Industry Categories icon

Integrate IT/OT Business Continuity Planning and Disaster Recovery

Minimize disruptions by breaking down IT/OT silos.

Unlock a Free Sample
  • Minimal collaboration exists between IT and OT teams when developing organizational business continuity management.
  • OT business continuity planning lacks the same rigor and thoroughness as their IT counterparts.
  • IT and OT dependencies are only discovered during a disruption, causing extended delays.

Our Advice

Critical Insight

Utilities must stop treating IT and OT business continuity as separate concerns – true resilience requires an integrated, shared-risk approach. IT and OT leaders must collaborate to develop, execute, and refine a BCM to support the continuity of the business when faced with the heighted risk of disruptions.

Impact and Result

  • Minimize business disruptions by ensuring IT/OT business processes and technology have adequate continuity programs and resources.
  • Future-proof convergence processes, amplify collaboration, and maximize the skillset between IT and OT teams

Integrate IT/OT Business Continuity Planning and Disaster Recovery Research & Tools

1. Integrate IT/OT Business Continuity Planning and Disaster Recovery – A four-phase strategy framework to help utility organizations integrate their IT and OT teams when developing an organizational business continuity management strategy.]

This project helps utilities shift from fragmented business continuity management to a unified, cross-domain IT/OT approach. The result is an actionable and integrated toolkit that guides members to strengthen resilience across IT and OT environments through boundary definition, technology and process identification, and overall governance design.

Integrate IT/OT Business Continuity Planning and Disaster Recovery Storyboard

2. Stakeholder Register Template – An Excel template to identify and document IT/OT stakeholders and assess their level of influence and interest in the development and execution of the BCM.

Use this template to analyze initial stakeholder influence and interest in execution of IT/OT applications and processes and to identify, track, and prioritize stakeholder requirements and expectations for the project.

Stakeholder Register Template

3. IT/OT Application Heat Map & Processes List – A template aligned to ISA95 to identify the dependent IT and OT applications and business processes.

A template and deliverable to facilitate the identification of the dependencies of IT and OT systems, applications, and business processes to include in the develop of the IT DRP and IT/OT BCP.

IT/OT Application Heat Map & Processes List

4. Utilities Business Impact Assessment Tool – A tool to estimate and prioritize the downtime impact of IT/OT applications and business processes.

[This tool enables you to define objective scoring criteria to assess the downtime impact of critical IT/OT applications/systems/processes. Additionally, the tool will identify any gaps between the objectives and actuals of your organization’s existing recovery processes.

Utilities Business Impact Assessment Tool

5. IT/OT Disaster Recovery and Business Continuity Plan RACI – RACI tool to document IT/OT roles and responsibilities for disaster recovery and continuity workarounds.

This RACI helps your organization document the roles and responsibilities of disaster recovery workflows and business continuity workarounds. Disaster recovery workflows focus on recovery of IT/OT systems and data completed in the application heat-map. Buisiness continuity workarounds focus on resuming business operations to an acceptable level during or after a disruption to IT/OT systems.

IT/OT Disaster Recovery and Business Continuity Plan RACI
Unlock a Free Sample

Integrate IT/OT Business Continuity Planning and Disaster Recovery

Minimize disruptions by breaking down IT/OT silos

Analyst Perspective

Reduce disruptions by integrating IT&OT in your Business Continuity Management development

Bevin Chau.

In the utility sector, the convergence of IT and OT is no longer optional – it’s imperative. As critical infrastructure becomes increasingly digitized and the target of external cyber threats, utility organizations must evolve their Business Continuity Management (BCM) to account for both enterprise systems (IT) and real-time operational technologies (OT) such as SCADA, AMI, and DERMS. Successful BCMs recognize that IT and OT not only share technological interdependencies but also valuable human and process-driven insights.

Rather than build parallel BCP structures for IT and OT, utilities can gain efficiency and resilience by integrating OT into the development of the enterprise BCM. Starting small – aligning recovery objectives for joint systems, for example – and scaling iteratively helps reduce organizational resistance and complexity. The key is to define clear boundaries, establish common ground, and identify cross-domain dependencies. This ensures that when a disruption occurs, both IT and OT teams can respond in a coordinated manner, preserving not only uptime but also public safety and regulatory compliance.

