OT/ICS policy templates that will save you man-years of labor

Struggling to develop an executable version of NIST CSF, IEC 62443, or ISO 27k? Struggle no more.

free up that time with the simple cyber governance program
The Simple Cyber Governance Program (SCGP) allows asset owners in critical infrastructure and manufacturing to implement an OT security program faster, with less cost, and less risk.
14 documents with detailed, step-by-step guidance and policy language, ready for copy & paste into your corporate policy framework

high-level management plan

detailed implementation plan


Metrics for measuring progress

asset inventory specifications

network diagram style guide

data flow diagram style guide

NW & Endpoint reference architecture

detailed system procurement language

incident management process details

vulnerability management process details

roles and responsibilities

role specific cyber security policies

training curriculum

Check out these sample modules →

Detailed OT Security Policies, Templates, Procurement Language, and More

High-level OT security frameworks like NIST CSF and IEC 62443 contain a whole lot of great ideas. However, they contain few practical provisions that can be put into production use right away. The reality is that thousands of critical infrastructure and manufacturing companies struggle to translate high-level guidance from those frameworks into something useful. That’s a waste of resources.

Instead of re-inventing the wheel, maybe supported by high-fee consultants, just start out with the detailed language of an OT governance program that is successfully in use for years, in over 1000 facilities.

The SCGP governance process

Risk-free evaluation

Check out the original document set thoroughly before purchasing a license. Simply download the SCGP eval document pack (15 PDF files, 300 pages, ZIP archive). What you see is what you get, only that you will get MS-Word documents rather than PDF files when purchasing a commercial license. Discuss with your team how much time and money the Simple Cyber Governance Program will save you. Then, purchase with confidence, and jump right into implementation.

WHO is using the simple cyber governance program?

The Simple Cyber Governance Program is used in critical infrastructure and manufacturing. Customers include the world’s first final nuclear waste storage, various nuclear power plants, chemical plants, pharmaceutical companies, and water utilities.
Hanhikivi-1 Nuclear Power Plant

Hanhikivi-1 nuclear power plant

Operator: Fennovoima

Olkiluoto Nuclear Power Plant

Olkiluoto Nuclear Power Plant

Operator: TVO

Loviisa Nuclear Power Plant

Loviisa Nuclear Power Plant

Operator: Fortum

Posiva Final Nuclear Waste Storage

Posiva Final Nuclear Waste Storage

Operator: Posiva

Industry Voices

„SCGP will save you lots of blood, sweat, and tears” Bryan Owen


„provides immediate value to an organization” Michael Assante

LinkedIn Profile

„the very best configuration control framework for OT/ICS that I know of” Tim Roxey

LinkedIn Profile

„an excellent choice” Eric Cosman

Co-Chairman ISA99, OIT Concepts LLC