How to Specify Remote Management Requirements for Industrial IoT Devices in Utility Tenders

Last Updated on 2026-04-30

TL;DR / Key Takeaways

• Remote management should be specified in the tender, not added after device selection.
• Firmware updates, configuration control, backup and restore, diagnostics, RBAC and audit trails all need clear acceptance criteria.
• Vague clauses like “remote management required” are not enough for utility-scale deployments.
• The best tender language connects technical functions to operational risks: field visits, downtime, security exposure and lifecycle cost.
• Acceptance testing should prove remote update, configuration change, backup restore, diagnostics, logging and access control before rollout.

Introduction

Industrial IoT devices used by utilities are no longer simple communication accessories.

Routers, modems, gateways and data loggers installed in substations, meter cabinets, pumping stations or remote industrial sites become operational assets.

If they cannot be updated, diagnosed, secured and managed remotely, the utility inherits avoidable field visits, weak configuration control and long-term security risk.

For procurement teams and IT/OT managers, this creates a practical problem.

Tender documents often specify cellular technology, interfaces and environmental ratings in detail, but remote management requirements remain vague.

Phrases such as “remote management support required” are not enough.

A good tender should define what remote management must do, who can use it, how it is secured, how it integrates with existing systems and how acceptance will be tested before rollout.

What is Remote Management for Industrial IoT Devices?

Remote management is the ability to configure, update, monitor, diagnose and secure deployed IoT devices without sending a technician to the installation site.

For utility projects, this usually applies to cellular routers, industrial modems, smart metering gateways, data concentrators and data loggers.

In practice, remote management covers:

• Firmware updates
• Remote configuration
• Configuration backup and restore
• Diagnostics and health monitoring
• Log retrieval
• Access control
• Audit trails
• Fleet inventory
• Integration with operational systems

It is not just a software feature. It is part of the operating model of the whole device fleet.

Why Remote Management Belongs in the Tender Specification

Utilities often evaluate industrial IoT devices on hardware features first:

• Cellular technology
• Ethernet, RS232, RS485, M-Bus or digital inputs
• Power supply range
• DIN rail mounting
• Temperature range
• Protocol support
• Antenna options

These are important, but they do not answer the full operational question.

After deployment, the utility must manage hundreds, thousands or tens of thousands of devices over many years.

During that lifecycle, teams may need to:

• Change APN settings
• Update firmware
• Restore configurations
• Investigate communication failures
• Rotate credentials
• Check logs
• Prove compliance
• Support a field technician remotely

Without clear remote management requirements, the project may work during pilot testing but become expensive during operation.

Start with the Operating Model

Before writing technical clauses, define who will operate the device fleet.

Key questions to answer:

• Will the utility manage the devices internally?
• Will a system integrator operate the fleet on behalf of the utility?
• Does the mobile operator provide private APN, VPN or SIM management?
• Will remote access be allowed from the internet, private network or only through a secure management server?
• Are devices installed in critical infrastructure environments?
• Are there internal IT policies for password management, logging, patching and user access?
• Is on-premise hosting required, or is cloud-based management acceptable?

This operating model changes the tender language.

A municipality with a small water metering deployment may need simple diagnostics and configuration backup.

A DSO managing remote grid assets may require stricter access control, audit logs, encrypted communication, controlled firmware rollout and long-term support commitments.

What Remote Management Functions Should the Tender Specify?

A strong tender should define the minimum functions required for the full device lifecycle.

The following areas are usually the most important.

1. Firmware Update Requirements

Firmware updates affect security, stability, interoperability and long-term device usability.

A tender should not only ask whether firmware updates are possible. It should define how they are controlled.

Specify at least the following:

• Remote firmware update support for deployed devices
• Secure update transfer
• Version visibility per device
• Controlled rollout by device group, region or project
• Rollback or recovery process if an update fails
• Protection against interrupted updates
• Update status reporting
• Documentation of firmware release notes
• Support period for security and maintenance updates

Example tender wording:

The device management system shall support remote firmware updates for deployed devices. The bidder shall describe the update process, including authentication, transfer security, update validation, failure handling, rollback or recovery options and reporting of update status.

