoc: Inconsistent Decision Making', 'Controlled: Authoritarian, Highly Structured', 'Agile: Distributed & Empowered', and 'Automated: High Velocity, Embedded & Flexible'.

Stages of OT Governance

Pyramid with numbers 1 to 4 from the bottom up representing the stages of OT Governance to the right. On the left is an arrow pointing upward, starting at 'Traditional (People- and Document-Centric) and ending at 'Adaptive (Data-Centric)'.
4 - Automated Governance
  • Entrenched into organizational processes and product/service design
  • Empowered and fully delegated to maintain fit and drive organizational success and survival
3 - Agile Governance
  • Flexible enough to support different needs in the organization and respond quickly to change
  • Driven by principles and delegated throughout the company
2 - Controlled Governance
  • Focused on compliance and hierarchy-based authority
  • Levels of authority defined and often driven by regulatory requirements
1 - Ad Hoc Governance
  • Not well defined or understood within the organization
  • Occurs out of necessity but often not done by the right people or bodies
Improve OT Governance to Drive Business Results preview picture

About Info-Tech

Info-Tech Research Group is the world’s fastest-growing information technology research and advisory company, proudly serving over 30,000 IT professionals.

We produce unbiased and highly relevant research to help CIOs and IT leaders make strategic, timely, and well-informed decisions. We partner closely with IT teams to provide everything they need, from actionable tools to analyst guidance, ensuring they deliver measurable results for their organizations.

What Is a Blueprint?

A blueprint is designed to be a roadmap, containing a methodology and the tools and templates you need to solve your IT problems.

Each blueprint can be accompanied by a Guided Implementation that provides you access to our world-class analysts to help you get through the project.

Talk to an Analyst

Our analyst calls are focused on helping our members use the research we produce, and our experts will guide you to successful project completion.

Book an Analyst Call on This Topic

You can start as early as tomorrow morning. Our analysts will explain the process during your first call.

Get Advice From a Subject Matter Expert

Each call will focus on explaining the material and helping you to plan your project, interpret and analyze the results of each project step, and set the direction for your next project step.

Unlock Sample Research

Author

Kevin Tucker

Contributors

  • Jeanne Lasheff, Director of Digital Transformation, Hollister Incorporated
  • Brian Buddemeyer, VP Information Technology, Spang & Company
  • Jay Stanley, VP Information Technology, Heartland Food Products Group
  • Robert Verret, Chief Information Officer, Dupre Logistics
  • Jeff Renfer, Director of Information Technology, Universal Fiber Systems
  • Steven Schmidt, Managing Partner, Durable Goods, Info-Tech Research Group
  • Christopher Goodhue, Managing Partner, Non-Durable Goods, Info-Tech Research Group
  • Valence Howden, Principal Research Advisor, Info-Tech Research Group
  • Larry Fretz, Vice President, Industry, Info-Tech Research Group
  • Rob Redford, Practice Lead, Industry, Info-Tech Research Group

Search Code: 102123
Last Revised: June 30, 2023

TAGS:

Manufacturing, Operations, Compliance, Standards, Rules, Codes, Policy, Chemical, Pharmaceuticals, Non-Durable Goods, Durable Goods, Medical Devices, Sustainability, IIoT, IoT, xIoT, ISO, employee, staff, scan, scanning, skills, production, hiring, customer value, production operation, manufacturing operational excellence, manufacturing customer value, omnichannel, mobile, mobile engagement, supply chain, digital, automation, cybersecurity, integration, collaboration, improvement, innovation, staffing, cloud, predictive, maintenance, strategy, strategic, intelligent, vendors, suppliers, prototyping, equipment, infrastructure, evaluation, functionality, report, progress, Data Analytics, data science, Green Manufacturing, ESG, artificial, Visual Recognition, fabrication, shipping, monitoring, logistics, sensing, mobility, private, tolerance, exposure, penalty, liability, drone, Inventory, Dispatch, volatile, volatility, food & beverage, pharmaceutical, non-durable, dangerous, tracking, certification, engineering, testing, computer validation, partners, regulations, regulatory, SOPs, SOP's, gravity factor, classifications, penalties, rapid, Regulator, control, hackers, value delivery, optimization, performance measurement, strategic alignment, guard, executing, vision, mission, decision making, controlled, Ad Hoc, Agile, Organic, Intentional, uncontrolled, enable success, guidelines, membership, tactical, 8 P's, 5 S's, Protection, Framework, Hybrid, SCADA, NICS, Controller, PLC, Terminals, Translation, auditors, historian, HMI, Partner, Portal, Operator, architecture, quality, sharing, AI, machine learning, schema, master data, stakeholder, configuration, red team, purdue, password, hub, Zero Trust
Visit our IT Cost Optimization Center
Over 100 analysts waiting to take your call right now: 1-519-432-3550 x2019