Technology and threats evolve rapidly; BCM must do the same. By treating IT/OT BCM as a living framework – governed, tested, and improved jointly – utility organizations can achieve not just recovery, but adaptive resilience and drive toward a converged IT/OT way-of-working.

Bevin Chau
Research Director
Utilities, Industry Practice
Info-Tech Research Group

Executive Summary

Your Challenge

Common Obstacles

Info-Tech’s Approach

  • Minimal collaboration exists between IT and OT teams in BCM activities, duplicating effort and resources and jeopardizing overall continuity quality.
  • OT and BCP lack the rigor and thoroughness of their IT counterpart, which is aligned to industry best practices and comply with regulations and standards.
  • Dependencies between IT and OT capabilities are discovered during the execution of a BCP or DR, leading to delays in resuming business processes.
  • IT and OT are on separate teams with different priorities and reporting lines; processes and tools are siloed, and growing institutional knowledge is a barrier to collaboration.
  • IT and OT teams are unfamiliar with their counterpart’s business requirements (i.e. real-time operational need for OT and regulatory compliance for IT).
  • BCP roles and responsibilities between IT and OT are not documented or communicated appropriately to the stakeholders involved.
  • Define Boundaries and Map IT/OT Dependencies: Outline IT and OT capability interdependencies, define clear ownership and areas where joint efforts are critical.
  • Identify IT/OT Technology and Processes: Jointly prioritize interdependent technologies and business processes providing an input to the creation of the BCP and disaster recovery.
  • Establish a Governance Model to Manage IT/OT: Develop a jointly owned governance model, providing strategic guidance to sustain the BCM and other converged processes.

Info-Tech Insight
Utilities must stop treating IT and OT business continuity as separate concerns – true resilience requires an integrated, shared-risk approach. IT and OT leaders must collaborate to develop, execute, and refine a BCM to support the continuity of the business when faced with heighted risk of disruptions.

Your challenge

Organizations face greater impact from disruptions with a siloed IT and OT approach to BCM

Siloed Approach to BCM

Differing Domain Requirements

Unclear Delineation Between IT & OT

  • IT and OT BCM are developed and executed separately without engaging the respective parties, duplicating effort and leaving organizations unable fully leverage inter-departmental strengths.
  • Varying approaches to developing, executing and maintaining BCM leads to gaps in meeting regulatory standards/compliance (i.e. NERC CIP-008/9 for cyber incident, ISO22301 for plan testing).
  • Operational and technical differences between IT and OT domains create a knowledge gap and a point of friction for the two teams to collaborate on BCM and other business processes.
  • Departmental priorities between IT and OT (i.e. back-office business processes availability vs. operations availability) causing fragmented execution of BCM across the enterprise.
  • Definition and boundary of IT and OT are increasingly being blurred with varying opinions across the organization of IT/OT applications, ownership, roles, and responsibilities.
  • Unclear delineation between IT and OT poses as a roadblock to identifying the interdependencies within BCM in addition to other business processes (cyber security, strategy & innovation, governance).

Utility organizations are at a growing risk of disruptions (cyber attacks, extreme weather, aging infrastructure) and require a robust and comprehensive BCM with IT and OT coverage.

62%
Percentage of Computers Impacted from Ransomware: Utilities
Source: Sophos 2024

A study by Sophos shows a ransomware attack on an Energy, Oil and Gas, and Utility organization in 2024 impacted on average 62% the organization’s devices/computers, leading any other surveyed industry. An indication of the potential extent a disruption can pose within this industry.

A survey conducted by Claroty highlighting trends in cyber security threats between 2021 and 2023 indicates a 10% increase when it comes to ransomware attacks on IT and OT environments (Continuity Insights 2023).

Common Obstacles

Separate IT and OT BCM reduces overall response effectiveness

Separate Organizational Constructs

Unclear Roles and Responsibilities

Domain Institutional Knowledge

Absent Common Vision

IT and OT organizations maybe arranged in a variety of ways – for example OT reporting into Operations and IT into Finance. Separate organizational constructs creates a barrier for collaboration due to competing priorities, resources, budget, etc.

IT and OT overlaps are generally known but are not documented and communicated well across the organization. Often this leads to a reactive approach to conflict resolution when IT and OT intersects and is evaluated on a case-by-case basis.

