Do I need the Topology Assessment first?

Yes. The Topology Assessment (Phase 1) produces the initial documentation baseline. Topology Authority (Phase 2) maintains it. You cannot maintain a document of record that does not exist yet.

How does Topology Authority reduce insurance premiums?

Cyber liability carriers increasingly price renewal terms against documentation quality. Current asset inventory, documented segmentation, and active change governance are the documentation carriers evaluate. Operators carrying Topology Authority output negotiate from a documented position that uninstrumented operators cannot match.

How often is the documentation updated?

Continuously — every topology change triggers a documentation update through the governed change process. Periodic full-refresh cycles are scheduled on a cadence agreed in the SOW. The document of record is always current, not periodically reconstructed.

What is the relationship between Topology Authority and OT Service Owner?

Topology Authority (Phase 2) maintains the documentation. OT Service Owner (Phase 3) operates on it — ITIL-aligned governance, ongoing service ownership, and operational extension across multi-plant fleets. Phase 3 requires Phase 2 documentation to function.

Can Topology Authority cover multiple plants?

Yes. Topology Authority scales across multi-plant fleets. Each plant has its own documented topology; the authority layer provides a unified view across the fleet for operators, auditors, and insurance carriers.

Industrial network topology documentation and change governance dashboard

Phase 2 — Document of Record

Topology Authority — The Maintained Document of Record

Continuous topology authority for your OT environment — not a point-in-time pen test, not an annual vulnerability scan. The operator's source of truth for what is on the network and how it connects.

Book a Topology Assessment How it works

Why point-in-time assessments are not enough

A topology document that isn't maintained is a liability, not an asset

The assessment documented your OT environment on the day it was completed. But cement and mining operations don't stand still — every OEM integration, plant acquisition, and network change makes that document less accurate. Without continuous maintenance, the topology that passed last quarter's audit won't survive next quarter's.

Static topology documents decay immediately: Threat intelligence from 2025 and 2026 documents the rapid compression of attacker dwell time inside industrial control systems, accelerated by AI-assisted reconnaissance. Static topology documents authored once a year are stale within months. The OT environment requires continuous topology authority.
Insurance carriers require current documentation: Cyber liability carriers increasingly price renewal terms against the quality of OT topology documentation, current asset inventory, and active change governance. Operators carrying current Topology Authority output into renewal conversations negotiate from documentation positions that uninstrumented operators cannot match.
Audits compound without maintained records: ISA/IEC 62443 audits, NIST CSF 2.0 readiness assessments, and acquirer technical diligence each require documented topology, governed change control, and accountable vendor access. Operators carrying current Topology Authority output complete these reviews on shorter timelines than operators rebuilding documentation under deadline pressure.

How Topology Authority works

Continuous documentation, not periodic snapshots

Topology Authority is the maintained document of record for your OT environment. It builds on the Topology Assessment (Phase 1) and keeps the documentation current through governed change tracking, periodic refresh cycles, and accountable vendor-access management.

Governed change tracking

Every change to the OT environment — new device, firmware update, network reconfiguration, OEM integration — is documented against the maintained topology. Change governance is continuous, not retroactive. The document of record reflects the network as it is, not as it was.

Maintained asset inventory

The asset inventory from the Topology Assessment becomes a living document. New devices are added, decommissioned devices are removed, firmware versions are tracked, and zone placement is updated as the environment evolves across plant expansions and OEM integrations.

Structurally independent documentation

Knowing your own OT topology — independent of the OEM that supplied the equipment — is the source of negotiating leverage in vendor RFPs, support contract renewals, and remote-access policy disputes. Operators who own their topology authority negotiate from informational parity.

What Topology Authority maintains

Outcomes for operators, not features for consultants

Topology Authority produces outcomes that procurement teams, insurance carriers, and auditors evaluate directly — lower cyber liability premiums, faster incident response, cleaner audits, and documented vendor leverage.

Continuous

Maintained OT topology documentation

Network topology diagrams, asset inventory, segmentation evidence, and zone-level capability mapping kept current through governed change tracking. Always reflects the environment as it is today.

Continuous

Active change governance

Every topology change documented, classified, and traced. The change log is the audit trail — no reconstruction needed at review time. Change governance applies to vendor access, OEM integrations, and internal network modifications.

Periodic

Insurance and audit-ready packages

Current topology documentation, segmentation evidence, and change logs packaged for cyber liability renewal or compliance audit submission. Operators carry this into renewal conversations instead of scrambling to compile it.

Ongoing

Vendor leverage documentation

Independent topology documentation that positions the operator — not the OEM — as the authority on what is deployed, how it connects, and what the contractual obligations are. Asymmetry replaced by parity.

FAQ

Questions operators ask about Topology Authority

Common questions from operators moving from a completed Topology Assessment to continuous documentation. Reach out to our team.

Get Started

Keep your topology current

If you have already completed a Topology Assessment, the next step is maintaining it. If you haven't, start there — the assessment is the foundation.

What you’ll get

Continuous topology documentation — not annual snapshots
Governed change tracking across OEM integrations and network modifications
Insurance and audit-ready documentation packages
Independent vendor leverage through documented topology ownership
Foundation for OT Service Owner operational extension

Prefer email? helpdesk@potenzaservices.com