NetSPI protects valuable intellectual property for Graco

The manufacturing industry has changed significantly over the past decade. By shifting to overseas operations, especially in Asia, companies have been able to recognize significant cost savings. At the same time, there are risks involved. For example, manufacturers often have valuable intellectual property resulting from years of research and development efforts. That intellectual property is more vulnerable in manufacturing processes that span the globe.

As an organization that has developed both organically and through acquisitions, Graco has confronted a number of IS security, risk, and compliance challenges associated with that growth. At the same time, Graco also faces numerous challenges managing IS risks because of its manufacturing operations in the U.S., Europe, and Asia. As an industry leader, Graco has committed itself to ensuring the security of its intellectual property and the integrity of its operations. With these goals in mind, Graco’s Internal Audit team, IS group, and NetSPI have worked to ensure operational integrity, customer confidentiality, and regulatory compliance.

To achieve these three goals, NetSPI has partnered with Graco’s Internal Audit group and the IS staff, and become an important part of Graco’s Internal Audit process. NetSPI provides the critical information security, compliance, and industry best practices that help Graco understand, analyze, and mitigate risk. Since 2002, NetSPI has provided Graco’s Internal Audit with the following information technology and security risk management services:

• Internal Audit Partnership
• Security Program Development and Roadmap Creation
• Risk Analysis
• Quarterly Internet-Based Assessments
• Policy, Standards, and Architecture Review
• Network, Systems, and Wireless Assessment

Graco and NetSPI have entered into a three-year contract whereby NetSPI provides independent security evaluation. This large project includes comprehensive security program assessment, security program review, and regulatory compliance (with Sarbanes-Oxley as well as standards like ISO 17799, NIST, and NSA). This relationship has allowed Graco to focus on hiring employees for critical IS operations while satisfying Internal Audit requirements.

As a result of these efforts, Graco has realized considerable cost savings by having NetSPI execute security and compliance activities. At the same time, this relationship with NetSPI has also enabled Graco to reduce its operational risk and help ensure regulatory compliance.

Daniel Mathews, Internal Audit Manager at Graco, noted that: “NetSPI has done an excellent job understanding risk and compliance, and creating usable solutions at Graco. NetSPI has integrated with the Internal Audit group and provided significant value to Graco’s IS staff. The value of NetSPI is based on its strong technical insights, a comprehensive understanding of Internal Audit, and its realistic recommendations for remediation.”