Is this memo only for Potenza customers?

No. The memo is structured so any cement or mining operator can use it to evaluate any OT cybersecurity provider — including Potenza. The questions are designed to be answered in writing by every vendor in your RFP.

Why are the questions called "disqualifying"?

A provider who cannot give a clear written answer to one of these twelve questions is signaling a structural limitation in their methodology or operating model. That is the disqualification — not the answer itself, but the absence of one.

What does "structural independence" mean in this memo?

Structural independence means a provider does not resell the OT cybersecurity platforms they recommend, does not carry quotas tied to specific platforms, and is organizationally independent from any OEM that supplies industrial automation equipment. The OT Service Owner cannot be the OT Vendor.

What is an "OT Service Owner"?

The OT Service Owner is the operational entity accountable for OT service ownership on behalf of the plant operator — independent of the OEM that supplied the equipment and the platform vendor that sells the monitoring software. Potenza Services operates as the OT Service Owner for the cement and mining operators we serve.

How is the memo different from a vendor pitch?

The memo is structured for procurement utility. Every question includes red-flag and green-flag answer patterns, framework references, and a side-by-side summary table. It is designed to be printed, annotated, and used during vendor evaluation calls — not to be read once and discarded.

Can I share the memo internally without restriction?

Yes. The memo is distributed without licensing restrictions. Forward it to your CISO, procurement counterparts, plant operations leadership, and audit and insurance renewal leads. The questions affect all of those functions.

The OT Cybersecurity Procurement Memo

12 disqualifying questions every cement and mining operator should ask before selecting an OT cybersecurity provider.

The OT Service Owner cannot be the OT Vendor. Operators who own their OT topology independently from the OEM that built the equipment and the platform vendor that sells the monitoring software negotiate from parity, not dependency. This memo is the working tool procurement teams use to verify, in writing, which providers can demonstrate that structural independence — and which cannot.

Book a Topology Assessment

What’s inside the memo

The memo organizes 12 questions across four categories — structural independence, deliverable quality, operational model, and framework alignment. Each question includes:

•The question, phrased as procurement teams would actually ask it
•Why the question matters to your operation
•Red-flag answers from a structurally compromised provider
•Green-flag answers from a provider who can pass the question
•How Potenza Services answers the same question
•Framework references (ISA/IEC 62443-3-3, NIST SP 800-82 Rev. 3, ITIL 4)
•A side-by-side summary table for procurement teams to record vendor responses

Who this memo is designed for

The memo is built for the people who own OT cybersecurity vendor decisions inside cement and mining operations:

•CISOs and VPs of Cybersecurity evaluating OT cybersecurity providers
•VPs and Directors of Plant Operations responsible for SCADA and DCS environments
•Procurement teams scoping multi-plant OT cybersecurity engagements
•Audit and insurance renewal leads preparing documentation
•Plant managers participating in vendor selection

The principle behind the twelve questions

Structural independence is not a marketing claim. It is a documented fact about how a firm is built — whether it resells platforms, whether its engineers carry quotas, whether its findings would survive a recommendation to decommission a product its parent company sells.

Potenza Services, Inc. is an SDVOSB-certified OT cybersecurity firm built specifically around this principle. We do not resell platforms. We are not a Fortinet shop, a Dragos shop, or a Claroty shop. We are the Assessment and Topology Authority for cement and mining OT environments — and we operate as the OT Service Owner for operators who need the discipline of a maintained topology of record.

The twelve questions in the memo are how procurement teams can verify that — for any provider, including Potenza.

Get the memo

Download the full memo. Forward freely inside your organization.

17 pages · PDF · Version 1.2 · May 2026

Frequently asked questions about the memo