Document 01 of 04

Vendor Briefing Template

Fill in your environment details below. Clicking Export PDFs downloads a zip file containing your internal record and a clean vendor briefing to send to shortlisted vendors. A vendor who does not read your briefing has told you something.

How to use this document

Complete all sections before vendor contact. The zip contains two files: your internal working copy (with all details) and the vendor briefing version (which omits your internal contact details and asset counts, and includes a blank vendor response section).

01 Organization & Environment Internal only

Organization Name

Date Prepared

Prepared By

Evaluation Timeline

Primary Contact for Vendor Questions

Industry / Sector

Number of OT Network Segments

Approximate Known Asset Count

Air-Gapped Segments Present

Brief Description of OT Environment

02 Protocol Stack Included in vendor briefing

List every industrial protocol in your environment. Vendors must confirm coverage for each row.

03 Deployment Constraints Included in vendor briefing

Check all that apply. Vendors must confirm compliance with each selected constraint.

✓

Active scanning NOT acceptable — passive monitoring only required

✓

Agent installation on legacy assets NOT acceptable

✓

Cloud connectivity from OT network NOT permitted

✓

Vendor remote access to OT network NOT permitted during deployment

Additional Deployment Constraints

04 Compliance Obligations Included in vendor briefing

Check all that apply and note the specific standard or subsection where relevant.

Other Compliance Requirements

05 Top Three Evaluation Criteria Included in vendor briefing

Vendors should address these explicitly in their response and demo.

Criterion 1

Criterion 2

Criterion 3

06 Key Questions to Ask Vendors Included in vendor briefing

These questions are included in the vendor briefing export. Use them in vendor conversations and demos.

Protocol Coverage

Walk through exactly how your platform handles [specific protocol from our environment]. What function codes do you decode, and how was that coverage validated in a production environment?

Passive Deployment

If your sensor is deployed in passive-only mode with no active queries permitted, what capabilities are unavailable or degraded?

Legacy Assets

What does your platform do when it encounters an asset it cannot identify or decode?

Compliance Evidence

Show the exact evidence package your platform generates for a NERC CIP-015 audit. What format is it in, and has it been accepted by a NERC auditor?

Professional Services

What is the minimum professional services engagement required to deploy and tune this platform in an environment like ours? What is the typical timeline?

Reference Customers

Provide two reference customers in our industry who have been audited under our compliance framework and are willing to speak about their experience with your evidence package.

Export your documents. Export an internal record for your files and a clean vendor briefing to send to shortlisted vendors.