Overview

Senior Metal Bellows has a 60-year legacy of solving the toughest challenges in demanding industries, creating precision components that function under the harshest conditions. Its customers are among the top innovators in defense, aerospace, oil and gas, medicine, and semiconductor manufacturing. Few industries face the high stakes of defense contractors – where hundreds of lives may be on the line with every product made. In mission-critical situations, high reliability is a must. Senior, like other contractors, is also under pressure to provide lower life-cycle costs and an extended operational capability. A culture of quality, know-how, and innovation has been key. Meeting MIL-SPEC demands for reliability, maintenance-free operation, and uncompromising performance under the harshest conditions is how Senior has built a 60-year strong reputation for excellence in defense.

Challenge

Navigating Complex Compliance Requirements  |  Manual Assessments and Reporting  | Scalable Risk and Compliance

Mid-year 2017, Senior Aerospace Metal Bellows a division of Senior Plc, received a cybersecurity questionnaire from a major customer. The customer, a large prime contractor to the U.S. Department of Defense, asked Senior to provide details regarding its current posture with the Defense Federal Acquisition Regulations Supplement (DFARS). The compliance requirement applies to all prime DoD contractors and their sub-contractors. The goal of the regulation is to protect the DoD Supply Chain and related Controlled Unclassified Information (CUI). 

Like many members of the Defense Industrial Base, Senior realized that in order to continue competing in the defense market they would need to standardize their IT risk and compliance program. Mike Clarence, Director of Information Technology’s, research brought to light that Senior’s needs went well beyond responding to a paper-based customer cybersecurity questionnaire. Senior would need to manage its own compliance program based on the NIST SP 800-171 publication in order to protect its DoD related revenue into 2018 and beyond.

To effectively manage and scale their risk and compliance activities, Mike and his team began seeking out a solution that would enable them to achieve DFARS compliance and prepare them for the future.

The DFARS regulation specifically requires contractors to execute on a System Security Plan (SSP) and a Plan of Action and Milestones (POAM). For Mike and the Senior team, the ability to produce these critical reports on demand was essential to the solution they would select. However, they found that many of the solutions they looked at offered fragmented reporting (maybe one report but not both). Furthermore, given the timeframe that Senior needed to prove compliance, Mike needed a solution that could be stood up quickly; yet most solutions he saw had implementation times of months, if not over a year. Finally, it was critical that the solution they implemented would streamline and enhance Senior’s current workflows. More often than not, though, the tools that Mike saw were modular and would overcomplicate an already daunting task of standardizing their compliance program.

Once we understood the magnitude of the regulation, we needed to act fast and work with a solution provider we could trust. The CyberSaint team came through for us.

- Anthony Santagat, Chief Financial Officer, Senior Metal Bellows

Solution

Agile and Flexible Framework Support  |  Ease of Use for Team Members  | Clear Reporting and Dashboards

Mike and the Senior team selected the CyberStrong platform for it’s implementation time (hours or days, not months) and its ability to streamline and simplify the compliance assessment process. With streamlined compliance workflows and the ability to support any framework as regulations are updated and new ones emerge, Mike knew that CyberStrong was the platform to help him prepare for the future. 

What the CyberStrong platform allowed my team and me to do was break large compliance projects down into bite-size pieces that simplified and made it easy to understand. You can quickly wrap your arms around complex compliance problems by breaking down into individual tasks rather than a single daunting project.

- Anthony Santagat, Chief Financial Officer, Senior Metal Bellows

As Mike and his team have used CyberStrong, they have discovered the additional value that comes from operating out of an integrated solution: standardizing and centralizing policies within the platform as well as CyberStrong’s ability to ingest and operationalize internal and custom frameworks unique to Senior.

Not only has CyberStrong proven valuable to Mike and the information security team, but it has also enabled more concrete conversations at the leadership level around cybersecurity. Using real-time dashboards and a comprehensive library of automated reports, Mike has been able to facilitate substantial conversations with leadership about their cybersecurity, risk, and compliance posture in a way that was impossible with manual processes.

CyberStrong has changed the way we operate by allowing us real-time visibility into where we stand on risk and compliance. It’s important for us to know where we stand on risk and compliance in order to effectively protect our assets.

- Anthony Santagat, Chief Financial Officer, Senior Metal Bellows