IT Service Management

Separating IT and OT is still necessary, but the perimeter is no longer enough. Industrial systems now exchange data with historians, cloud platforms, remote vendors, patch servers, backup platforms, and monitoring tools. A mature model combines governance, asset visibility, segmentation, identity, remote access, endpoint protection, vulnerability management, backup, monitoring, and incident response.

An inventory updated once a year cannot support real risk management. Organizations need visibility into connected assets, critical systems, normal flows, obsolete devices, vulnerable systems, engineering workstations, backup status, and monitored assets. Visibility transforms inventory from documentation into a security capability. Without visibility, decisions are based on assumptions. With visibility, they are based on facts.

A network diagram does not protect an industrial environment. What matters is controlling which systems communicate, through which protocols, on which ports, and for which purpose. This is critical for SCADA, DCS, PLC networks, safety systems, engineering stations, historians, backup servers, patch servers, remote access platforms, and OT DMZs. The goal is to reduce propagation and limit the blast radius.

Remote access is necessary for vendors, integrators, and internal teams, but it is also a major entry point. It must rely on named users, strong authentication, approvals, time-limited sessions, role-based permissions, jump servers, session recording, logging, access reviews, and SOC monitoring. Remote access must be approved, limited, monitored, and auditable.

Operator and engineering workstations are highly sensitive because they operate processes and modify controller logic. Protecting them requires more than antivirus. It requires control over administrator rights, USB usage, boot sequence, BIOS settings, application installation, OS hardening, patch levels, golden images, backups, physical access, change management, and security logging. The goal is to preserve the integrity of the industrial function.

Patching in OT is difficult because vendor validation, compatibility, rollback, safety, and maintenance windows must be considered. Vulnerability management should focus on risk reduction, not only patch deployment. Depending on the case, the right action may be to patch, isolate, monitor, restrict access, disable a service, or apply virtual patching.

Having backups does not guarantee recovery. The real question is whether the organization can restore the right systems, in the right order, within the required time, without additional risk. Recovery must cover servers, workstations, PLC programs, DCS configurations, safety logic, firewall rules, switch configurations, HMI projects, licenses, and documentation. Backups must be tested and procedures documented.

OT monitoring requires industrial context. A new RDP session, PLC programming activity, or communication change may be normal during maintenance but critical during production. Detection should focus on unauthorized engineering activity, remote access anomalies, controller logic changes, abnormal protocol behavior, lateral movement, firewall events, malware alerts, backup failures, patch failures, and configuration changes.

An OT cyber incident can quickly become a production crisis. Response must involve cybersecurity, operations, maintenance, engineering, management, vendors, and communication teams. A strong plan defines leadership, escalation, vendor coordination, isolation authority, production decisions, restoration validation, executive communication, evidence handling, and restart approval.

In 2026, IT RUN evolves from fixing incidents to actively managing digital experience and business perception. The focus is no longer limited to restoring service quickly - it is about ensuring users never feel disruption in the first place. 

● New technical indicators emerge, like transaction success rates, page load times, API response times. 

● Introducing Experience Level Agreements (XLAs) alongside traditional SLAs:

○ Customer Satisfaction Score (CSAT): % of tickets rated 4/5 or 5/5, Monthly satisfaction score per application/service. 

○ Effort & Friction metrics:, User effort score (response to question: How easy was it to resolve your issue ?), % tickets reopen rate 

○ Business Impact metrics: Business Disruption Index (measure of incidents affecting business-critical IT services, weighted by criticality), % Availability of dashboards during financial closing periods, …

○ Digital adoption metrics: Adoption rates of an application (Active users vs Licensed users), Self-Service analytics (% of services accessed with 0 support ticket needed)

○ Proactive experience metrics: % of incidents resolved by automatic monitoring before users report, Incident recurrence rate (% of incident recurrently happening on a monthly basis), Number of recurring defects permanently eliminated 

In 2026, IT RUN is no longer evaluated only on technical stability — it is accountable for measurable financial exposure. The organization must quantify, report, and actively manage the economic impact of technology disruptions, and also closely demonstrate the contribution of its digital platforms to the company’s financial results. 

● Calculating the cost of outage per minute: Calculate the revenue per minute for each critical digital channel, average transaction value and volume per minute, Measure production loss in manufacturing environments (units/hour), Estimate SLA penalties owed to clients due to downtime, Include reputational impact indicators (customer churn %, lost conversions). 

● Linking incidents to financial KPIs: Classify incidents by business domain (Sales, Supply Chain, Finance), Associate incident severity with estimated financial impact, Track cash flow delays caused by ERP or billing interruptions, Measure the cost of emergency changes (involving overtimes for production teams and unplanned costs) vs planned changes. 

● Thinking of IT RUN as a Contributor to company’s revenue Protection: Quantify avoided losses through proactive incident prevention, quantify the optimized infrastructure cost through performance tuning and move-to-cloud strategies, calculate vendor penalty exposure via strong licensing governance using the appropriate tools. 

● Adopting a Technology Business Management (TBM) Mindset: Translate technical services to business services (For example: No longer considering a “Payment API”, but rather “Order-to-Cash Service”), Measure the Total Cost Of Ownership (TCO) per application/service, Align and invoice application/services costs to the business units consuming them. 

In 2026, IT RUN cannot scale effectively without automation and artificial intelligence embedded into its core operating model. As system complexity increases and user expectations move toward real-time responsiveness, manual incident handling and reactive monitoring become operational bottlenecks. Automation is no longer a productivity improvement initiative - it is a structural requirement for stability, efficiency, and proactive service management. 

● AIOps for predictive incident detection : Use machine learning to identify anomalies before they impact users and trigger automated alerts or remediation 

● Self-healing infrastructure: Automate automatic restart, failover, scaling, and configuration rollback without human intervention

● Automatic incident classification: AI-assisted ticket classification, prioritization, and assignment to reduce response time. 

● Automation of repetitive tasks: Automate patching, access provisioning, environment provisioning, and routine system checks. 

● Automation KPIs as performance indicators: Measure automation rate, percentage of incidents auto-resolved, and reduction in manual effort.

As IT RUN becomes directly linked to revenue, resilience, and business performance, leadership roles must evolve accordingly. The modern IT leader is no longer purely technical — He becomes a “Head of Digital Value” and must operate at the intersection of technology, finance, and business strategy, translating operational performance into measurable value. 

• From technical manager to value leader: Shift focus from infrastructure supervision to business impact management, financial accountability, and strategic alignment with enterprise objectives. 

• Communication with CFO & COO: Act as a bridge between IT operations and executive leadership by translating system performance, risks, and investments into financial and operational insights. 

•  Data-driven decision-making: Base prioritization, investments, and improvements on measurable metrics such as revenue impact, cost efficiency, risk exposure, and experience indicators. 

• Strategic storytelling through dashboards: Use executive dashboards to communicate performance trends, financial exposure, and operational resilience in a clear and compelling way that supports strategic decisions.