Start with a Baseline Cyber & Process Safety Analysis - the regulatory aligned health check that links cyber risk directly to major accident hazards.


Book Your OT Baseline Analysis

  • Home
  • Solutions
  • Move Beyond OG86 Hygiene. Build 62443 Ready OT Resilience

From April 2026, the HSE expects COMAH duty holders to evidence cyber risk as a Major Accident Hazard. Start with a Baseline Assessment that gives you clarity, readiness and a defensible plan.

Why COMAH Sites Must Act Now

Cyber threats directly impact process safety, disabling BPCS, SIS and alarms at the same time. The HSE is transitioning from OG86’s basic hygiene to ISA/IEC 62443, a standard that demands lifecycle evidence, hazard linkage, and real world resilience.

  • Cyber threats now directly impact process safety and can affect multiple layers simultaneously (BPCS, SIS, alarms).
  • From April 2026, HSE expects evidence aligned to ISA/IEC 62443, not OG86.
  • Baseline establishes risk awareness, governance, and defensibility.

If cyber can initiate or escalate a Major Accident Hazard, it must be assessed, controlled, and evidenced — just like any other safety risk.

This is no longer optional. It’s regulatory expectation.

What the Baseline Assessment Delivers

Your Baseline is a structured, rapid engagement (typically 10–15 working days) that gives you:

  1. CAF & Governance Review - clarity of risk ownership, governance, and maturity.
  2. Architecture, Zoning & Conduits - real-world OT architecture validation, vendor pathway review, recoverability insights.
  3. Cyber - Initiated Hazard Path Analysis - maps cyber events to major accident scenarios.
  4. 62443 Control Gap Analysis - hardening, access control, monitoring, response, and recovery.
  5. Prioritised Roadmap - issues ranked by MAH consequence, not just technical severity.
  6. Inspection - Ready Evidence Pack — ties cyber findings to COMAH safety case.

Why Start With a Baseline?

OG86 provided a starting point. 62443 provides the pathway to resilience.

Starting with a Baseline means you can:

  • Understand your exposure in weeks, not months
  • Prioritise budget and resources based on real risk
  • Give leadership a clear, defensible plan
  • Begin closing the gap between today’s architecture and HSE’s expectations
  • Build an evidence trail that aligns cyber with process safety

Inspectors want to see progress, prioritisation and justification - not perfection. Your Baseline is the foundation for that.

Who This Is For

Designed specifically for:

  • Tier One & Tier Two COMAH Operators
  • Heads of Process Safety, Engineering & Operations
  • OT, Automation and Control Leaders
  • Compliance, HSE, and Risk Management teams
  • Sites with SIS, BPCS or legacy control systems

If cyber incidents could disrupt your plant, your protection layers or your operators - this assessment applies to you.

What Happens After You Book

Client Logo

Scoping call (30–45 minutes)

Client Logo

Evidence request (diagrams, reports, procedures, if available)

Client Logo

Onsite verification (architecture, zones, pathways)

Client Logo

Analysis & mapping (hazards, SLT, controls)

Client Logo

Final Report + Roadmap

Client Logo

Walkthrough for leadership (optional)

Download our Transitioning from OG86 to ISA/IEC 62443 Paper





Book Your OT Baseline Assessment

*: Required fields

FAQ

Q. How long does the Baseline take?

Most assessments complete within 10–15 working days depending on site complexity.

Q. Do we need perfect documentation first?

No. We verify architecture on site if drawings are outdated or incomplete.

Q. Will this help with COMAH inspections?

Yes. The assessment is explicitly aligned to the HSE’s shift to ISA/IEC 62443 and supports COMAH safety case integration.

Q. What if we’ve already done some OG86 work?

Great. The Baseline builds on existing hygiene but identifies where 62443 introduces new requirements.

Q. Can you help implement the roadmap afterwards?

Yes — but only if you want us to. The Baseline itself is vendor neutral and stands alone.