ISO27000is a common management system for IT security. In the field of OT security, there are other standards such as ISA/IEC 62443 that better match the challenges within OT.

Unlike IT security, which focuses on protecting data and information systems, OT security is about protecting physical processes and machinery. An intrusion into an OT system can lead to a factory shutdown, a power grid failure, or the release of hazardous chemicals. An intrusion can thus have direct consequences for people's safety and society's functioning.

IT-systems are often standardized and have a relatively short lifecycle. Because of this, they are easy to upgrade and to mitigate known vulnerabilities. OT-systems, on the other hand, are typically tailored to a specific process or business operation. These system have long lifecycles and are rarely upgraded due to operational risks. As a result, vulnerabilities in OT-systems may need to be managed through methods other than patching.