2. Remote Configuration

Remote configuration is often more valuable than firmware updating in daily operation.

Many utility issues are caused by APN changes, protocol settings, server address changes, VPN parameters, polling intervals or meter interface settings.

Configuration areas to include:

• Cellular APN and SIM-related settings
• VPN parameters
• IP addressing and routing
• Firewall rules
• Serial port settings
• Modbus, M-Bus, MQTT, DLMS/COSEM or other protocol settings where relevant
• Data reporting intervals
• Time synchronization
• User credentials
• Device reboot scheduling
• Alarm and event thresholds

Practical requirement:

The system should allow authorized users to change configurations remotely and track what was changed, when and by whom.

For large fleets, group-based configuration is important. If every device must be changed manually, the operational workload becomes too high.

3. Configuration Backup and Restore

Configuration backup is often forgotten until a device fails.

For utilities, backup and restore can reduce site visit time and simplify device replacement.

If a router or gateway must be replaced in the field, the technician should not need to rebuild the configuration manually from old emails, spreadsheets or screenshots.

Tender requirements:

• Export and import of device configuration
• Automatic or scheduled configuration backup
• Backup before firmware update
• Restore configuration to replacement device where technically possible
• Version history of configuration changes
• Clear handling of device-specific values such as serial numbers, SIM settings or certificates

Acceptance test idea:

During factory acceptance testing, ask the bidder to configure a device, back up the configuration, reset or replace the device, then restore the configuration and prove that communication is re-established.

4. Diagnostics and Health Monitoring

Remote diagnostics determine how quickly a utility can understand a fault without sending a technician to site.

A tender should define the minimum diagnostic data required.

Useful diagnostic data:

• Online or offline status
• Signal strength and cellular network information
• SIM and operator status
• IP address and connection state
• VPN status
• Uptime and last reboot reason
• Data traffic counters
• CPU and memory status where applicable
• Interface status for Ethernet, serial ports, M-Bus or digital inputs
• Connected meter or PLC communication status
• Last successful data transmission
• Power supply status where supported

Diagnostics should be available in a structured way, not only through manual command line access.

5. Logs and Event History

Logs are essential for troubleshooting intermittent problems.

For example, a device may lose connection only at certain times, after a network change, during poor signal conditions or when a backend server is unavailable.

Without logs, the operator sees only that the device is offline.

Tender requirements for logs:

• Local device logs
• Remote log retrieval
• Communication events
• Configuration changes
• Login attempts
• Firmware update events
• Reboot events
• VPN connection events
• Error codes or clear fault descriptions
• Time-stamped events with synchronized time source
• Log retention policy

The tender should also define whether logs must be exportable for analysis or compliance reporting.

6. Access Control and RBAC

Remote management creates operational value, but it also creates security responsibility.

A tender should avoid shared administrator accounts.

Role-based access control, or RBAC, is important when multiple teams are involved.

Roles to consider:

• Read-only monitoring user
• Field support user
• Configuration operator
• Firmware update operator
• Security administrator
• System administrator
• External integrator or vendor support user

Each role should have only the permissions it needs.

Tender requirement:

The remote management system shall support user authentication and role-based access control. The bidder shall describe available user roles, permission granularity, password policy options and support for integration with enterprise identity systems where available.

7. Audit Trails

Audit trails are different from technical logs.

Logs help troubleshoot device behavior. Audit trails help prove who did what.

For utility environments, this matters because configuration changes can affect billing data, SCADA communication, metering availability or security posture.

Audit trail requirements:

• User login and logout events
• Failed login attempts
• Configuration changes
• Firmware updates
• Device reboots triggered remotely
• User and role changes
• Export of audit records
• Time stamps
• Device ID, user ID and action details
• Protection against unauthorized modification

Audit trails are especially important when external system integrators or service providers have access to the fleet.

8. Encryption, VPN and Security Requirements

Security requirements should be specific.

Asking for a “secure device” is not enough.

Tender documents should define the expected security architecture without forcing a single implementation unless the utility has a strict internal standard.

