OT/ICS policy templates that will save you time, labor, and project risk

You can have an OT/ICS cyber security program custom-built by consultants in a never ending series of workshops. Or you can license a comprehensive, proven, ready-made program for a fraction of the cost and go right to implementation.

Most OT policy sets are little more than wishful thinking. They lack the vital specifics on execution and verification. These specifics are hard, but you don’t need to sweat over them.

The Simple Cyber Governance Program (SCGP) is a ready-made ISMS for OT. It allows asset owners in critical infrastructure and manufacturing to implement an OT security program faster, with less cost, less risk, and measurable results.

14 documents with detailed, step-by-step guidance and policy language, ready for copy & paste into your corporate policy framework

High-level management plan

Detailed execution plan


Metrics for measuring progress

Asset inventory specifications

Network diagram style guide

Data flow diagram style guide

NW & endpoint reference architecture

Detailed system procurement language

Incident management process details

Vulnerability management process details

Roles and responsibilities

Role based cyber security policies

Training curriculum

Detailed OT security policies, templates, procurement language, and more

High-level OT security frameworks like NIST CSF and IEC 62443 contain a whole lot of great ideas — but few practical provisions that can be put into production use. The reality is that thousands of critical infrastructure and manufacturing companies struggle to translate high-level guidance from those frameworks into something tangible and useful.

Instead of re-inventing the wheel by developing a custom OT governance program, start out with a proven policy set that is successfully in use since 2014, in more than 1000 facilities all over the globe.

The SCGP governance process

Risk-free evaluation

Check out the original document set thoroughly before purchasing a license. Simply download the SCGP eval document pack (15 PDF files, 300 pages, ZIP archive).

What you see is what you get, only that you will get MS-Word documents rather than PDF files when purchasing a commercial license.

Discuss with your team how much time and money the Simple Cyber Governance Program will save you. Then, purchase with confidence, and jump straight to program implementation.

Who is using the Simple Cyber Governance Program?

The Simple Cyber Governance Program is used in critical infrastructure and manufacturing. Customers include oil and gas companies, consumer goods manufacturing, chemical products, the world’s first final nuclear waste storage, pharmaceutical companies, and water utilities.

“CITGO had tried to develop a mature set of policies, procedures and standards for our Operational Technology (IT in OT) using in-house resources without much success. The Simple Cyber Governance Program templates by Langner will literally save us years of effort and will allow us to meet deadlines.”

Diana Hamilton

Automation Advanced Applications Supervisor, CITGO

“By implementing the Simple Cyber Governance Program, we created a standardized documentation system with consistently applied solutions, clear policies, standard operating procedures, and training. Most importantly, we had a way to measure our progress on every element. In doing so, we not only identified and corrected configuration issues, we are now able to quickly troubleshoot and perform root cause analyses, saving us hundreds of hours of engineering time.”

Tomas Nyström

Cyber Security Manager, Fortum

SCGP users in the nuclear industry:

Olkiluoto Nuclear Power Plant

Hanhikivi Nuclear Power Plant

Posiva Final Nuclear Waste Storage

Industry Voices

Listen what OT security thought leaders are saying about the Simple Cyber Governance Program:

„SCGP will save you lots of blood, sweat, and tears”
Bryan Owen


„provides immediate value to an organization”
Michael Assante

LinkedIn Profile

„the very best configuration control framework for OT/ICS that I know of”
Tim Roxey

LinkedIn Profile

„an excellent choice”
Eric Cosman

Co-Chairman ISA99, OIT Concepts LLC