We worked with a major UK infrastructure investment organisation to develop a clear and practical cyber security policy for use across its portfolio. Drawing on current UK requirements for both IT and operational technology (OT) risk management, the policy sets out minimum expectations that help ensure critical assets are secure‑by‑design and aligned with evolving legislation. The final framework gives asset managers a consistent, accessible way to understand and manage cyber risk across complex infrastructure investments
