The Move Toward Digital Transformation Risks in EAM and ERP: Understanding IT and OT System Risks

Technology Trends

IT/OT Collaboration Drives Meaningful Enterprise Digital Transformation 

As industrial firms expand their digital transformation, IoT, and smart manufacturing efforts, expectations for smart EAM systems are higher than ever.  At the same time, the resulting expanded connectivity presents new challenges in areas, such as system health, security, and enterprise data compliance.

This is occurring as IT, OT, and maintenance teams are realizing that they must work more closely together to thrive in this age of digital transformation.  Each team is interdependent of each other to meet their respective, and collective, objectives. 

This is occurring as smart manufacturing initiatives require rigorous and consistent data standards to ensure optimum system health, performance, and reliability.  This new environment leaves manufacturing teams in a difficult position, as they must grapple with addressing daily priorities, ongoing crises, and long-term initiatives.  

Consequently, users must strike a balance between IT, OT, and maintenance needs in a consistent and cost-effective manner.  The challenge is to meet these various needs, even as budgets remain tight and resources are increasingly scarce.  There is a growing gap between IT and OT, and in some cases, OT is changing faster than IT can respond.  At the heart of the matter is a growing need for enterprise data management to monitor and manage system health, security, and enterprise data compliance.

Needed: A Framework for Effective IT, OT, and Maintenance Collaboration

With IoT and the connected enterprise becoming so prevalent in today’s industrial organizations, a framework is required to build a consistent, robust, and scalable foundation for IT/OT use.

digital transformation risks Digital%20Transformation%20in%20ERP%20and%20EAM.JPGAs a result, asset-intensive organizations must be able to react swiftly, decisively, and correctly to meet the dynamic needs of their organizations.  In fact, being reactive is often insufficient in this ever changing environment; users must be proactive, and to do this they require accurate and relevant data.

In addition to building systems that offer a single version of the truth, IT, OT, and maintenance teams should strive to identify ways to continuously monitor system health and performance -- and ideally on a real-time basis – as well as adherence to data standards and security and compliance requirements.   A core objective of such an approach is to provide the ability to monitor and manage both system and equipment health while ensuring compliance with the organization’s compliance rules.

One example of a way to share IoT and other data is with asset administration shells.  AASs, which have their roots in Industry 4.0 initiatives, can be used to provide and share asset and IoT information.  In essence, they allow visibility and promote the sharing of information between assets and connected IoT sensors and associated devices.  In addition to visibility into administration elements, there is information that maps to assets, asset hierarchies, components, and subcomponents in the underlying EAM system.  A visual example of how asset administration shells can be used at both a plant level and individual asset levels can be seen in this graphic.

The movement toward open architecture and open APIs has opened up new opportunities for connectivity and interoperability between and across systems and users.  There is now a democratization of IT of sorts, which offers expanded access and sharing of data with OT and maintenance   

Risk and Compliance Considerations 

With the democratization of IT systems prevalent across OT and maintenance departments, the opportunities for data sharing are many, but so are the chances for the potential misuses of data due to unintentional or inadvertent access to data and systems.

To this point, ERP supplier QAD shared some helpful insight at their recent user group meeting on ways to be more proactive when considering governance, risk management, compliance (GRC) policies and procedures.  In addition to seeing GRC as a framework of processes and practices that provide guidance for operational management of IT functions, the company also includes a wide swath of role-based security and access control in its solutions. 

QAD also provides defined metrics in their software that enable users to document the effectiveness of GRC efforts in their enterprises.  In addition, the company also offers GRC guidance for various enterprise users, including the following checklist items in the following areas:

  • Infrastructure
    • Underlying infrastructure health and performance statistics
    • Server configuration and high-level network check
    • Disk layout optimization, space utilization, IO analysis
    • OS patching/updates
    • System parameters


  • General business performance
    • Data security policies, management and readiness
    • Compliance with government, industry and customer policies and requirements
    • Manufacturing and reporting optimization


  • For ERP and EAM users, other considerations include:
    • Database extensions, data fragmentation, buffers, startup parameters, memory utilization, log files
    • Disaster recovery capabilities and test procedures
    • After-imaging (database recovery)
    • Backup procedures and parameters
    • Application server setup
    • API parameters and performance



With many of today’s smart manufacturing, operations, and maintenance systems being designed to share important information across the enterprise, the need for increased awareness of risk management and compliance procedures have become critically important to these organizations.  IT and OT user teams are becoming increasingly dependent on each other to meet their collective goals and objectives and to ensure optimum system health, security, performance, and reliability. 

These expanded requirements have prompted IT, OT, and maintenance suppliers to develop or enhance systems that offer broader connectivity and increased visibility, and allowing users to better adhere to corporate risk management and mitigation mandates.  As a result, users are demanding systems that help them identify and manage IT and OT systems risks, as well to ensure optimum system health and performance. 



Engage with ARC Advisory Group

Representative End User Clients
Representative Automation Clients
Representative Software Clients