As industrial organizations integrate connected systems, traditional IT-centric governance, risk and compliance (GRC) tools inadequately address OT environments where physical safety and process continuity are paramount. The differences between IT and OT governance - from regulatory frameworks (ISO/SOC vs. IEC 62443/NERC) to asset life cycles (years vs. decades) - create implementation challenges that leave critical systems vulnerable.

In this session, Mostafa Nassar, senior engagement manager cyber security, INTECH Automation and Intelligence, explores why standard GRC platforms fail in industrial settings and examines strategies for developing OT-specific solutions that properly integrate with existing IT frameworks while addressing specialized needs. He will discuss securing stakeholder support across operations and maintenance teams, implementing vulnerability management within operational constraints, and building collaboration between IT and OT personnel.