Factory floor under inspection

All controllers, sensors, and networks are deployed. This is about spotting blind spots and confirming every asset is covered, accounted for, and properly controlled. Treat this as a practical lens for shoring up defences post‑deployment.

Critical asset types

  • Industrial controllers – PLCs, DCS, RTUs. Confirm configuration, firmware, and lifecycle documentation.

  • Sensors and actuators – Verify mapping to controllers, inclusion in maintenance records, and segmentation by zones.

  • SCADA servers and HMIs – Ensure patching, access control, and logging are documented.

  • Industrial networks – Confirm segmentation, VLANs, and firewall rules. Compare to asset register.

  • Workstations / engineering laptops – Check authorised users, role-based access, and secure configuration. Control removable media.

  • Embedded field devices / IoT equipment – Document identity, firmware, and monitoring.

  • Physical infrastructure – Power supplies, racks, enclosures, environmental sensors. Verify redundancy, access, and monitoring coverage.

Gap‑spotting checks

  1. Asset register vs. network diagram – Any device that exists in one but not the other is a gap.

  2. Lifecycle documentation – Installation, updates, maintenance, and decommissioning must all be recorded. Missing steps are findings.

  3. Ownership clarity – Each asset must have a responsible operator or custodian. Ambiguity is a red flag.

  4. Zone mapping – Critical devices must reside in defined security zones consistent with segmentation requirements. Misaligned assets are gaps.

Use this page as a checklist for post‑work inspection: if it is missing, misaligned, or undocumented, it is something to fix before an auditor sees it.