IT and OT have contrasting foundational operating environments; understanding the intricacies of the respective domains is a challenge. Additionally, OT technology tends to trail that of IT with obsolete OT equipment still operational and knowledge residing with few individuals.

As with organization constructs, priorities between IT and OT can vastly differ. Without a common, “guiding star” vision to align both teams, individuals will feel less empowered to collaborate, change will be impeded, and leadership accountability misplaced.

Info-Tech’s Approach

Stop treating IT and OT business continuity as a separate concern

Ensure the Right People at the Table

Start on Common Ground

Drive a Collaborative Culture

  • Vast amounts of OT institutional knowledge often hinders resources and decision-making; identifying the right stakeholders and bringing everyone along the journey will increase success.
  • Legacy OT technology poses a challenge as only a select few individuals understand the operability of the system; organizations should anticipate additional initiatives branching from the BCM.
  • Establish and align on a common definition of IT and OT across people, process, and technology; understand this definition will change as result of innovation.
  • Align on the common object of a joint BCM – enabling the organization to optimize business continuity by leveraging the strengths of IT and OT, minimizing the impact of disruptions.
  • Democratizing knowledge between IT and OT teams takes time. Ensure the organization has a plan to cross-train resources (i.e. embedding resources, training plan, knowledge base) to understand the joint BCP.
  • BCP is a singular business process where IT and OT convergence occurs. Foundational areas such as governance, roles, and responsibilities should span beyond BCP to cover other processes.

“Nearly half of the HMI’s identified associated with water and wastewater could be manipulated without any authentication required.”
Censys 2024

Standardized security procedures help align IT, OT, and external partners to respond quickly to cyberattacks and avoid physical consequences that affect operations (for example, loss of plant operations and production).”
McKinsey & Company 2023

Info-Tech’s Approach

Focus BCM on the intersection of IT and OT

1. Level-set & Align2. Identify Dependencies3. Develop IT/OT BCM4. Sustain

Objective

Establish a common definition and boundaries of IT/OT applications for your organization by referencing industry best practices.

Highlight the applications where IT and OT involvement is required and identify the roles and responsibilities for both respective teams.

Based on the dependencies identified, initiate the development of the IT/OT BCM by leveraging Info-Tech’s BCM methodology.

Create a governance structure and associated processes to enable the sustainment of the BCM and other converging processes.

Activities

IT/OT Stakeholder Mapping

IT/OT Definition & Boundary Mapping

IT/OT Application Heatmap and Ownership

IT/OT Business Processes Identification

IT Disaster Recovery Plan

IT/OT Business Continuity Plan

IT/OT BCM Governance Structure

Document Maintenance Processes

Accelerators

IT/OT Definition & Boundary.IT/OT Application Heatmap.Leverage Info-Tech’s BRP and BCP blueprint to complete this phase.Document Maintenance Processes.

Design and Enable Utility’s IT/OT Business Continuity Management

Focus BCM at the intersection of IT and OT

Maximize the skills between IT and OT teams
Given the converging landscape of IT and OT, BCM planning should be done collaboratively, relying on the expertise each side can offer.

Start on common ground
Begin with the foundations and remove ambiguity between IT and OT.

Instill collaboration
Align IT and OT teams on a common objective to better serve the organization.

Future-proof convergence
Start with a singular business process and expand convergence.

Phase 1
Align

Phase 2
Identify

Phase 3
Develop

Phase 4
Sustain

Activities

1.1 IT/OT Stakeholder Mapping
Ensure the right decision-makers and audience are in participation.

1.2 IT/OT Boundary Definition
Establish a common understanding of IT and OT’s definition & boundaries.

2.1 IT/OT Application Heat-Map & Ownership Assignment
Highlight IT/OT apps and their respective owners.

2.2 IT/OT Business Processes Identification
Identify the processes enabled by IT/OT apps.

3.1 IT Disaster Recovery Plan
Document recovery workflows for IT/OT applications.

3.2 IT/OT Business Continuity Plan
Document workarounds to IT/OT business processes.

4.1 IT/OT Governance Structure
Governing structure to sustain BCP and other converging processes.

4.2 BCM Maintenance Processes
Document & implement BCP maintenance practices.

Outcomes

Defined IT and OT application and capability boundaries across the organization.

