Webinar: Bridging IT–OT Gaps: OT-Led Data Transformation in Action

Register Now
Get In Touch
Get In Touch

Why Maturity Assessments Reveal What Checklists Never Can

For many organizations operating in critical infrastructure, Cyber Security progress is often evaluated through checklists. Policies documented. Controls identified. Procedures signed off. Boxes checked. On paper, everything appears complete. It feels like progress. It feels like maturity.

But checklists can only confirm whether something exists, not whether it works.

Maturity assessments reveal what checklists cannot. They expose the difference between intention and capability. They show how Cyber Security practices function in the real world, not just how they appear in documentation. For organizations that depend on operational continuity and safety, this distinction is essential.

The Checklist Trap

Checklists create a comforting sense of order. They outline requirements, provide structure, and help teams track progress. They are useful for understanding what needs to be in place. But checklists were never designed to measure Cyber Security strength. They cannot capture the depth, discipline, or consistency needed to secure an OT environment.

For example, a checklist can confirm that:

  • an access control policy exists,
  • change management is documented,
  • network segmentation is defined,
  • a remote access procedure is written down.


But a checklist cannot confirm:

  • if the policy is followed,
  • if the change management process is consistent,
  • if segmentation reflects actual traffic patterns,
  • if remote access is monitored, governed, and enforced,
  • or if teams understand and execute the procedures correctly.


A checklist can be complete while the environment remains vulnerable.

Why Maturity Assessments Matte

A maturity assessment goes deeper. It evaluates Cyber Security capability across three dimensions: people, processes, and technology. It reveals how controls operate, how consistently practices are followed, and how effectively governance supports day-to-day operations.

This matters because OT environments are complex. They evolve slowly, then suddenly. Temporary changes accumulate quietly. Vendor systems bypass centralized controls. Legacy equipment resists modern standards. Teams rely on tribal knowledge. Documents drift out of alignment with reality.

A maturity assessment identifies these gaps. It highlights where practices break down, where inconsistencies exist, and where operational constraints influence security outcomes.

It answers questions that checklists cannot:
Are we capable, or are we simply compliant?

The Difference Between Documentation and Capability

Documentation shows what should happen. Capability shows what actually happens. These two often diverge in critical infrastructure.

Here are common examples Dexcent sees in OT environments:

1. Policies exist, but practices differ

An organization may enforce MFA for remote access in policy, yet shared credentials still exist inside maintenance teams. A maturity assessment uncovers this gap.

2. Processes are written, but not followed

A change management procedure may look strong on paper, but work orders and engineering changes may not reflect actual implementation steps. A maturity assessment reveals whether teams follow the documented process.

3. Controls appear complete, but evidence is missing

A checklist may say segmentation is done, but logs show unexpected lateral movement across networks. A maturity assessment exposes the difference.

4. Responsibilities are unclear

Governance documents may outline roles, yet in practice, operational teams and IT security teams operate independently. A maturity assessment uncovers these disconnects.

5. Tools are deployed, but not fully utilized

Monitoring tools may be installed, but tuned poorly. Alerts go unnoticed. Dashboards are underutilized. A maturity assessment identifies whether technology is supported by the right processes and training.

This gap between documentation and execution is where Cyber Security risk lives.

Why Checklists Fail in OT Environments

OT systems behave differently from IT systems. Their design priorities are safety, reliability, and deterministic control. Cyber Security was never part of their original architecture. This means modern Cyber Security requirements must be adapted around engineering, process safety, and operational constraints.

Checklists do not account for these realities. They assume:

  • consistent maintenance windows,
  • uniform device capabilities,
  • regular patching cycles,
  • centralized governance,
  • and modern identity integration.


OT environments rarely operate this way. A maturity assessment recognizes these constraints and evaluates Cyber Security practices within the operational context.

For example:

  • Legacy PLCs may not support modern identity requirements.
  • Vendor connections may rely on remote access sessions beyond internal control.
  • Segmentation may be limited by process safety requirements.
  • Some systems may be technically impossible to patch without extended downtime.


Checklists do not account for these nuances. Maturity assessments do.

