Customer Success Story : Midway Swiss Turn
How This Contract Manufacturer Tackled CMMC
The journey to compliance
is estimated by Midway Swiss Turn to achieve CMMC.
years were taken by Midway Swiss Turn to become CMMC compliant.
aerospace and defense suppliers and sub-contractors are expected to meet CMMC compliance by the DoD.
Midway Swiss Turn
Midway Swiss Turn is a precision manufacturer of Swiss-type CNC screw machining and turned parts. During COVID, the company learned about Cybersecurity Maturity Model Certification (CMMC), which will soon be required for compliance by all contract manufacturers doing government work. After several months of evaluating the pros and cons, Midway Swiss Turn pursued CMMC Level 2 certification, which is required for most manufacturers that use data to make parts. Its journey included a significant change in people, processes, and technology, with ECI being a leading technology. So far, Midway Swiss Turn has completed two assessments and is well on its way to certification.
Their challenges
Evaluating their current government contracts and desire to expand work with the DoD led Midway Swiss Turn to pursue CMMC compliance. Midway Swiss Turn found that they had some sizable government contracts. Additionally, it wanted to expand its business with DoD primes, not just subprime. In pursuing CMMC, Midway Swiss Turn encountered the following challenges:
1. Resources were scarce.
Midway Swiss Turn sought resources, experts, and funding for CMMC compliance. The certification process is costly, around $60K, and it was unclear how to achieve CMMC compliance for this contract manufacturer. Existing directions from the government assume that the manufacturer has an IT department, servers, and networks in place. However, Midway Swiss Turn relied solely on cloud-based software.
After searching for guidance, it found its local Manufacturing Extension Partnership (MEP). MEPs are liaisons between the government and businesses in the DOD supply chain. This MEP was instrumental in helping Midway Swiss Turn learn who different people in the cybersecurity world were, setting the manufacturer up with an experienced consultant, and even offering some government funding.
2. The company conducted a six-month cost-benefit analysis.
From a benefits standpoint, the certification made the company more competitive, allowing it to gain work directly from primes and subprimes. At the same time, fellow manufacturers and vendors had more accounts getting hacked. When one of their vendors got hacked, Midway Swiss Turn ended up on a hacker’s list. By implementing cybersecurity best practices, Midway Swiss Turn shifted from a compliance mindset to a small business protection mindset.
From a cost standpoint, Midway Swiss Turn understood that this CMMC certification would require a significant change in people, processes, and technology. The changes needed to be a company-wide commitment involving resources from every department for successful implementation.
Budgets were changed, and management prioritized funding for necessary resources, including software upgrades and hiring specialized IT personnel. Additionally, it was essential to educate leadership about the reasons behind the cybersecurity program and its implications for company operations.
It took Midway Swiss Turn six to nine months to assemble the necessary personnel. Despite being confident with their current setup, establishing the right teams and systems from scratch took time and affected many stakeholders, including insurance and legal partners. All solutions that potentially touched CUI were evaluated, which meant upgrading or switching software to meet compliance standards.
In evaluating all solutions that potentially touch CUI, Midway Swiss Turn had to ensure that its machines, quoting platform, and other software, including its ECI ERP, were compliant or on their way to compliance. While most of its machines were newer, Midway Swiss Turn had a few that needed to turn offline because they wouldn’t meet requirements. Luckily, its quoting platform, Paperless Parts, offers cloud-based job estimating and quoting that is CMMC compliant.
Other technologies were also impacted. The contract manufacturer had to investigate installing Multifactor Authentication (MFA) on its Windows computers. Additionally, it invested in Prevail to encrypt its emails and provide an online drive for additional data and Keeper to manage its passwords.
Midway Swiss Turn had to upgrade four software platforms, which increased their software cost by 50%.
Their solution
For Midway Swiss Turn, CMMC compliance was a marathon rather than a sprint, and ECI helped ease the transition.
ECI’s Government Compliance Cloud helped Midway Swiss Turn leverage a CMMC-compliant cloud-based solution. Having a cloud-based solution meant that Midway Swiss Turn didn’t need an on-premises server, network, or other equipment, and it also didn’t need to hire additional employees to maintain the technology. Storing its data with ECI’s cloud security systems and teams meant peace of mind for Midway Swiss Turn.
An ERP also centralizes data and prints, including CUI. By housing all job-related information in one location, Midway Swiss Turn eliminates the need for disparate spreadsheets stored on individuals’ computers. This makes its data safer and more transparent and increases overall efficiency.
The DoD expects 200,000 aerospace and defense suppliers and subcontractors to meet CMMC compliance. However, this regulation comes with plenty of benefits. Besides making manufacturers employ better cybersecurity, the change in people, processes, and technology also helps the manufacturer become more organized. Most importantly, the contract manufacturer stands out amongst competitors and will get more profitable and stable work from subprimes and primes. Though the process has taken 1.5-2 years, Midway Swiss Turn is beginning to reap the reward.
Listen to the story
Listen to Midway Swiss Turn speak about its journey to CMMC Compliance.