Patch management in OT is not simply an IT problem applied to industrial systems; it is a distinct discipline shaped by legacy assets, unplanned downtime risk, vendor compatibility constraints and competing stakeholder priorities. Getting it right requires a clear articulation of business risk, not just technical vulnerability data.

This session, led by Jason Lee of Honeywell, will cover:

• Why effective OT patch management begins with thorough asset discovery and risk quantification, including how unpatched systems tie to process hazard events and regulatory obligations;
• How organizations can evaluate manual, automated and compensating control-based patching strategies based on site size, operational continuity requirements and available resources;
• What it takes to communicate patch management decisions across IT, OT and leadership stakeholders using a common risk language grounded in business impact.