Maturity Drives Better Decision Making

One of the biggest advantages of maturity assessments is how they support strategic planning. Leaders often struggle to allocate budget effectively because they lack clarity on which gaps matter most. A maturity assessment provides that clarity.

It helps answer questions like:

  • Where do we begin?
  • Which issues will reduce risk the fastest?
  • Which improvements support both compliance and operational priorities?
  • Where will investment have the greatest impact?
  • Which weaknesses expose us to the highest likelihood of operational disruption?

With these insights, leaders avoid spending time and resources on lower-value activities or tools that do not address foundational issues.

How Maturity Insights Support Compliance

Compliance and maturity are not the same. But maturity supports compliance in meaningful ways.

For example:

  • A maturity assessment may reveal inconsistent identity governance, which becomes a compliance readiness issue.
  • Weak change management can create audit challenges.
  • Incomplete asset inventories undermine both compliance and security.
  • Governance gaps make it difficult to produce evidence on demand.


Organizations that strengthen maturity reduce their compliance burden. They spend less time preparing for audits because they operate in a more consistent, controlled way.

This is one of the most overlooked benefits of Cyber Security maturity. Improving practices simplifies compliance.

Why Critical Infrastructure Leaders Need This Insight

Leaders in energy, mining, utilities, transportation, and water systems operate environments that form Canada’s national resilience. In these sectors, Cyber Security issues can impact safety, service availability, public trust, and regulatory standing.

A checklist cannot reveal the true strength of your Cyber Security posture. A maturity assessment can.

This insight is especially important now, as Cyber Security expectations grow across critical infrastructure. Regulators, auditors, and boards increasingly expect organizations to demonstrate maturity, not just documentation.

The organizations that invest in understanding their maturity position themselves for stronger operational integrity. Those that rely solely on checklists face a higher risk, slower response, and greater uncertainty.

A Logical Next Step

If this perspective resonates, the deeper dive is found in Dexcent’s full ebook, The Pathway to OT Cyber Resilience. Inside, you will learn:

  • Why maturity assessments matter
  • How compliance readiness gaps form
  • What different assessments reveal
  • How to build actionable Cyber Security roadmaps
  • Lessons from real incidents
  • What resilience looks like in Canadian critical infrastructure


You can explore the guide through Dexcent’s resource library and begin shaping a more informed, capable Cyber Security posture inside your OT environment.

Andrew Capper

Vice President of Industrial Digital Transformation

Linkedin Envelope
Read Bio

Andrew Capper is Vice President of Industrial Digital Transformation at Dexcent, helping industrial organizations improve data-driven decision-making by optimizing the data journey, reuniting siloed information, and delivering a trustworthy version of the truth.

With more than 25 years of experience, he is known as a results-driven leader who delivers on commitments and tackles complex information management challenges with a practical, human-centric approach. His work spans digital transformation strategy and roadmaps, governance, digital maturity assessments, and performance measurement through clear KPIs and metrics. Andrew is a NAIT graduate with training in Instrumentation Engineering Technology and Security Systems, and he brings a strong focus on safer, more effective operations from data producers through to data consumers

Nader Asgharinia

MP, P.Eng.

Vice President of Enterprise SCADA & Advanced Applications.

Linkedin Envelope
Read Bio

Nader Asgharinia, PMP, P.Eng., is Vice President of Enterprise SCADA & Advanced Applications at Dexcent, leading the delivery of complex, mission-critical solutions with a clear focus on client experience and operational excellence. With more than 30 years in business execution and over 25 years managing multi-million-dollar programs for mission-critical and SCADA systems, he brings a pragmatic, delivery-at-scale approach to every engagement. Nader is recognized for building high-performing teams, driving disciplined portfolio execution, and delivering measurable business outcomes, including significant growth in program portfolios and team capacity over time. He holds a B.Sc.(Hons.) in Electrical and Electronics Engineering from the University of Newcastle-Upon-Type in the UK, a B.Sc. in Computer Science from the University of Calgary, completed Georgetown University’s Director’s Program, is a Professional Engineer in Alberta, and a Project Management Professional.