Areas to specify:

• Encrypted management communication
• VPN support where required
• Private APN compatibility
• Firewall configuration
• Secure remote access method
• Credential management
• Certificate handling where applicable
• Disablement of unused services
• Protection against default passwords
• Security update policy
• Alignment with internal IT/OT security requirements

For critical infrastructure, the tender should also ask the bidder to describe how the solution supports network segmentation and controlled access between IT and OT environments.

9. Fleet Inventory and Asset Visibility

A utility cannot manage what it cannot see.

Fleet inventory should be part of remote management, especially when devices are deployed across many regions or subcontractors.

Useful inventory fields:

• Device model
• Serial number
• Firmware version
• Hardware revision
• SIM identifier or ICCID where appropriate
• IMEI
• Installation site
• Region or project group
• IP address
• Last connection time
• Configuration version
• Warranty or support status
• Assigned customer, department or service provider

Inventory data should be exportable. Many utilities need to connect this information with asset management, ticketing or maintenance systems.

10. Interoperability and API Requirements

Remote management should not become another isolated system.

For larger deployments, the tender should ask whether the management platform can exchange data with other systems.

Integration points to consider:

• REST API or other documented API
• Export of inventory data
• Export of alarms and events
• Integration with ticketing systems
• Integration with monitoring platforms
• Support for standard protocols where relevant
• Data format documentation
• Authentication method for API access
• Rate limits and API support commitments

Not every utility needs deep integration at the start.

Still, asking the question during procurement protects the project from future lock-in.

Comparison: Weak vs Strong Tender Language

SLA and Lifecycle Support

Remote management is not only software functionality.

Utilities also need to know what happens when something does not work.

SLA questions for bidders:

• What support channels are available?
• What are the response times for critical and non-critical issues?
• Is support available in the required languages and time zones?
• Who supports the device, the management platform and connectivity troubleshooting?
• Are software updates included?
• Is remote vendor support possible under controlled access?
• How are incidents escalated?
• Is training included for utility or integrator staff?

For tenders, it is useful to separate warranty support, operational support and project engineering support.

They are not the same thing.

Lifecycle topics to include:

• Expected product availability
• Firmware maintenance period
• Security update policy
• Spare device availability
• Backward compatibility commitments
• End-of-life notification process
• Migration support for replacement products
• Documentation updates
• Support for changing mobile network conditions

This is particularly important for cellular deployments.

Network technologies, SIM platforms, APN configurations and operator policies can change during the lifetime of a utility project.

How to Test Remote Management Before Rollout

Acceptance testing should prove remote management capabilities before mass deployment.

A common mistake is to test only basic connectivity.

The device connects, sends data and passes the pilot.

Later, the utility discovers that firmware updates, audit logs or configuration restore were never properly tested.

Recommended acceptance tests:

Firmware Update Test

• Install an older approved firmware version
• Perform remote update
• Confirm version change
• Confirm device reconnects
• Confirm configuration remains intact
• Check update log and audit record

Configuration Change Test

• Change APN, reporting interval or protocol setting remotely
• Confirm the device applies the new configuration
• Confirm the change is logged
• Confirm unauthorized users cannot perform the same action

Backup and Restore Test

• Back up a working configuration
• Reset or replace the device
• Restore configuration
• Confirm service recovery

Diagnostics Test

• Simulate loss of network or backend connection
• Confirm diagnostic visibility
• Retrieve logs remotely
• Confirm time-stamped events

Security Test

• Verify encrypted management communication
• Check default credentials are not used
• Confirm RBAC permissions
• Review audit trail export

Fleet Operation Test

• Apply a configuration to a group of devices
• Confirm status reporting per device
• Export inventory list
• Confirm failed devices are clearly identified

Practical Tender Checklist

Use this checklist when preparing a tender for industrial IoT routers, modems, gateways or data loggers.

Remote Management Platform

• Is remote management required for all devices or only selected device types?
• Is on-premise, cloud or hybrid management acceptable?
• Is the management system compatible with the utility’s IT/OT policies?
• Are device groups, sites and projects supported?

Firmware

• Are remote firmware updates supported?
• Is the update process secured?
• Can updates be staged or rolled out by group?
• Is update status visible?
• Is rollback or recovery described?

