Cybersecurity Training and Compliance Gives Elinor Coatings a Leg Up on Their Competition
Elinor Coatings, LLC
Founded in 2006, Elinor Coatings, LLC, a family-owned business, specializes in research in galvanic corrosion and the creation of anti-corrosion and surface protection solutions. By employing cutting edge technology and comprehensive material research, evaluation, and testing procedures, they produce high-quality chromate-free coating products for use in military and commercial applications. Extensive data collection and analysis and project management and communication with Department of Defense customers required a robust and secure digital storage and paperless cloud-based information system. As the company grew in size and project scope, the systems, policies and procedures grew accordingly, until it was time to understand the evolving but imminent requirements to adhere to NIST SP 800-171 requirements.
Their mission statement reads, “We make it easy and safe to protect aluminum and multi-metal surfaces used in aerospace, marine and industrial applications by eliminating chromates and carcinogens.”
Elinor Coatings mission to launch and advance these greener coatings quickly caught the attention of many aviation, space and defense OEMs, as well as the US Department of Defense. Along with these advanced formulations and strong customer interest came demand for compliance to strict intellectual property and information cybersecurity requirements.
Initially, the company put together an internal committee to research requirements and hired a local IT company to conduct a gap analysis. After nearly a year of meetings, assessments, and delays on a functioning dashboard, Elinor Coatings was making little progress on understanding the real impact of adhering to CMMC. The company was spending time, money and resources with a frustrating lack of progress.
Elinor Coatings Chief Technical Officer and Co-Founder, Dante Battocchi, attended an Impact Dakota Cybersecurity Workshop offered by Impact Dakota and supported from the University of North Dakota Center for Innovation which provided information about DFARS 7012, the CMMC Interim Rule, and NIST SP 800-171. After the workshop the company reached out to Impact Dakota for additional information and help. In response, Impact Dakota provided a no-cost assessment followed by on-site work and support to develop an implementation plan so Elinor Coatings can meet the NIST SP 800-171 requirements. The initial assessment was completed and presented in easy-to-understand format within a few weeks, something previous IT companies had been unable to do after nearly a year.
The information and implementation scope of work provided to Elinor Coatings provided the clear path forward for them to strengthen the position they had already prepared their organization to be in regarding information security. Elinor Coatings project manager Adrian Dawson-Becker dug in and hit the ground running with high level of engagement and strong IT skills and knowledge.
The Impact Dakota and Elinor Coatings team conducted a full gap assessment to the NIST SP800-171 requirements with clear Plan Of Actions and Milestones to close gaps. They developed the required System Security Plan, Incident Response Plan and other policies and training material that Elinor Coatings needed to reduce their risks and build their resilience. These team efforts resulted in them being able to confidently report their cybersecurity compliance to their OEM and DoD customers.
Increased Jobs and Sales - As a result of coming in compliance, the expected job growth during the next year is about 18-20. Similarly, the expected increase in sales is a minimum of 100%; doubling of current sales.
New Investments - The needed hardware/software infrastructure upgrade was about $30K (including $20K for server and backup system and annually $10K for Microsoft GCC). The investment also includes the Impact Dakota consulting costs of $6500, as well as Elinor Coatings personnel time for training, implementation, and maintenance; which is estimated to be about $60K.
Training - In addition to staff assigned to bringing the company in compliance, other staff were also trained. Estimated hours of training is about 230.
Culture - Shift to drive team engaged in protecting intellectual property and security of data and communications exchanges.
DoD contracting compliance - as other federal contractors still struggle to identify a NIST/CMMC partner and reach compliance, we are able to provide our SPRS score and move forward with new contract opportunities.
“Impact Dakota helped us organize and improve our IT practices and basic protocols to align with CMMC and navigate quite a complicated initial process. Even with a solid IT team in place, many organizations will struggle to adopt some of the more complicated requirements. I can't imagine how long it would have taken us to work through the documentation on our own, and we are grateful for the assistance Jodie and Impact Dakota provided. The time, money and frustration we saved working with Impact Dakota has given us the leg up we need as a small business to ensure we are doing everything we can to protect ourselves and our customers.”
—Adrian Dawson-Becker, Government Program Manager