Deployment Models

This section describes the recommended deployment architectures for the First Watch® platform, scaled to match the size and complexity of the industrial environment.

Every deployment follows a structured, phased methodology designed to ensure that protection is introduced safely, progressively, and with full operational alignment. The methodology transitions from passive observation through to active enforcement, ensuring that no enforcement action is taken without prior validation.

Project Methodology

Phase 1 — Solution Design

The engagement begins with a structured design phase to establish the foundation for deployment:

Define scope, assets, and protection boundaries — identifying what will be protected and where the platform will operate
Assess operational risks and align with site procedures — ensuring compatibility with existing workflows
Establish asset model, users, and system structure — configuring the platform to reflect the real operational environment

Phase 2 — Deployment (Monitoring Mode)

The platform is deployed in monitoring mode, ensuring zero impact on operations:

Non-disruptive deployment — agents and sensors are installed without affecting control logic or production
Automatic asset discovery and classification — the platform immediately begins building a comprehensive inventory
Assets validated and marked as Verified — discovered assets are reviewed and confirmed by operational personnel

Phase 3 — Observation

With monitoring active, the platform observes the environment to build an accurate operational baseline:

Monitor behaviour across verified assets — capturing normal communication patterns and process activity
Detect changes and new assets in real time — identifying deviations from the established baseline
Build initial policies based on actual operations — policies are derived from observed behaviour, not assumptions

Phase 4 — Validation (Audit Mode)

Before enforcement, all policies are tested in audit mode to verify their accuracy and impact:

Policies tested in audit mode — no enforcement actions are taken; the platform reports what would be blocked
Engineers review impact and refine rules — adjustments are made to eliminate false positives and ensure precision
Alerts and response workflows are verified — confirming that alarms, notifications, and escalation paths work as intended

Phase 5 — Enforcement

Once validated, policies are activated for active protection:

Policies activated to block unauthorised actions — deterministic enforcement prevents unapproved changes and communications
Real-time alerts and controlled response — operational personnel are notified immediately when enforcement actions occur
Security and operational reporting enabled — compliance evidence and operational visibility are fully active

Phase 6 — Controlled Evolution

The platform enters a stable, protected operational state with ongoing governance:

System operates in stable, protected mode — continuous enforcement with full visibility
Changes managed through formal control process — all modifications follow approved governance workflows
Continuous protection with full visibility and governance — the platform adapts to operational changes while maintaining security posture

The following articles describe the recommended deployment architectures for different environment sizes — each following this same phased methodology, scaled to match operational complexity.

Project Methodology​

Phase 1 — Solution Design​

Phase 2 — Deployment (Monitoring Mode)​

Phase 3 — Observation​

Phase 4 — Validation (Audit Mode)​

Phase 5 — Enforcement​

Phase 6 — Controlled Evolution​