Catalog of IT and OT capabilities and where convergence occurs with clear ownership.

Joint recovery and continuity plans accounting for IT/OT technology and processes.

Means to sustain and maintain converged BCM, with the potential to scale across other processes.

Common Obstacles
Ambiguity in IT and OT Definition
Organizations have yet to align on the definition and boundaries of IT and OT, generating confusion across teams and individuals.

Organizational Constructs With Conflicting Priorities
IT and OT have separate reporting lines, priorities, resources, and budget, creating a barrier for the two teams to actively collaborate.

Your Challenge
Siloed Business Continuity Planning
Each business unit (beyond IT and OT) conducts business continuity planning in a silo, duplicating resources and effort, unaware the plans of other business units.

Drastic IT and OT Domain Requirements
Technical and functional requirements of both domains are drastically different and managed by two distinct and contrasting skillsets.

Impact
Reduced Downtime & Enhanced Readiness
Minimize business disruptions when real incidents occur by ensuring IT/OT business processes and tech have the adequate continuity programs and resources to execute.

Future-Proofed Convergence Processes
Build on the foundations from this exercise to expand across additional converged processes across the organization.

Use This Blueprint to Supplement Larger BCM Development

Three Components to an Enterprise Business Continuity Management System: an effective enterprise business continuity management system consists of three in-sync components working together to enable an enterprise business continuity function. This blueprint supports the initiation of 1) an IT disaster recovery plan by including OT technology and 2) a IT/OT BCP by identifying IT/OT business processes.

Start by Including OT in the IT Discovery Recovery Plan: OT Technology is increasingly being critically dependent on IT services, therefore by starting with IT DRP, dependent OT applications and infrastructure will be captured in the recovery plan. Additionally, outputted IT DRP will inform business units of IT & OT recovery constraints to support the development of their own BCP, especially workarounds while IT/OT systems are down.

Differentiate Between Disaster Recovery and Business Continuity: Disaster recovery focuses on returning applications and infrastructure back to normal operating conditions whereas BCP evokes workarounds to maintain business processes in the event of a disruption (e.g. cyber attack, network failure, natural disaster). This blueprint supports the identification of IT/OT applications and infrastructure and the IT/OT processes they support, hence supplements (does not replace) Info-Tech’s Create a Right-Sided Disaster Recovery Plan and Develop a Business Continuity Plan blueprints.

Overall Enterprise Business Continuity Management (BCM)

IT Disaster Recovery Plan
A plan to restore IT application and infrastructure services following a disruption

This blueprint supports the creation of the IT DRP by identifying IT/OT applications

Download IT DRP Tool

BCP for Each Business Unit
A set of plans to resume business processes for each business unit.

This blueprint supports the creation of a BCP for the IT/OT “business unit” by identifying dependent business processes

Download Overall BCP Tool

Crisis Management Plan

A plan to manage a wide range of crises, from health and safety incidents to business disruptions to reputational damage.

Download Crisis Management Best Practices

Insight Map

Leverage the existing skills and knowledge between IT & OT
IT and OT is not only being interconnected from a Technology point of view, but also from the lens of people and processes. Tools and practices deployed in OT space mimic those which have been successfully deployed in the IT space. Leverage existing skills, knowledge, and lessons learned where possible – don’t re-invent the wheel if there is no need to.

Start IT/OT Convergence Small, Then Scale
BCP is one of many converging processes. The foundations being built as part of this blueprint should enable your organization to scale convergence across other processes as well – i.e. BCP governance can become IT/OT governance.

Establish Common Ground, Identify Dependencies
Start with defining what IT and OT are at your organization and the boundaries, understanding they will be iterative as technology evolves. Dependencies will mature, evolving into normal ways of working.

Review, Iterate, and Improve – Together
Changes in technology in both IT and OT are dynamic. Keep both teams abreast on updates in their respective environment and continue to improve and iterate on the BCP. Include a review/change management process as part of the BCP governance.

