OT/ICS policy templates that will save you time, labor, and risk

You can have an OT/ICS cyber security program custom-built by consultants in a never ending series of workshops, or you can license a comprehensive ready-made program for a fraction of the cost and go right to implementation.

Most OT policy sets are little more than wishful thinking. They lack the vital specifics on execution and verification. These specifics are hard, but you don’t need to sweat over them.

The Simple Cyber Governance Program (SCGP) is a ready-made ISMS that allows asset owners in critical infrastructure and manufacturing to implement an OT security program faster, with less cost, less risk, and real results. It is used internationally in multiple industries, including nuclear.

14 documents with detailed, step-by-step guidance and policy language, ready for copy & paste into your corporate policy framework

high-level management plan

detailed execution plan


Metrics for measuring progress

asset inventory specifications

network diagram style guide

data flow diagram style guide

NW & Endpoint reference architecture

detailed system procurement language

incident management process details

vulnerability management process details

roles and responsibilities

role specific cyber security policies

training curriculum

Detailed OT Security Policies, Templates, Procurement Language, and More

High-level OT security frameworks like NIST CSF and IEC 62443 contain a whole lot of great ideas. However, they contain few practical provisions that can be put into production use right away. The reality is that thousands of critical infrastructure and manufacturing companies struggle to translate high-level guidance from those frameworks into something useful. That’s a waste of resources.

Instead of re-inventing the wheel by developing a custom OT governance program, just start out with the de-facto standard that is successfully in use since 2014, in more than 1000 facilities all over the globe.

The SCGP governance process

Risk-free evaluation

Check out the original document set thoroughly before purchasing a license. Simply download the SCGP eval document pack (15 PDF files, 300 pages, ZIP archive). What you see is what you get, only that you will get MS-Word documents rather than PDF files when purchasing a commercial license. Discuss with your team how much time and money the Simple Cyber Governance Program will save you. Then, purchase with confidence, and jump straight to program implementation.

Who is using the simple cyber governance program?

The Simple Cyber Governance Program is used in critical infrastructure and manufacturing. Customers include the world’s first final nuclear waste storage, manufacturing giants, pharmaceutical companies, and water utilities.

Hanhikivi-1 Nuclear Power Plant

Hanhikivi-1 nuclear power plant

Operator: Fennovoima

Olkiluoto Nuclear Power Plant

Olkiluoto Nuclear Power Plant

Operator: TVO

Loviisa Nuclear Power Plant

Loviisa Nuclear Power Plant

Operator: Fortum

Posiva Final Nuclear Waste Storage

Posiva Final Nuclear Waste Storage

Operator: Posiva

Industry Voices

„SCGP will save you lots of blood, sweat, and tears”
Bryan Owen


„provides immediate value to an organization”
Michael Assante

LinkedIn Profile

„the very best configuration control framework for OT/ICS that I know of”
Tim Roxey

LinkedIn Profile

„an excellent choice”
Eric Cosman

Co-Chairman ISA99, OIT Concepts LLC