Industrial Cybersecurity & OT Risk calculator

Patch Compliance Rate Calculator

Patch compliance rate measures the share of your operational technology (OT) assets — PLCs, HMIs, SCADA servers, industrial PCs — that are patched to an approved security baseline. OT security leads, plant IT managers, and compliance teams use it to prove their environment is being hardened on a schedule auditors and cyber insurers accept. Unlike IT, OT assets often can't be patched on demand because of uptime and vendor-validation constraints, so a steady, defensible compliance rate is the metric that shows risk is actually being driven down. This calculator returns both the current rate and the gap to your target so you know exactly how many assets stand between you and goal.

What this calculator does

  • Calculate OT patch compliance using patched assets, eligible assets, and target patch compliance.
  • Use it when reviewing patch backlog across HMIs, servers, engineering workstations, historians, and vendor supported OT endpoints.
  • It computes the percentage of eligible OT assets patched to the approved baseline and the point gap between that rate and your target.

Formula used

  • Patch compliance rate = OT assets patched to approved baseline ÷ total OT assets eligible for patching × 100
  • Patch compliance gap to target = patch compliance rate - target patch compliance

Inputs explained

  • OT assets patched to approved baseline:
  • Total OT assets eligible for patching:
  • Target patch compliance:

How to use the result

  • Use it for monthly OT security reporting, audit and insurance evidence packages, and after each maintenance window to confirm the patch cycle moved the needle.
  • It treats all assets as equal weight, so a backlog concentrated on safety-critical controllers looks the same as one on low-risk workstations — segment by criticality for real risk insight.

Common questions

  • How do you calculate patch compliance rate? Divide OT assets patched to the approved baseline by the total eligible OT assets, then multiply by 100. With 112 patched of 150 eligible, that is 112 ÷ 150 × 100 = 74.7%.
  • What is a good patch compliance rate for OT? Most mature OT programs target 90-95% within their patch window; 74.7% — as in our example — sits 15.3 points below a 90% target and signals a backlog that needs a dedicated remediation window.
  • Why exclude some assets from the eligible count? Assets a vendor has not validated for a patch, end-of-life devices under compensating controls, or systems in a frozen production state are legitimately ineligible and should be tracked separately, not counted against you.
  • How is OT patch compliance different from IT? OT patching is gated by maintenance windows, vendor certification, and safety re-validation, so 100% on-demand is rarely realistic; the rate is judged against the approved baseline and window, not the latest available patch.
  • How often should I measure patch compliance rate? Track it monthly for trend reporting and recompute immediately after every patch window so you can show the rate climbing toward target between audits.

Last reviewed 2026-05-12.