Schellman auditors find Certrec’s security has technical controls in place and formalized IT security policies and procedures.
FORT WORTH, Texas, September 26, 2023 — Certrec, a leading provider of regulatory compliance and advanced SaaS applications for the energy industry, has successfully completed its eighth yearly audit for SOC 2 Type 2 and its tenth annual audit for ISO 27001, now testing for the 2022 version. Certrec received its certification for ISO 27001:2022 from Schellman auditors, verifying that the company complies with industry standards for cybersecurity.
As the number of cybersecurity attacks targeting the energy industry increases, it is crucial that sensitive information is protected. Compromises can have costly and time-consuming consequences. Yearly evaluations conducted by an independent party allow Certrec to maintain an objective view of how effectively customer data is protected.
“Certrec’s successful completion of the ISO 27001 Surveillance Review and Type 2 SOC 2 Examination speaks to the organization’s commitment to security in general and to the ongoing maintenance and improvement of their information security management system.” – Grayson Taylor, Director at Schellman
A SOC 2 Type 2 examination is intended to meet the needs of a broad range of users who need detailed information and assurance about the controls at a service organization. They play a vital role in internal corporate governance, risk management, and regulatory and organizational oversight. Certrec was examined against the security, availability, and confidentiality principles.
Certrec’s Information Security Management System (ISMS) allows the company to mitigate business interruptions and protect both physical and cyber assets. This ISMS is certifiable against ISO/IEC 27001:2022 and is integrable with other management system standards such as SOC 2 Type 2. The certification reinforces Certrec’s position as one of the most secure service providers in the market.
Certrec received its certification mark on August 15, 2023, and it is viewable here. This mark certifies that Certrec’s ISMS complies with the standard in managing information security effectively by examining security risks, designing controls to address risks, and adopting a management process to ensure those controls meet future security needs.
“We are very pleased that, once again, our external audit did not identify any deficiencies in our security operation and systems,” said Ted Enos, CEO of Certrec. Certrec is committed to maintaining or exceeding our current levels of service and thus performing an independent SOC 2 Type 2 examination yearly as well as to performing both internal and third-party external audits to ensure compliance with ISO/IEC 27001:2022.
About Certrec:
Certrec is a leading provider of regulatory compliance solutions for the energy industry with the mission of helping ensure a stable, reliable, bulk electric supply. Since 1988, Certrec’s SaaS applications and consulting know-how have helped hundreds of power-generating facilities manage their regulatory compliance and reduce their risks.
Certrec’s engineers and business teams bring a cumulative 1,500 years of working experience in regulatory areas of compliance, engineering, and operations, including nuclear, fossil, solar, wind facilities, and other Registered Entities generation and transmission.
Certrec has helped more than 120 generating facilities establish and maintain NERC Compliance Programs. We manage the entire NERC compliance program for 60+ registered entities in the US and Canada that trust us to decrease their regulatory and reputational risk. Certrec is ISO/IEC 27001:2022 certified and has successfully completed annual SOC 2 Type 2 examinations.
For press and media inquiries, please contact marketing@certrec.com.
