Any manufacturer pursuing CMMC 2.0 compliance will tell you that the process is rigorous, to say the least. Focused on Machining is currently working to achieve Level 2 certification, which has a long list of 110 requirements aligned to NIST SP 800-171. We anticipate that our journey to CMMC certification will take us a total of 18 months when all is said and done.
As a quick refresher, the US Department of Defense (DoD) is mandating that all manufacturing suppliers acquire and maintain CMMC certification to prove they meet strict cybersecurity standards.
Understandably, not all shops have the time, money, or resources to complete such a rigorous process. CMMC 2.0 compliance consultants and IT professionals are available for support, but they charge well into the six figures. Rather than paying such a hefty price or attempting the process themselves, many small shops are opting out of CMMC 2.0 compliance entirely.
This means that by the time the requirement takes effect in 2024, the DoD is poised to lose a large number of suppliers. That’s an especially tough pill to swallow at a time when their supplier base is already shrinking for unrelated reasons, such as shop owners reaching retirement age and shutting down or consolidating.
Focused on Machining recognizes the challenges surrounding CMMC certification for DoD customers and suppliers alike. But we knew that opting out of CMMC 2.0 compliance simply wasn’t an option for our aerospace, space, and defense-focused shop. In fact, we wanted to get ahead of the game and become certified before the requirement even takes effect. So, we found a way to be part of the solution.
Using Our ERP System to Manage the CMMC Certification Process
Faced with the prospect of dedicating a year and a half to pursuing CMMC 2.0 compliance, we set out to determine how to manage such a complex process without hiring an expensive consultant or IT professional. From the beginning, our goal was to keep the associated costs as low as possible so we wouldn’t have to pass those costs on to customers through increased prices.
We thought, “Why not approach the process the same way we would a complex part?” Naturally, that idea led us to our ERP system, ProShop.
When making a part for a customer, we create a work order in ProShop outlining a long series of steps to complete the part. All related documentation is stored in the system for easy access. We check off each step as we complete it so everyone can view where we are in the process.
Here’s a look at the work order we created along with the ProShop team for CMMC 2.0 compliance:
When we click on each of these operations, a new page opens where we can view the steps that must be completed and who is responsible. The assigned team member completes the step and marks it as such.
During our eventual CMMC audit, we’ll be able to walk the auditor through the work order and show them proof of specific tasks and documentation. We took a similar approach when we went through the AS9100 certification process, and it was very successful.
A digital solution to benefit manufacturers everywhere
Ultimately, manufacturers everywhere will have the chance to benefit from our CMMC 2.0 compliance work order. Once we complete the process ourselves and optimize the work order to be as useful as possible, ProShop will release it as a module available for purchase.
We hope this offering will enable more shops to opt in to pursue CMMC 2.0 compliance. Because while those shops may be our competitors, we know they are a critical part of the American manufacturing industry that we love so much.
Are you looking for a machining partner ahead of the game in achieving CMMC certification? Request a quote from Focused on Machining!