AICPA SOC Service Organizations - Certrec

NRC/NERC Regulatory Compliance Expert Certrec Announces Successful Transition to ISO/IEC 27001:2013 New Standard

3rd Party Audit Confirms Certrec’s compliance with the new ISO Standard and demonstrates continued commitment to information security at every level

Fort Worth, TX (PRWEB) August 18, 2015 — Certrec, a leading licensing and regulatory compliance provider for NRC and NERC compliance announced today it has successfully transitioned and received certification to the new ISO/IEC 27001:2013 standard. 

ISO/IEC 27001:2013 Information technology – Security techniques – Information Security Management Systems – Requirements (ISO/IEC 27001:2013), part of the growing ISO/IEC 27000 family of standards, is an Information Security Management System (ISMS) standard published in October 2013 by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC). ISO 27001:2013 formally specifies a Management System that is intended to bring information security under explicit management control. 

“We take threats to the availability, integrity, and confidentiality of our clients’ information seriously,” says Ted Enos, President of Certrec. “We lead our Industries in Data Protection and Security by investing in a third party certification of our compliance to the most stringent International Security standard,” says Enos. 

Several Certrec clients have provided feedback indicating the ISO 27001 certification was a key part of their business decision. Certrec’s ISO certification allows clients to immediately qualify Certrec as a secure vendor and relieves them of the burden of conducting an expensive and time consuming audit and negotiation of security standards and protocols. 

“Our clients are assured that our web-based tools, information storage solutions, and physical security are certified to be protected by comprehensive information security controls, risk management practices, and the prevention of IT architecture security risks,” says Enos. 

An independent, third party audit found Certrec to have technical controls in place and formalized IT Security policies and procedures. Certrec has implemented several physical security measures and countermeasures that protect it from unauthorized access or compromise and IT personnel were found to be conscientious and knowledgeable in best practices. This certification demonstrates Certrec’s continued commitment to information security at every level. Compliance with this internationally recognized standard confirms that Certrec’s security management program is comprehensive and follows leading practices. This certification provides more clarity and strength of Certrec’s security practices. 

The scope of the ISO/IEC 27001:2013 certification is limited to the information security management system (ISMS) supporting Certrec’s Website Development, Website Hosting, Network Infrastructure, Network Security, Engineering Consulting, Regulatory Compliance Solutions, Training, Information Management, Safety Culture Consulting, Document Management, and Information Research operations, and in accordance with the statement of applicability dated January 2015.

About Certrec:
Certrec is a leading provider of regulatory compliance solutions for the energy industry with the mission of helping ensure a stable, reliable, bulk electric supply. Since 1988, Certrec’s SaaS applications and consulting know-how have helped hundreds of power-generating facilities manage their regulatory compliance and reduce their risks.

Certrec’s engineers and business teams bring a cumulative 1,500 years of working experience in regulatory areas of compliance, engineering, and operations, including nuclear, fossil, solar, wind facilities, and other Registered Entities generation and transmission.

Certrec has helped more than 120 generating facilities establish and maintain NERC Compliance Programs. We manage the entire NERC compliance program for 60+ registered entities in the US and Canada that trust us to decrease their regulatory and reputational risk. Certrec is ISO/IEC 27001:2022 certified and has successfully completed annual SOC 2 Type 2 examinations.

For press and media inquiries, please contact