Security & Compliance

Together We Build – Securely

CMMC 2.0 Level 2 Certified

At WPI, we combine leading construction expertise with a mature, audited security posture so owners and general contractors can move forward with confidence on projects that handle sensitive information, operate in regulated environments, or require federal-grade controls. Our team is CMMC 2.0 Level 2 certified and trained to execute work under strict cybersecurity and data-handling requirements—without slowing down your schedule or compromising quality.

Modern Projects Need Modern Security

Your data is as critical as your project.

Modern construction projects frequently involve digital models, plan sets, specifications, submittals, photos, and operational details that can include Federal Contract Information (FCI) or Controlled Unclassified Information (CUI). Protecting that information is not just an IT issue—it’s a project delivery requirement. Our program is purpose-built to help owners and GCs meet contract clauses (e.g., DFARS 252.204‑7012 flowdowns) and keep sensitive information secure from preconstruction through closeout.

Certified & Ready

Verified compliance for high-security projects.

• CMMC 2.0 Level 2 Certified Contractor
  WPI has achieved certification under the Department of Defense’s Cybersecurity Maturity Model Certification (CMMC) 2.0 Level 2, demonstrating our ability to safeguard FCI/CUI on defense and other highly regulated projects.
• Aligned to NIST SP 800‑171
  Our controls map to the 14 NIST 800‑171 families (110 practices), covering access control, auditing, configuration management, identification & authentication, incident response, media and physical protection, personnel security, risk assessment, security assessment, communications protection, and system integrity.
• Role-Based Training
  All project personnel accessing sensitive information complete WPI’s CUI Handling Training before receiving access, with job-specific guidance and ongoing refreshers.

Documentation & Audit Support

Ensuring your data is secure.

• Contract-Level Compliance Plans
  We provide project-specific compliance plans aligned to contractual language and applicable frameworks (e.g., DFARS 252.204‑7012, NIST SP 800‑171), including procedures for incident reporting, media protection, and secure disposal.
• Evidence & Traceability
  Audit-ready records of training, access provisioning, change control, and material handling are maintained so owners and GCs can demonstrate compliance at any point during the project.

Our Process

Security controls integrated into how we plan, build, and deliver.

1. Discovery & Requirements Mapping
   We review bid/contract requirements, identify sensitive information flows, and align controls to the project scope.
2. Secure Team Onboarding
   Role-based training, credentialing, and least-privilege access are established before work begins.
3. Execution in Controlled Environments
   Field and fabrication activities follow documented handling, storage, and transmission procedures for sensitive information.
4. Monitoring & Reporting
   We track compliance tasks, record evidence, and support incident response reporting pathways if needed.
5. Closeout & Sanitization
   We complete secure media sanitization and disposal, confirm credential revocation, and deliver final compliance documentation.