Blueprint Deliverables

Each step of this blueprint is accompanied by supporting deliverables and exercises to help you accomplish your goals

Stakeholder Register Template
Assess the relevant stakeholders contributing to IT & OT at your organization and determine their level of involvement the development of the BCM

IT/OT Application Heatmap & Processes List
Map the IT/OT dependencies against the Purdue model across each technology level. The application heatmap will provide a high-level overview of the areas IT and OT are responsible for across each application

IT/OT Disaster Recovery & Business Continuity Plan RACI
Document your IT/OT DR and BCP roles and responsibilities during the execution of each process.

Key deliverable

Utilities Business Impact Assessment Tool

The design and implementation of the IT/OT Application Business Continuity Plan captures the key insights your work will generate, including:

  • A set of converging applications requiring IT and OT to operate.
  • A jointly conducted business assessment of IT/OT capabilities.
  • Recovery procedures for critical IT/OT applications.

Blueprint Benefits

IT Benefits

Business Benefits

  • Including OT in your Business Continuity Management Plan will:
    • Expand and improve risk visibility by including OT technology as part of the IT Disaster Recovery Plan.
    • Provide a full picture of the interdependencies IT has across OT processes to expand convergence across other business processes.
    • Increase the strategic value of IT by supporting/enabling core utility operations.
  • Organizations with an integrated IT/OT BCM will:
    • Improve overall risk posture and ability to contain cross-domain threats and recover more holistically.
    • Lower response times and limit the cascading effects of an disruption.
    • Improve collaboration between IT and OT teams, removing barriers and leading to greater operational efficiencies (i.e. quicker response, integrated strategy & roadmap).
    • Meet growing regulatory compliance for utilities to have OT business continuity planning.

Measure the value of the IT/OT BCM toolkit

This toolkit will accelerate your goal in developing an IT/OT integrated BCM and spark a journey toward IT/OT convergence

Info-Tech IT/OT BCM Toolkit Value

5-7 Weeks Effort of ~4 IT & OT FTE

The value of the toolkit comes from the initial design, but you will experience benefits over time as convergence expands across broader areas.

Phase

Deliverable

Without Blueprint

With Blueprint

Phase 1: Level-Set & Align

  • IT/OT Stakeholder Mapping
  • IT/OT Boundary Definition

1 week

  • Boundary & definition research
  • Ideate, iterate, align

1 Day

  • Predefined template
  • Utility centric boundary definition

Phase 2: Identify Dependencies

  • IT/OT Application Heatmap
  • Application Ownership

1-2 weeks

  • Template creation
  • Assign applications to ISA95

1 Day

  • Example of converged applications

Phase 3: Develop IT DR and IT/OT BCP

  • IT Disaster Recovery Plan
  • IT/OT BCP

1-2 weeks

  • Creation of BIA logic & scoring

1 Day

  • Defined BIA logic and scoring for utility & workflow example

Phase 4: Sustain

  • IT/OT Governance Structure

1-2 weeks

  • Define governance best practice for IT/OT

1 Day

  • Proposed governance groups and responsibilities

Organization
Nova Scotia Power, Nova Scotia, Canada

Industry:
Electricity

Sources:
Nova Scotia Energy Board (2025), CBC (2025), CityNews (2025), Halifax Examiner (2025)

“But customer information was not central to the plan’s concerns. In fact, the particular concern about the risk to customer data seemed like an after-thought, mentioned only once in the report as part of a list of concerns.”
– Halifax Examiner (2025)

Case Study

Breached at the Starting Line: Nova Scotia Power Attacked Before IT-OT Cyber Project Can Begin

Background

In March of 2025, Nova Scotia Power (NSP), submitted “IT-OT Cyber Security Control Implementation Phase 1” to the Utility and Review Board (UARB) for approval. In the plan, NSP acknowledges the increase in frequency and sophistication of cyber threats and also the importance in “securing NS Power’s OT environment responsible for controlling physical processes or operations.”

NSP had all the correct intentions of protecting their OT environment; however, as the Halifax Examiner wrote “the focus was almost entirely on OT…but customer information was not central to the plan’s concern.” Following the submission of the plan to UARB, NSP was a victim of a ransomware attack where 280,000 customers’ information – including names, SINs, phone numbers, addresses, and banking information – has been compromised. NSP has declined to meet the financial demands of the perpetrators.