Configuration

• Can key settings be changed remotely?
• Are group configuration changes supported?
• Are configuration changes logged?
• Can unauthorized changes be prevented?

Backup and Restore

• Can configurations be backed up?
• Can configurations be restored to the same or replacement device?
• Is configuration history available?
• Are device-specific values handled safely?

Diagnostics and Logs

• Is online/offline status visible?
• Are signal strength, network and VPN status visible?
• Can logs be retrieved remotely?
• Are events time-stamped?
• Can logs be exported?

Security

• Is management communication encrypted?
• Are VPN and private APN scenarios supported?
• Is RBAC available?
• Are audit trails available?
• Can unused services be disabled?
• Is there a security update policy?

Fleet Inventory

• Are model, serial number, firmware version and SIM details visible?
• Can devices be grouped by site, region or project?
• Can inventory data be exported?
• Can inventory integrate with asset or ticketing systems?

Interoperability

• Is an API available?
• Is API documentation provided?
• Can alarms, logs or inventory data be exported?
• Are integration responsibilities clearly defined?

Support and Lifecycle

• What is the support period?
• What SLA applies?
• Are firmware and security updates included?
• What is the end-of-life notification policy?
• Are training and operational documentation included?

Acceptance Testing

• Are remote update tests included?
• Are configuration tests included?
• Are backup and restore tests included?
• Are RBAC and audit trail tests included?
• Are diagnostics and log retrieval tests included?
• Are group operation tests included?

Where WM Systems Fits

WM Systems develops industrial IoT devices for utility and industrial communication, including routers, modems, gateways, data concentrators and data loggers.

Its portfolio also includes remote device management capabilities for managing deployed devices such as routers and modems.

For buyers, the important point is not to treat remote management as an optional extra.

Whether the project uses WM Systems equipment or another vendor’s devices, the tender should define how the fleet will be configured, updated, diagnosed, secured and supported over its full operating life.

In WM Systems projects, these discussions are especially relevant where utilities need cellular communication, smart metering connectivity, industrial router deployment, data concentrator operation or secure remote access for distributed field assets.

FAQ: Remote Management Requirements in Utility Tenders

What does remote management mean for industrial IoT devices?

Remote management means the ability to configure, update, monitor, diagnose and secure deployed devices without visiting the site. For utilities, this can reduce field visits and improve operational control.

Why should remote management be included in the tender?

Because remote management affects lifecycle cost, security, maintenance and support. If it is not specified before procurement, the utility may discover important limitations only after deployment.

Is firmware update support enough?

No. Firmware update support is important, but utilities also need configuration control, backup and restore, diagnostics, logs, access control, audit trails and lifecycle support.

What is the biggest mistake in tender wording?

The biggest mistake is using vague language such as “remote management required”. The tender should define exact functions, security controls, user roles, logging requirements and acceptance tests.

Should remote management be cloud-based or on-premise?

It depends on the utility’s IT/OT policy, security requirements and operating model. The tender should state whether cloud, on-premise or hybrid management is acceptable.

How should utilities test remote management before rollout?

They should include acceptance tests for firmware update, remote configuration, backup and restore, diagnostics, log retrieval, RBAC, audit trails and group operation.

Conclusion

Remote management requirements should be written into the tender before devices are selected.

For utility and DSO projects, the long-term cost of an industrial IoT deployment is rarely determined only by the device purchase price.

It is shaped by firmware maintenance, configuration control, diagnostics, access management, auditability, security, support and the number of site visits required during operation.

A strong tender does not simply ask for “remote management”.

It defines the functions, controls, integrations and acceptance tests needed to operate the device fleet safely and efficiently.

That makes procurement clearer, evaluation more objective and field operation more predictable.

Planning an industrial IoT or utility communication tender?

Define remote management requirements before device selection. WM Systems can support projects where secure connectivity, remote device operation and long-term fleet management are part of the procurement challenge.

Contact Us to find the best solution for your tender requirements.

External Links

• ENISA guidance on cybersecurity for critical infrastructure
• IEC 62443 industrial cybersecurity resources
• NIS2 Directive overview
• GSMA IoT security guidance
• CISA industrial control systems security guidance