AICPA SOC Service Organizations - Certrec

Certrec Expands its Information Technology and Cyber Team

28- Certrec Expands its Information Technology and Cyber Team - Press Release - Featured Image- Certrec
Certrec is dedicated to maintaining or exceeding our current levels of information security.
Fort Worth, Texas October 29, 2020

Certrec, a leading provider of regulatory compliance and advanced online solutions, is pleased to announce the expansion of our Information Technology team to now include a cyber division. With the promotion of Steven Thomas to Executive Director of Cyber and Information Technologies, we continue to place high value both internally and externally on cybersecurity awareness as the technology world continues to evolve.

We take threats to the availability, integrity, and confidentiality of our clients’ information seriously. As part of our continued efforts to keep our client’s data secure, Certrec has been ISO 27001 certified since 2013 and has undergone a SOC 2 Type 2 examination annually since 2016. Each year both programs are audited by a third-party organization to ensure that we not only have a quality program in place but that we are also following that program. Both of these programs are integral to ensuring our clients’ data meet all requirements outlined in 10 CFR 810 and the CIP standards.

“Certrec understands the importance of cybersecurity, information data integrity, and protection,” notes Steven Thomas, Executive Director of Cyber and Information Technologies. “That’s why we offer high-quality IT and Critical Infrastructure Protection services.”

Certrec offers many web-based solutions for power generating plants complying with the Nuclear Regulatory Commission (NRC) regulations or with Critical Infrastructure Protection (CIP) standards, which are governed by the North American Electric Reliability Corporation (NERC) and the six Regional Entities. Our solutions include but are not limited to, action tracking, RSAW generation, daily emails of industry information and news, industry document repositories, audit management, automated workflows, and document exchange.

“Whether you are a solar, wind, hydro, nuclear, or any other power-generating asset, Certrec has an IT infrastructure and a team of experts in place to support your needs. Cybersecurity awareness is at the forefront of many of our discussions and continues to be one of our greatest company priorities,” said Ted Enos, CEO/President.

Watch our newest episode of “Conversations with Certrec” where we discuss cybersecurity awareness tips and how human error is among the greatest threats to cybersecurity. This and other episodes can be found on the Certrec YouTube Channel. Certrec empowers those who power the world and strives to provide the best protection for our clients and their data


Certrec’s significant expertise in all facets of the regulatory process includes the realm of NERC regulatory compliance. Its Office of NERC Compliance staff has helped more than 120 different generating facilities establish and maintain NERC Compliance Programs. Currently, Certrec provides the entire NERC compliance program for more than 45 registered sites located in the US and Canada that trust our ability to decrease their regulatory, operational, financial, and public opinion risk.

Certrec is ISO/IEC 27001:2022 certified, ensuring that its web tools and facilities comply with an internationally recognized standard of best practices regarding business, cyber and physical security, and control. Also, Certrec successfully completed a SOC 2 Type 2 examination where the scope of Document Management and Regulatory Services was examined against the Trust Services principles of Security, Availability, and Confidentiality. Certrec is committed to undergoing similar annual examinations and audits to maintain or exceed current levels of service.

For more information, please visit