OG-86 (Edition 2, 2018) is the UK Health and Safety Executive’s “Operational Guidance on Cyber Security for Industrial Automation and Control Systems”. These are the HSE’s own guidelines to the specialist inspectors who carry out reviews of COMAH sites’ cyber security risk management (in relation to safety and control systems).
Whilst the target audience is the HSE’s own staff, the guidance is publicly available so that end users can understand the expectation of the HSE. It is therefore a very useful reference document when considering how to implement cyber security risk management on process industry sites. It should be essential reading for anyone involved in controlling process hazards. You can find a copy of OG86 here. Note though, that Cyber Security for process industry sites is a rapidly changing environment and a new edition of OG86 is expected soon.