Impact

The impacts of this breech are still unknown at the time of this publication: however, a few early indicators point to the following:

  • NSP is offering a five-year free credit monitoring subscription to all current and past customers – estimated cost could be in the millions.
  • NSP’s customer billing portal was taken offline for the first month after the attack was discovered, preventing customers from making payments. After the resumption of the billing portal, NSP resorted to usage estimation based on previous years.
  • NSP’s reputation and customer satisfaction has plunged and the company could be the subject of a class-action lawsuit.

Lessons Learned

  • Cybersecurity is an area where IT and OT convergence is critical and must be evaluated in concert between the two teams. Both IT and OT domains are equally as important and should be given the same attention.
  • The billing process was exposed as a weakness from the attack. Each business process needs a robust plan to ensure normal business operations can resume efficiently.

Organization
CrowdStrike

Industry:
Various

Sources:
ISA

“In the wake of the recent global IT outage caused by a faulty CrowdStrike update, the importance of robust business continuity planning (BCP) and Disaster Recovery (DR) strategies in Operational Technology (OT) environments has never been more apparent.”
– ISA

Case Study

CrowdStrike Update: an IT Update Impacting OT Across Various Industries

Background

On July 19, 2024, a routine update from CrowdStrike disrupted organizations globally across various sectors, including utilities. Deemed as one of the largest IT outages in history, it cost Fortune 500 companies $500 billion dollars in direct losses. The impact of the IT outages was widespread and cascaded into the OT environments of many organizations.

Impact

If an organization had CrowdStrike deployed, it would have been overseen by the IT organization. However, depending on the industry, this update on the IT domain created cascading effects on the OT domain. For example, rail systems faced signaling outages, and airlines such as Delta and United faced communication network disruptions, grounding flights worldwide. Luckily for utilities, impacts were isolated to the IT domain with reports of customer billing outages from City of Corpus Christi and unavailable outage information system from Avangrid.

Lessons Learned

  • Unknown Dependencies Between IT and OT: The CrowdStrike update shined a light on the unknown interdependencies that exists between IT and OT systems across various industries. Building an effective BCP starts with understanding the dependencies between IT and OT systems and their points of failure. By doing so, organizations can access the potential impact of various failure scenarios.
  • An Isolated BCP Will Increase Restoration Timelines: As seen in the impacts of the update, due to the interdependencies between IT and OT systems, having an isolated BCP will lead to reactive management during a crisis. Organizations must maintain operational flexibility and agility to switch to alternative systems or manual operations.

Info-Tech offers various levels of support to best suit your needs

DIY ToolkitGuided ImplementationWorkshopConsulting
"Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful.""Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track.""We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place.""Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project."

Diagnostics and consistent frameworks are used throughout all four options.

Guided Implementation

What does a typical GI on this topic look like?

Phase 1: AlignPhase 2: IdentifyPhase 3: DevelopPhase 4: Sustain

Call #1:
Scope requirements, objectives, and specific challenges.

Call #2:
Identify key IT/OT stakeholders as part of the BCP journey.

Define IT/OT definition and boundaries.

Call #3:
Highlight applications where convergence exists and assign IT and/or OT ownership.

Call #4:
Identify IT/OT processes impacted by IT/OT applications disruptions.

Call #5:
Complete BIA for converging applications/ capabilities.

Call #6:
Design recovery workflows and business continuity workarounds for identified applications and processes.

Call #7:
Define IT/OT governance structure and committees.

A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization.

A typical GI is 4 to 6 calls over the course of 6 months.

Workshop Overview

Contact your account representative for more information.
workshops@infotech.com 1-888-670-8889

Day 1Day 2Day 3Day 4

Level-Set & Align IT and OT Teams

Identify IT & OT Dependencies

Develop DRP and BCP for IT/OT Applications and Processes

IT/OT Governances

Activities

1.1 Identify IT & OT stakeholders

1.2 Define IT/OT definition & boundaries

2.1 Complete IT/OT application heatmap and assign ownership

2.2 Identify IT/OT business processes impacted by IT/OT technology

3.0 IT/OT business impact assessment alignment and development

3.1.1 Conduct business impact assessment for IT/OT applications

3.1.2 Document recovery workflows and RACI for each converged application

3.2.1 Conduct business impact assessment for IT/OT processes

3.1.2 Document workarounds and RACI for each IT/OT process

4.1.0 Define IT/OT governance structure and maintenance processes for BCM

4.2.0 Align back with broader organizational BCM strategy

  1. IT&OT stakeholder map
  2. IT & OT definition
  3. IT & OT boundaries
  1. IT&OT application inventory with high-level ownership
  2. IT&OT business processes
  3. Aligned Business Impact Assessment Tool
  1. IT/OT application recovery workflows and documented RACI
  2. IT/OT business continuity workarounds and documented RACI
  1. IT/OT governance structure and BCM maintenance processes

