Continuity is the KPI in the modern factory that overrides everything else. Machines must run, processes must continue, and deliveries must leave on time. Downtime means direct costs and loss of revenue.

But continuity is no longer limited to the production line itself. OT systems depend on IT components such as applications, networks, print servers, and ERP links. A seemingly simple IT problem can therefore have a direct impact on production.

This requires one thing: setting up IT and OT in such a way that they remain reliable, available, and manageable together. In this blog, we will discuss how IT and OT together ensure continuity in the modern factory.

IT and OT? Inseparably linked!

Whereas OT traditionally revolves around production lines and control systems, IT is increasingly providing essential input. Think of ERP systems that deliver production orders or applications that record traceability.

A concrete example: a label printer seems like a standard IT component. But if a label is needed to get a product through multiple production steps, a printer malfunction can shut down the entire line.

What's more, this dependency is mutual. OT generates data that flows back to IT systems for planning, quality assurance, and reporting. Continuity can only be achieved when the entire chain is stable and reliable as a whole.

The challenge of legacy in OT

One of the biggest differences between IT and OT lies in lifecycle management. IT systems are replaced or updated relatively quickly. OT systems sometimes remain in use for ten to fifteen years or longer.

In sectors such as medical technology or defense, product life cycles are also long. Machines and tooling must remain available for as long as products are supported. This means that old systems continue to run, even if they are no longer patched.

This creates tension. IT security requirements are becoming increasingly stringent, while OT environments do not always keep pace. The solution rarely lies in direct replacement. It often involves segmentation, shielding, and conscious risk assessment.

Continuity therefore requires a balance between modernization and control of existing systems.

This tension between legacy, availability, and security is also precisely where many of the cyber risks in industrial environments arise, as we described earlier in our blog about the five biggest cyber risks in 2026.

Governance: who is responsible for what?

Technology alone is not enough. Continuity depends on clear governance. In practice, this means that multiple roles are involved:

• IT for infrastructure, applications, and security.
• OT or production for operational processes.
• EHS ( environment, health, and safety) and QA (quality assurance) for safety and quality assurance.
• Suppliers or OEMs ( Original Equipment Manufacturers) for machines and specific OT components.

A clear RACI structure prevents ambiguity afterwards. Who is responsible for updates? Who has final responsibility in the event of disruptions? Who is consulted in the event of changes? Without explicit agreements, gray areas arise, and that is precisely where the risk lies.

In practice, this means that IT, OT, and often an external party such as an MSP work together. Think of the collaboration between a solution architect on the IT side, the business owner of OT, and the technical architect. In this triangle, decisions are made about availability, security, and costs.

Friction is inevitable in this regard. The OT manager is judged on output and uptime. The CISO on security and compliance. Their interests do not always run parallel. That is precisely why responsibilities must be clear in advance and decisions must be made jointly. Continuity is not an IT or OT issue, but a shared responsibility.

Practical measures without unnecessary downtime

Implementing improvements in a 24/7 environment requires planning. Many organizations therefore work with fixed maintenance windows: pre-arranged times when updates, patches, and optimizations are carried out in a controlled manner.

By planning maintenance instead of taking ad hoc action, risks become manageable and the impact on production remains limited.

Other measures that strengthen continuity:

• Redundancy in critical IT components, so that failure does not immediately lead to downtime.
• Clear agreements regarding the availability of OT applications.
• Buffering in production processes where possible.
• Logical segmentation between IT and OT to isolate disruptions.
• Alignment on the lifecycle of both IT and OT systems.

It is important that improvements are not isolated actions, but part of a joint roadmap. Ideally, the lifecycle of OT systems and that of IT should be better aligned. They do not have to be completely synchronized, but they do need to be aligned in such a way that obsolescence, security requirements, and availability objectives remain in balance.

Compliance without production stoppages

Customer and legislative requirements are becoming increasingly stringent. Examples include additional security rules, stricter access control, and higher traceability requirements in sectors such as defense and food.

This often means that access, logging, or network segmentation must be configured differently. However, increased security should not automatically lead to reduced workability on the production floor.

The challenge is therefore simple: comply with the rules without unnecessarily blocking production. Don't 'shut everything down', but take targeted measures where they are really needed. This can only be achieved if IT, OT, and suppliers work together and make clear choices in advance.

The reference case of Vreugdenhil Dairy Foods shows what this means in practice: stabilizing a complex production environment, ensuring continuity, and at the same time building a future-proof IT foundation without disrupting operations.

From technology to direction

Continuity in the modern factory is not purely a technical issue. It is not just about the systems that are running, but about how infrastructure, applications, legacy, and responsibilities come together as a whole.

IT and OT cannot function without each other. A printer can be critical to business operations. An ERP link can be decisive for production planning. And you cannot simply replace a legacy machine because security requirements change.

The key lies in insight: knowing what dependencies exist, clearly defining who is responsible for what, planning improvements instead of implementing them ad hoc, and making lifecycle choices together. Cybersecurity plays a role in this, but the bigger goal remains continuity: a production environment that runs stably, without surprises.