IT/OT Separation for Saputo | Case Study

IT/OT separation and safer plant networks

Comans separated office IT from production OT systems across Saputo sites (Allansford and Burnie) to protect PLCs and SCADA systems, simplify audits and make the network easier to run.

Client

Saputo

Timeline

Design and pilot: 8 to 12 weeks. Site rollouts: staged.

Key Tooling

Firewalls | VLANs | SCADA best practice | Jira

Outcome

A standard OT blueprint, clearer audit trails and fewer incidents that put production at risk.

Challenge

Saputo’s production sites ran office and industrial traffic on the same networks, which made them hard to secure and audit.
That raised the risk of office traffic reaching plant control systems, relied on manual network changes, and left no consistent recovery steps.

What we did

Designed an OT security blueprint with a clear IT/OT boundary and per-area segmentation (per-cell VLANs for PLCs, CCTV, RF and operator stations).
Implemented hardened firewall zones and ACLs to tightly control traffic between office and plant networks.
Put SCADA best-practice controls in place (jump servers, break-glass admin paths) and captured them in runbooks.
Built and tested recovery procedures (runbook-led), including simulated failovers and restore validation.
Handed over an OT runbook in Jira that stays current, and trained operators and IT staff on day-to-day operations and emergency steps.

Outcome

Saputo now has a standard OT network blueprint across sites, clearer separation of responsibilities, and recovery steps that have been tested.
The changes reduced cross-network risk, made audits simpler, and cut unplanned IT incidents that impacted production.

“Client sign-off pending. The OT separation gives us confidence that office issues won’t take down production.”

Need results like this?

Book a consult and we’ll talk through how we can deliver similar outcomes for your organisation.