Back

Conduct Compliance and Assurance Activities for OT Cybersecurity

URN: TECDT611404
Business Sectors (Suites): IT(Cyber Security)
Developed by: ODAG
Approved: 2025

Overview

This standard defines the competencies required to conduct cybersecurity compliance and assurance activities in Operational Technology (OT) environments. It includes assessing OT systems against regulatory, industry, and organisational requirements; reviewing evidence; identifying non-conformities; and supporting improvements that maintain secure and resilient operations. It also incorporates assurance methods aligned with industry frameworks, including supplier assurance and governance reporting.

This standard is intended for OT cybersecurity professionals and assurance practitioners responsible for verifying OT security compliance.

Performance criteria

You must be able to:

  1. Identify OT cybersecurity regulations, standards, and organisational requirements that apply to industrial systems.
  2. Assess OT systems for compliance with regulatory, security, and organisational requirements.
  3. Conduct OT security assurance activities to verify controls and practices.
  4. Analyse evidence from audits and assessments to identify compliance gaps or risks.
  5. Review supplier and contractor compliance in line with organisational requirements.
  6. Document compliance findings and supporting evidence in line with organisational and regulatory processes.
  7. Communicate compliance outcomes to internal and external stakeholders.
  8. Monitor changes in regulatory and organisational requirements affecting OT systems.
  9. Support continuous improvement of OT compliance processes.
  10. Review assurance outcomes to support governance reporting and remediation planning.

Knowledge and Understanding

You need to know and understand:

  1. OT cybersecurity regulations and sector-specific requirements.
  2. Industry standards and frameworks applicable to OT systems.
  3. Methods for assessing OT compliance and verifying security controls.
  4. Evidence-gathering approaches suitable for OT environments.
  5. Supplier and contractor assurance requirements relevant to OT cybersecurity.
  6. Documentation practices for capturing compliance and assurance findings.
  7. Reporting requirements relevant to OT cybersecurity and governance.
  8. Concepts and approaches for continuous assurance in OT environments.
  9. Risk assessment principles relevant to compliance and assurance outcomes.
  10. Collaboration practices for working with engineering, safety, procurement, and governance teams.
  11. Organisational processes for managing remediation and non-conformities.
  12. How assurance outcomes support regulatory reporting and executive governance.

Scope/range

Scope Performance

Scope Knowledge

Values

Behaviours

Skills

Glossary

Assurance
Processes used to verify that systems meet required cybersecurity and operational expectations.

Compliance
Conformity with laws, regulations, standards, and organisational security requirements.

Non-Conformity
Any deficiency where a process, system, or control does not meet a defined requirement.

Audit Trail
A chronological record that provides evidence of control implementation, system changes, or user actions.

Remediation
Actions taken to correct identified gaps, non-conformities, or compliance weaknesses.

Links To Other NOS

External Links

Version Number

1

Indicative Review Date

2029

Validity

Current

Status

Original

Originating Organisation

ODAG Consultants Ltd.

Original URN

TECDT611404

Relevant Occupations

Information and Communication Technology Professionals

SOC Code

2139

Keywords

Operational Technology (OT), Cybersurity, Safety-critical systems, Cyber-physical systems