PGH Networks is a Pittsburgh-based managed IT services provider that supports small and mid-market manufacturers across the Pittsburgh metro within 75 miles of 15220, including Moon Township, Cranberry, Monroeville, Washington, Beaver, New Kensington, and the Mon Valley. This Pittsburgh small manufacturer MSP case study documents how we stabilized IT and OT operations for an anonymized precision-machining shop, brought the company to CMMC Level 2 readiness, and delivered 99.98% measured uptime on production-critical systems over a rolling twelve-month window.
Client Profile: A Pittsburgh Small Manufacturer
The client is a privately held precision-machining and contract-manufacturing shop headquartered in Allegheny County with a satellite finishing facility in Westmoreland County. Headcount at engagement was 48 employees across two shifts, with roughly 32 shop-floor staff running CNC mills, lathes, and a small EDM cell, and 16 office staff covering engineering, quoting, purchasing, quality, and accounting. The company runs Epicor Kinetic (migrated from JobBOSS) as its ERP, SolidWorks for engineering, and Mastercam at programming stations. About 30% of revenue comes from DoD prime and sub-tier contracts that flow CUI, which is what put CMMC Level 2 on the roadmap.
When the client engaged PGH Networks, they had a part-time internal IT generalist, an aging on-prem file server, a flat network where shop-floor CNCs shared broadcast domains with office laptops, no documented backup test history, and a cyber-insurance renewal questionnaire they could not honestly answer "yes" to.
Why a Small Manufacturer Needs a Specialized Pittsburgh MSP
Generic small-business IT support treats every client like a 20-seat professional-services office. Manufacturing breaks that template in three places. First, the ERP — Epicor, JobBOSS, Global Shop, E2 — is the operational heartbeat, and downtime there stops quoting, routing, and shipping within an hour. Second, OT assets (CNC controls, PLCs, CMM machines, label printers, barcode scanners) often run unsupported Windows builds that cannot be patched the way an office laptop can; they have to be segmented instead. Third, any shop touching DoD work, aerospace, or medical-device contracts inherits compliance obligations — CMMC, ITAR, AS9100 IT controls, FDA 21 CFR Part 11 — that a horizontal MSP rarely scopes correctly. A Pittsburgh small manufacturer MSP has to speak all three languages on day one.
What PGH Networks Deployed
We ran a 30-day assessment, then executed a 90-day remediation before transitioning into ongoing managed services. The deployed stack included network re-architecture with VLAN segmentation isolating the OT/shop-floor subnet from corporate, guest, and management traffic, enforced by a next-generation firewall with east-west inspection; Microsoft 365 Business Premium with Conditional Access, MFA on every identity, and Intune-managed endpoints; an EDR/MDR platform with 24/7 SOC monitoring; immutable backups for the Epicor database and file shares with weekly restore testing logged to the client portal; a documented patch ring for office endpoints and a separate, slower change-controlled cadence for OT-adjacent systems; and Epicor Kinetic application support coordinated with the ERP VAR so the client has one number to call.
We also built a written Information System Security Plan (SSP), asset inventory, and data-flow diagram — artifacts the client did not previously have and that every serious compliance, insurance, or customer-IT audit now asks for.
CMMC Level 2 Readiness for DoD Supply-Chain Work
The client's CUI footprint was scoped down deliberately: rather than treat the whole environment as in-scope, we built an enclave for engineering and quality users who actually handle controlled drawings and contract data. That enclave uses GCC High-aligned configurations, hardware-backed MFA, and DLP rules that block CUI from leaving via personal email or unmanaged USB. Of the 110 CMMC Level 2 practices, the client's self-assessment moved from an estimated SPRS score of −67 at engagement to +88 within nine months, with the remaining gaps documented in a POA&M and scheduled. The shop is now positioned to pass a C3PAO assessment when its prime requires one.
Measurable Outcomes
Over the first twelve months on managed services, the client recorded 99.98% uptime on Epicor and file services, against an SLA target of 99.9%. Mean time to resolution on Priority 1 tickets averaged 28 minutes. Phishing-simulation click rate dropped from 31% at baseline to 4% after two quarters of training. The cyber-insurance renewal closed with a premium roughly flat year-over-year — notable in a market where manufacturing renewals were commonly up 20–40% — because the carrier's control questionnaire could be answered honestly and with evidence. Total IT spend, including the MSP fee, landed within 1.4% of budget.
Equally important and harder to put a number on: the owner stopped getting Saturday phone calls about the server, and the part-time internal IT person was redeployed to ERP super-user work, which is where the business actually wanted that headcount.
Working With PGH Networks as Your Pittsburgh Small Manufacturer MSP
PGH Networks takes on a small number of new manufacturing clients each quarter, typically shops between 20 and 200 employees within 75 miles of Pittsburgh. A typical engagement opens with a paid assessment covering network, identity, backup, OT exposure, and compliance posture, and produces a written remediation roadmap whether or not you continue with us. If you are a Pittsburgh-area manufacturer evaluating an IT support company — particularly if Epicor, JobBOSS, CMMC Level 2, ITAR, or OT segmentation are on your list — this is the work we do every day. Contact PGH Networks at pghnetworks.com to scope an assessment.