Gerrit Nel

CISSP, CISM – Vice President of OT Infrastructure and Cyber Security Services

Linkedin Envelope
Read Bio

Tobias (Gerrit) Nel, CISSP, CISM, is Vice President of OT Infrastructure and Cyber Security Services at Dexcent, leading the development and delivery of practical services and solutions that integrate, complement, or replace OT infrastructure and protect OT assets from cyber threats. He is known for building resilient security frameworks, governance processes, and integrated solutions that reduce risk and support compliance across diverse industries. Gerrit has over 40 years of relevant IT/OT experience and has built and delivered highly skilled and high-performance delivery teams. His strengths include Cyber Security roadmaps, security architecture, incident response, and alignment to standards such as IEC 62443, NIST, and NERC CIP. Furthermore, he has deep foundational technical experience in Networking and OT infrastructure systems architectures that he leverages in building and leading successful delivery teams. Gerrit holds a B.Sc. in Computer Science from the University of Johannesburg and brings deep cross-sector experience supporting clients in oil and gas, mining, chemical, healthcare, financial, and government environments.

Jaydeep Deshpande

P.Eng. – President

Linkedin Envelope
Read Bio

Jaydeep Deshpande, P.Eng., is a seasoned and decisive executive with over 25 years of experience driving operational excellence, profitability, and market growth in national and multinational organizations. As President, he is recognized for his strategic leadership, disciplined execution, and ability to lead organizations through change. Jaydeep is passionate about developing people, building strong leadership teams, and fostering a positive, performance-driven culture. His expertise spans strategic planning, business diversification, financial management, and organizational transformation, with a consistent focus on delivering growth-oriented, profitable results. He holds a Bachelor of Chemical Engineering from the University of Alberta, is a Prosci Certified Change Practitioner and Project Management Professional (PMP), and has completed the CMA Accelerated Accounting Program, bringing deep financial and strategic insight to executive decision-making.

Karim Amarshi

Chairman of the Board

Linkedin Envelope
Read Bio

Karim Amarshi is Chair of Dexcent’s Board of Directors, providing governance leadership and strategic oversight to support the company’s long-term strategy and executive team. With nearly 40 years as an entrepreneur and owner-operator, he is recognized for building high-performance organizations and forging strategic alliances across Information Technology, government, health care, education, and energy. He is the former co-owner and Chief Executive Officer of one of Canada’s leading enterprise Information Technology solution providers, where he led the organization through three successful mergers and helped scale long-term client and vendor partnerships. Karim remains active across a diverse business portfolio, serving as a founding principal, officer, and advisor to organizations spanning Information Technology, hospitality, manufacturing, retail, and real estate in Canada and internationally.

Yasmin Jivraj

FCIPS, I.S.P. | Board Member

Linkedin Envelope
Read Bio

Yasmin Jivraj, FCIPS, I.S.P., is a Board Member at Dexcent, providing executive guidance and strategic oversight to support corporate management and long-term business direction. Over a 35-year career, she has held senior leadership roles across private, public, and non-profit organizations, with a track record of building operating foundations and driving profitable growth. Following a 15-year tenure as a co-owner and President of one of Canada’s leading strategic Information Technology solution providers, she expanded her governance leadership through active board service in post-secondary education and community-focused organizations. She is recognized for decisive, purpose-led leadership, clear communication, and deep expertise in technology, business models, and methodologies that help enterprise organizations advance digital transformation.

Nadir Jivraj

CEO, Board Member

Linkedin Envelope
Read Bio

As Chief Executive Officer, Nadir is accountable for providing overall leadership and Dexcent’s Industrial operational performance. Nadir has been involved as an executive sponsor with Oil & Gas and Mining companies for over 35 years, and through the years has developed a strong working relationship with the Executive leadership team of many Fortune 500 companies.

Nadir is known for recognizing value and superior investment opportunities in the technology services sector. His pursuit of highly prospective technology companies around the world has resulted in numerous company start-ups. Prior to starting Dexcent, Nadir had led companies through highly profitable business transactions, including the merger of Atlas Systems Group with CompCanada (later renamed Acrodex) in 2000 and later as Chairman of the Board of Axcend Pvt – an engineering solutions provider – based in Bangalore, India from 2004 – 2014. Acrodex and Axcend were sold in 2015