The OTIFYD OT Cyber Security Framework (OT-CSF) is a consulting service that provides organisations with a structured, standardised approach to managing cyber risk in Operational Technology (OT) environments, including industrial control systems (ICS) and cyber-physical systems. The service is designed to assist security leaders such as CISOs, OT Security Managers, and security engineers in navigating OT-specific cybersecurity challenges. It translates external standards and regulatory requirements into actionable internal processes, helping organisations prioritise security activities, close gaps, and maintain compliance. Deliverables from the service include: - A high-level OT cyber security policy based on globally recognised security standards - A detailed procedure set covering key OT security areas: asset management, access control, governance, training, system development and maintenance, incident response, business continuity, and disaster recovery - A pragmatic implementation roadmap covering rollout of the OT policy, supporting processes, and required technical controls The framework follows a five-function model aligned with recognised standards (e.g., NIST): Identify, Protect, Detect, Respond, and Recover. Implementation follows a structured process: setting target goals, creating a risk profile, assessing the current security posture, performing gap analysis, and executing an action plan. The service is tailored to each organisation's specific needs and applicable regulatory requirements, and can be adapted to meet both commercial and government compliance mandates.