OT Security Project Support — Sample Engagement Overview

About this sample: This document represents the output of the thinking. The value is in the conversations that produced it — the site walk, the stakeholder interviews, the engineering judgements made along the way. What you are reading is the record. The work that matters happened before the first page was written.

Engagement Overview

Project Parameters

Client

[REDACTED]

Project

[REDACTED]

Phase

FEED → Detailed Design

Duration

[REDACTED]

Lead Engineer

[REDACTED]

Standard

IEC 62443-2-4

Engagement Structure

Review Checkpoints

Checkpoint	Phase	Review Focus	Output
CP-01	FEED	Concept architecture cybersecurity requirements. Initial zone/conduit model review.	Advisory note + requirements register
CP-02	Detailed Design	Network architecture diagrams, P&ID cyber risk review, vendor specification review.	Design review report + RFI list
CP-03	Procurement	Vendor cybersecurity response evaluation. FAT criteria development.	Vendor assessment report
CP-04	Commissioning	Implemented system verification against approved design. Deviation identification.	Commissioning security sign-off
CP-05	Handover	Security baseline documentation. Outstanding items closeout. Operational team briefing.	Security baseline record

Note: Engagement scope and checkpoint structure are agreed at project initiation and adapted to your project timeline and governance framework.

Design Review Findings — CP-02 Extract

Detailed Design Review

The following is an extract from the Checkpoint 02 design review. [N] findings were identified across network architecture, P&ID review, and vendor specifications.

Finding ID	Area	Observation	Priority
PS-F001	Network Architecture	No industrial DMZ specified between IT and OT networks. Direct routing proposed between corporate LAN and control network — does not meet IEC 62443-3-2 ZCR requirements.	High
PS-F004	Remote Access	Vendor remote access design proposes shared account. IEC 62443-2-4 SP.03.01 requires individual accountability. Design requires revision.	High
PS-F007	Vendor Specification	Cybersecurity requirements in vendor ITT do not specify minimum firmware version requirements or patch delivery obligations. Recommend amendment before ITT issue.	Medium
PS-F011	P&ID Review	Safety instrumented system (SIS) network connectivity to OT LAN not documented in network diagrams. Potential uncontrolled communication path. Requires clarification.	High

What this enables: For each checkpoint, NEXUS produces a formal review report, a findings register with recommended actions, and written advisory. All findings are tracked through to closure. Final handover includes a complete security baseline record for the operational team.