Company Background:
After having worked for several years producing EMI/RFI powerline filters for a large defense contractor in New Hampshire, Jim Kennedy decided to go out on his own. That was in 1975 when Jim started JMK, Inc. being its only employee in a 1,200 square foot facility located in Amherst, New Hampshire.
Jim established JMK, Inc. to design, manufacture and distribute commercial EMI/RFI powerline filters and associated devices. Since he started the company, JMK has grown to 10,000 square feet of space in Amherst, NH with 11 employees, and another 18,000 square feet of space in Mexico with 65 employees.
Outfitted with 2 manufacturing facilities and 2 engineering departments, JMK has grown to include manufacturing all forms of EMI and RFI suppression devices for commercial, military and medical applications.
Situation:
“We have a number of military customers but at the time they were not yet pushing NIST 800-171 cybersecurity compliance to their suppliers,” said Jim Kennedy, President of JMK, Inc. “It was our IT company who had the foresight to see what was coming from the military and they advocated for compliance.”
Around the same time JMK had a network security breach by a foreign entity. Fortunately, they were prepared, and no data was lost or compromised. “This fired up our IT people to say to us you really need to be more secure,” said Kennedy.
Jim received the marketing emails NH MEP sends to their clients about their upcoming training programs and services to help manufacturers. That was how he found that NH MEP could help with NIST 800-171 compliance.
Solution:
Jim reached out to NH MEP and with the support of its 3rd party service provider Mainstay Technologies, NH MEP could help JMK reach NIST 800-171 compliance. Mainstay would take them through the requirements of NIST 800-171 Phase 1 – GAP Analysis.
For the Phase 1 – GAP Analysis the Mainstay Information Security Team worked with JMK to perform an assessment and identify compliance, noncompliance, or partial compliance with each of the 110 components required of NIST 800-171. Mainstay provided JMK a compliance report, along with in-person and over the phone consultations about the findings. This included consultation on a Plan of Action and Milestones Creation (POAM).
Results:
“We have not lost any military customers because of NIST 800-171 and I feel now we are not going to. We may actually pick up new customers because of it,” said Kennedy. “But the main thing NH MEP did for us was they gave us a fresh perspective, and clarified a lot of the information we just did not understand at the time. From that standpoint NH MEP and Mainstay were extremely helpful.”
The following results for JMK, Inc. can be credited to having gone through NH MEP’s NIST 800-171 Phase 1 – GAP Analysis:
• Retained sales of $250,000 over the last 12 months that otherwise would have been lost
• Retained 1 job over the last 12 months
• $100,000 cost savings in labor, materials energy, overhead or other areas over the last 12 months
• Increased investment of $48,000 in new products or processes over the last 12 months
• Increased investment of $10,000 in plant or equipment
• Increased investment of $4,500 in information systems and software over the last 12 months
• Avoided unnecessary investments of $100,000 over the last 12 months
“NH MEP helped us understand the NIST 800-171 requirements and made it possible for us to move forward with training, installation of hardware, and develop procedures to enhance the security of our IT systems. The security of Confidential Unclassified Information (CUI) from our customers was the trigger that got us started. We now are well on our way to achieving the security our customers require and also the security JMK needs to withstand the continual assault on our IT network by the “bad actors” of the world.”