About OTVerdict

Independent OT cybersecurity assessment.
Built from the field.

OTVerdict was established by practitioners with extensive hands-on experience in operational technology environments — designing OT network architecture, commissioning industrial control systems, and leading cybersecurity programmes across refining, petrochemical, manufacturing, and energy operations.

The case for OTVerdict

The OT assessment gap

Generic NIS2 frameworks are designed for IT environments. They do not reflect how OT systems are designed, maintained, or operated. An IT-framed assessment will miss the controls that matter in an industrial site — and a regulator or insurer will identify that gap.

Evidence over policy statements

Most compliance tools produce tick-box outputs with no evidential weight. OTVerdict produces a written defensibility position grounded in verifiable operational evidence — the standard required to demonstrate reasonable steps under NIS2 Article 20.

Grounded in operational experience

The assessment framework was developed by practitioners with hands-on experience commissioning OT systems, designing ICS network architecture, and leading cybersecurity programmes across live operational sites. The controls and evidence criteria reflect the realities of OT environments — not the assumptions of policy documentation.

Technical credentials
CertificationIEC 62443 Industrial Cybersecurity (IC32)
FrameworksNIS2 · CAF · ENISA TIG · NIST 800-82 · IEC 62443
Experience15+ years in OT / ICS environments across live operational sites
SectorsEnergy · Refining · Petrochemical · Manufacturing · Industrial Gas · Waste-to-Energy
SystemsDCS · PLC · SIS · SCADA · Historian · OPC · Modbus · Profibus · Industrial Ethernet
InfrastructureOT Network Architecture · ICS DMZ · Secure Remote Access · Palo Alto · Cisco Industrial
Independence

OTVerdict is independent and non-vendor aligned. Assessments are not affiliated with any OT system integrator, technology vendor, or managed security provider. Findings are based solely on the evidence submitted and the defined sufficiency criteria — not the commercial interests of a vendor.

The framework maps directly to NIS2 Articles (EU 2022/2555) and ENISA Technical Implementation Guidance (EU 2024/2690). It was not adapted from an IT security standard — it was designed from the ground up for operational technology environments.

NIS2 Article 20

Senior management is personally liable for OT cybersecurity failures under NIS2.

An OTVerdict assessment is the documented evidence that reasonable steps were taken. This is what you present to a regulator, an insurer, or a board when accountability is scrutinised.

Establish Your OT Defensibility Position.

A 20-minute scoping call confirms scope, fee, and timeline. No commitment required prior to formal engagement.

Request a Scope Call