Challenge: Low SPRS Score Impact
B&G Manufacturing was facing the cancellation of contracts due to their low Supplier Performance Risk System (SPRS) score, which put them at risk for significant revenue loss. The initial SPRS score was recorded at -60, indicating severe deficiencies in meeting the cybersecurity standards required by their contracts, including NIST compliance.
Solution: Thorough Audit and Assessment
KPInterface (KPI) conducted a thorough audit of B&G’s Cybersecurity Maturity Model Certification (CMMC) controls and NIST compliance requirements to accurately assess and rectify the reported SPRS score. This initial step was critical to identifying the specific gaps and areas needing immediate improvement. KPI’s expertise ensured a clear roadmap for enhancing B&G’s cybersecurity posture.
“As a supplier of critical hardware to
the US Navy, cyber-security measures that satisfy evolving standards is a necessity. KPI has helped us rapidly address vulnerabilities and develop/implement a plan to achieve complete and ongoing compliance”
– Bill Edmonds, CEO at B&G
Implementation: Targeted Technology Controls
Following the audit, KPI implemented targeted technology-related controls, designed to directly address the weaknesses in B&G’s cybersecurity practices and NIST compliance. These controls were selected based on their impact on compliance scores and overall security posture.
Results: Significant Score Improvement
The implementations led to a significant improvement in B&G’s SPRS score, elevating it from -60 to +7. This turnaround was instrumental in restoring client confidence, securing existing contracts, and attracting new business opportunities. The improved score also provided a competitive edge, showcasing B&G’s commitment to high cybersecurity standards.
Conclusion: Strategic Intervention Success
The strategic intervention by KPI not only rectified B&G’s SPRS score but also ensured adherence to NIST compliance, positioning them better for future compliance and enhanced security measures. This case study exemplifies the importance of proactive cybersecurity assessments, the effective implementation of technological controls in safeguarding client interests, and KPI’s ability to deliver cybersecurity solutions that drive business success for manufacturers.