Manufacturing Company Completes Roadmap Towards Compliance after Conducting NIST SP 800-171 & Cyber Essentials Risk Assessments

Overview

The client – a U.S.-based manufacturer and distributor of engineered fluid sealing products and services – engaged Bridgepoint to conduct a NIST SP 800-171 and Cyber Essentials Risk Assessment.

Business Challenge

A recent audit along with parent company requirements resulted in the client needing an enterprise-wide IT risk assessment to align with NIST SP 800-171 and Cyber Essentials IT compliance frameworks.

The client lacked the internal resources and specialized knowledge required to conduct the assessments on their own and was running into additional challenges surrounding the management of third-party IT providers and multiple nationwide branch locations.

Approach

IT compliance readiness and risk assessments are typically broken into several phases:

1. Discovery
2. Gap Assessment and Risk Identification
3. Reporting
4. Remediation Planning and Roadmap Development

During the discovery phase, the Bridgepoint team aligned with the client’s IT leadership and stakeholders to review all relevant documentation, including policies and procedures, to identify control areas that needed improvement and gain a holistic view of the client’s current IT environment.

The team consolidated their findings into a data-driven risk heatmap and executive summary, outlining the top risk areas, compliance gaps, and areas of focus to create a longer-term recommended action plan.

In parallel, the team used technical IT compliance frameworks NIST SP 800-171 and Cyber Essentials to perform the gap assessment and identify additional key risk areas to add to the overall IT risk assessment.

Bridgepoint utilizes an automated assessment tool embedded with AI technology to perform IT assessments against different frameworks, including NIST SP 800-171, NIST SP 800-53, NIST CSF, CMMC, ISO 27001, GDPR, and others.

Results

Bridgepoint’s work added value for the client by identifying important risk areas for the company while performing the gap assessments against NIST SP 800-171 and Cyber Essentials along with the IT risk assessment.

After engaging Bridgepoint, the client completed the required audit and compliance activity to meet requirements from auditors, their parent company, and customers.

This saved the client several weeks of work, allowed them to focus on core operational functions and growth, and helped them provide visibility and support for key IT initiatives for senior leadership by highlighting important risks that need to be addressed and where their investments should be focused.

Before BPC

• Lack of in-house resources and expertise
• Need to comply with stringent requirements from auditors and parent company
• Risks stemming from insufficient internal controls and risk analysis

After BPC

• Successful compliance with audit & parent company requirements
• Robust internal controls and risk mitigation roadmap
• Risk assessment templates to streamline future efficiency

Services Provided

• Cybersecurity Risk Assessments
• Gap Assessment and Risk Identification
• Executive Risk Reporting
• Remediation Planning and Roadmap Development