Production plants, assembly lines, process factories, logistics centers: the industrial sector in Spain and Portugal operates under a particular pressure — the IT systems sustaining production cannot stop. A network outage in an office costs hours of productivity; in a plant it costs entire shifts, and if it affects industrial control systems (PLCs, SCADAs) it costs operational safety.
Impulso Tecnológico has spent more than two decades supporting mid-sized industrial groups in the Iberian Peninsula with a specific proposition: making the IT world (office, ERP, M365) coexist with the OT world (Siemens and Schneider PLCs, SCADAs, vision systems, robots) without either compromising the other.
Typical challenges in manufacturing
Industrial groups that hire us usually arrive with several of these problems at once:
- OT and IT on the same network: PLCs hanging off the same switch as office printers, no segmentation. Office ransomware can jump to the line.
- SCADAs on obsolete Windows: Windows XP, 7 or Server 2008 impossible to update due to factory-equipment compatibility. No security patches for years.
- Nonexistent or untested backup: the "backup" is a shared folder on a NAS without offsite replica. When ransomware hits, the backup is encrypted too.
- NIS2 with no plan: the directive entered into force and many Spanish and Portuguese industrials are in scope. Fines are 2% of revenue.
- No 24/7 support: the IT provider covers 9-6, but production shifts are 24×7 and failures don't wait for office hours.
How we tackle it at Impulso
Our proposition for industrial environments is structured in three blocks that can be hired separately or as a package:
- OT/IT segmentation with Fortinet: FortiGate deployment in the plant to create zones following the Purdue model. Explicit rules per industrial protocol (Modbus, Profinet, OPC-UA), FortiAnalyzer monitoring, deny-by-default. Adaptable to single plant or multi-site.
- Industrial backup with Veeam: backup of critical SCADAs with immutable offsite repository, recovery plan tested semi-annually, full restoration of a critical system in under 2 hours demonstrable via drill.
- Secure modernization of legacy systems: when a Windows XP SCADA can't be replaced short-term, we isolate it in an industrial DMZ with strict whitelisting, specific antivirus (Sophos OT) and passive traffic monitoring.
- 24/7 support for critical environments: out-of-hours technical on-call, vendor escalation included, client portal with all incidents visible to the plant manager.
- NIS2 step by step: initial diagnosis, compliance plan with timeline and budget, audit support, ISMS maintenance year on year.
NIS2 and industrial compliance in Spain and Portugal
The NIS2 directive widens scope vs its predecessor: it now covers mid-sized companies (50+ employees or €10M+ revenue) in essential or important sectors — manufacturing is in both when products are critical. Spain transposed it via royal decree; Portugal via CNCS organic law. The implementation deadline has passed: fines apply.
Impulso prepares industrial clients in scope + governance + technical controls before the first audit. Three industrial clients passed NIS2 audits on the first attempt in 2024.
Why Impulso for industry
- Real OT experience, not IT dressed as OT: we have intervened plants with Siemens S7-1500 PLCs, Schneider Modicon, ABB, Cognex vision systems, ABB and Kuka robots. We know what can be touched and what can't.
- Certified partners: Fortinet Authorized Partner, Veeam Silver ProPartner, Sophos Silver Partner, Aruba Partner. We don't sell what we don't master.
- Zero production stoppages during intervention: every plan is coordinated with production.
- Iberian coverage with local presence: dispatch to a plant in Spain or Portugal in under 4 hours for critical incidents.
If your industrial group needs to tackle OT/IT segmentation, prepare for NIS2 or replace an IT provider that no longer scales, we offer a free initial assessment: plant visit, executive diagnosis, prioritized plan within two weeks.