Phase 1

Identify IT/OT Stakeholders and Align on IT/OT Boundaries and Definitions

Phase 1Phase 2Phase 3Phase 4

1.1: Identify IT/OT stakeholder mapping

1.2: Establish IT/OT boundaries and align on definition

2.1 Complete IT/OT application boundary heatmap & ownership

2.2 Identify IT/OT business processes impacted by IT/OT technology

3.0 Define aligned Business Impact Assessment (BIA) Tool

3.1.1 Conduct BIA for IT/OT applications

3.1.2 Document IT/OT recovery workflows and assign RACI

3.2.1 Conduct BIA for IT/OT business processes

3.2.2 Document IT/OT workarounds and assign RACI

4.1 Define IT/OT governance structure

4.2 Establish IT/OT BCP maintenance routines

Insights & Outcomes

Ensure your entire organization has a common understanding of the definition and boundaries of IT and OT and remove any confusion and ambiguity about ownership, roles, and responsibilities.

Participants:

  • IT lead and domain owners/specialists
  • OT lead and application owners

Bridge Cultural and Operational Silos

Joint Participation: Traditionally, IT and OT each have their distinct priorities, tools, and processes. Sticking to this conventional way of working will not further collaboration between the two teams. Clearly identify the participants who are critical of executing a joint IT/OT BCP but also individuals who play a key part in creating a collaborative culture where IT and OT teams are regularly working together.

Make Decisions Together: Identifying stakeholders upfront will support subsequent phases of the blueprint when ownership is assigned to applications and continuity workflows are drafted. This step allows you to clearly define escalation pathways, document RACIs, and develop cross-functional decision-making workflows.

Integrate IT/OT Business Continuity Planning and Disaster Recovery visualization

Minimize disruptions by breaking down IT/OT silos.

About Info-Tech

Info-Tech Research Group is the world’s fastest-growing information technology research and advisory company, proudly serving over 30,000 IT professionals.

We produce unbiased and highly relevant research to help CIOs and IT leaders make strategic, timely, and well-informed decisions. We partner closely with IT teams to provide everything they need, from actionable tools to analyst guidance, ensuring they deliver measurable results for their organizations.

What Is a Blueprint?

A blueprint is designed to be a roadmap, containing a methodology and the tools and templates you need to solve your IT problems.

Each blueprint can be accompanied by a Guided Implementation that provides you access to our world-class analysts to help you get through the project.

Need Extra Help?
Speak With An Analyst

Get the help you need in this 4-phase advisory process. You'll receive 8 touchpoints with our researchers, all included in your membership.

Guided Implementation 1: Align
  • Call 1: Scope requirements, objectives, and specific challenges.
  • Call 2: Identify key IT/OT stakeholders as part of the BCP journey.
  • Call 3: Define IT/OT definition and boundaries.

Guided Implementation 2: Identify
  • Call 1: Highlight applications where convergence exists and assign IT and/or OT ownership.
  • Call 2: Identify IT/OT processes impacted by IT/OT applications disruptions.

Guided Implementation 3: Develop
  • Call 1: Complete BIA for converging applications/ capabilities.
  • Call 2: Design recovery workflows and business continuity workarounds for identified applications and processes.

Guided Implementation 4: Sustain
  • Call 1: Define IT/OT governance structure and committees.

Author

Bevin Chau

Contributors

  • Mark Thomas, Director of IT Operational Technology, Denver Water
  • Roderick Cook, Information Security Officer, Modesto Irrigation District
  • Chris Vasche, OT Analyst. Modesto Irrigation District
Visit our IT’s Moment: A Technology-First Solution for Uncertain Times Resource Center
Over 100 analysts waiting to take your call right now: +1 (703) 340 1171
© Info-Tech Research Group | Terms of Use | Privacy Policy