AICPA SOC Service Organizations - Certrec

Regulatory Compliance Expert Certrec Passes ISO 27002 Audit Assessment

3rd Party Assessment Found Controls are in Place with ISO IT Security, Confidentiality, Integrity, and Infrastructure Control Standard

Fort Worth, TX (PRWEB) March 26, 2013 — Certrec, a leading licensing and regulatory compliance provider for NRC, FERC, and NERC compliance, announced today compliance with ISO 27002 – verified through an independent audit assessment. ISO/IEC 27002 is an information security standard published by the International Organization for Standardization (ISO) and by the International Electrotechnical Commission (IEC), entitled Information Technology – Security Techniques – Code of Practice for Information Security Management. 

ISO/IEC 27002 provides best practice recommendations on Information Security Management for use by those responsible for initiating, implementing, or maintaining Information Security Management Systems (ISMS). 

Information Security is defined within the standard in the context of the C-I-A triad as the preservation of:

  • Confidentiality – ensuring that information is accessible only to those authorized to have access.
  • Integrity – safeguarding the accuracy and completeness of information and processing methods.
  • Availability – ensuring that authorized users have access to information and associated assets when required. 


According to Steven Thomas, IT Manager with Certrec, “Certrec was found to have technical controls in place, formalized IT security policies and procedures, and has implemented several physical security measures and countermeasures that protect it from unauthorized access or compromise. Certrec personnel were found to be conscientious and knowledgeable in best practices.” 

“I am quite proud of our team for achieving this great success,” says Thomas. “With the rise in cyber security attacks and concerns, we knew our IT infrastructure must comply with best practice standards to protect our customers’ information assets. ISO 27002 compliance is a rigorous process. This assessment established the level of information security controls currently in place, confirmed the maturity of the controls as it stands (in accordance with the agreed scope), and measured the level of compliance against the latest version of the Code of Practice.” 

“The need to ensure our customers’ data security is at the forefront of our thinking”, says Ted Enos, President of Certrec. “Ensuring that our network is in compliance with the international standard provides peace of mind for all the regulatory compliance managers we serve. With the increasing popularity of our Electronic Reading 

Rooms, we must ensure that our systems meet the security and reliability our customers expect when purchasing Certrec solutions.”

About Certrec:
Certrec is a leading provider of regulatory compliance solutions for the energy industry with the mission of helping ensure a stable, reliable, bulk electric supply. Since 1988, Certrec’s SaaS applications and consulting know-how have helped hundreds of power-generating facilities manage their regulatory compliance and reduce their risks.

Certrec’s engineers and business teams bring a cumulative 1,500 years of working experience in regulatory areas of compliance, engineering, and operations, including nuclear, fossil, solar, wind facilities, and other Registered Entities generation and transmission.

Certrec has helped more than 200 generating facilities establish and maintain NERC Compliance Programs. We manage the entire NERC compliance program for 80+ registered entities in the US, Canada, and Mexico that trust us to decrease their regulatory and reputational risk. Certrec is ISO/IEC 27001:2022 certified and has successfully completed annual SOC 2 Type 2 examinations.

For press and media inquiries, please contact marketing@certrec.com.

Share