Certrec Announces Completion of its Fifth Successful SOC 2 Type 2 Examination and Seventh Successful ISO 27001:2013 Certification
August 11th, 2022
Schellman auditors find Certrec’s security has technical controls in place and formalized IT security policies and procedures.
FORT WORTH, Texas August 10, 2022
Certrec, a leading provider of regulatory compliance software and services for the energy industry, has successfully completed its fifth yearly audit for SOC 2 Type 2 and its seventh annual audit for ISO 27001:2013, verifying that the company is up to industry standard on cybersecurity. Certrec received its certification for ISO 27001:2013 from Schellman auditors.
Security breaches are a rising concern for energy entities especially when they connect to the grid or otherwise are part of the nation’s critical infrastructure.
International Organization for Standardization (ISO) certification is one of the safeguards Certrec employs to improve customer confidence that it maintains industryleading security standards. Many of Certrec’s direct competitors have not proved that they possess this capability to mitigate the ever-increasing global cyber-security threats.
In particular, ISO 27001 provides guidelines for a comprehensive Information Security Management System (ISMS) and is the gold standard when it comes to information security. The certification reinforces Certrec’s position as one of the most secured service providers in the market.
The SOC 2 Type 2 trust principles detail how a company safeguards customer data and how well these protections are operating. These principles measure five different categories: security, availability, processing integrity, confidentiality, and privacy. Certrec was examined against the security, availability, and confidentiality principles during the period of June 2021 to June 2022.
This examination is intended to meet the needs of a broad range of users that need detailed information and assurance about the controls at a service organization. They play a vital role in internal corporate governance and risk management, regulatory and organizational oversight.
Certrec received its certification mark on July 8, 2022, and it is viewable here. This mark certifies that Certrec’s ISMS is up to standard in managing information security effectively by examining security risks, designing controls to address risks, and adopting a management process to ensure those controls meet future security needs. Grayson Taylor, Director at Schellman & Company, LLC, said regarding Certrec’s audit, “Certrec’s successful completion of the ISO 27001 Surveillance Review and Type 2 SOC 2 Examination speaks to the organization’s commitment to security in general and the ongoing maintenance and improvement of their information security management system.”
Certrec’s ISMS allows the company to mitigate business interruptions and protect both physical and cyber assets. According to Certrec Compliance and Safety Officer Dale Lawson, “[ISMS] is a core element of our business and supports our anti-risk philosophy.” This ISMS is certifiable against ISO/IEC 27001:2013 and is integrable with other management system standards such as SOC 2 Type 2.
Yearly evaluations conducted by an independent party allow Certrec to maintain an objective view of how effectively customer data is protected because data and compromises can have costly and time-consuming consequences.
Certrec President and CEO, Ted Enos, asserts, “Client confidentiality is our priority at Certrec. ISO 27001 and SOC 2 Type 2 certification is a commitment to our customers who have trusted us with their information and their business. Investing in third-party examinations and certifications validates our world-class controls, processes, and protocols and proves that our data protection and security systems are worthy of our clients’ trust.”
Certrec is committed to maintaining or exceeding our current levels of service and thus performing an independent SOC 2 Type 2 examination on a yearly basis as well as to performing both internal and third-party external audits to ensure compliance with ISO/IEC 27001:2013.
Certrec is a leading provider of regulatory compliance solutions for the energy industry with the mission of helping ensure a stable, reliable, bulk electric supply. Since 1988, Certrec’s SaaS applications and consulting know-how have helped hundreds of powergenerating facilities manage their regulatory compliance and reduce their risks.
Certrec’s engineers and business teams bring a cumulative 1,500 years of working experience in regulatory areas of compliance, engineering, and operations, including nuclear, fossil, solar, wind facilities, and other Registered Entities generation and transmission.
Certrec has helped more than 120 generating facilities establish and maintain NERC Compliance Programs. We manage the entire NERC compliance program for 50+ registered entities in the US and Canada that trust us to decrease their regulatory and reputational risk. Certrec is ISO/IEC 27001:2013 certified and has successfully completed annual SOC 2 Type 2 examinations.