OT Cybersecurity Assessments
Start here — or stand alone.
OT Critical Controls AssessmentA focused 74-question assessment of the critical and high-weight controls under NIS2 and the UK Cyber Security and Resilience Bill. Covers the 34–37 ENISA requirements regulators and insurers will look at first. Fixed fee for qualifying sites. For many operators, this is sufficient as a standalone engagement.
Fixed fee applies toSingle OT site · Up to 3 distinct OT systems or platforms · Important entity classification · No group-level or multi-site complexity. Confirmed at scoping call.
- ✓74 questions across critical control domains
- ✓Covers 34–37 ENISA requirements
- ✓RAG scorecard — Red / Amber / Green by domain
- ✓Identifies your highest-risk gaps fast
- ✓Delivered within 5 working days
- ✓Fee creditable against full assessment
Fixed fee£1,000–£1,500Fee credited against Full Assessment if you proceed
Request a Scope CallScope and eligibility confirmed at the scoping call. Sites outside eligibility criteria are directed to the Full Assessment.Full Assessment — choose your scope
NIS2 Article 20Senior management is personally liable for OT cybersecurity failures under NIS2.NIS2 Article 20 places direct accountability on directors and senior management — not just the organisation. An OTVerdict assessment is the documented evidence that reasonable steps were taken. This is what you show a regulator, an insurer, or a board when something goes wrong.
Not sure which tier?Consider the number of OT sites, your NIS2 entity classification (Important or Essential), and the number of distinct OT systems in scope. Borderline? We always recommend the lower tier — it is easier to expand scope than justify a higher fee after the fact.Book a scoping call →
Final fee confirmed after scoping. Indicative range only. 50% invoiced upfront, 50% on report delivery.