AICPA SOC Service Organizations - Certrec

Regulatory Compliance Expert, Certrec, Successfully Completes ISO 27001 Surveillance Review and SOC

20- Regulatory Compliance Expert, Certrec, Successfully Completes ISO 27001 Surveillance Review and SOC - Press Release - Featured Image- Certrec

Third-Party Assessment Found Controls in Place for Successful ISO 27001 Re-certification.

FORT WORTH, Texas, August 16, 2021 — Certrec, a leading licensing and regulatory compliance provider for NRC and NERC compliance, announced today it has maintained its ISO 27001:2013 certification for the eighth consecutive year and has successfully completed its fifth SOC 2 Type 2 examination with no findings. Compliance with these standards demonstrate continued commitment to information security.

An independent, third-party audit found Certrec’s technical controls, formalized IT Security policies and procedures, and physical security measures and countermeasures to be compliant with the standards and best practices that qualify Certrec as a secure vendor. Obtaining the ISO certification and a SOC 2 Type 2 clean report demonstrates Certrec’s continued commitment to the security, availability, and integrity of all Certrec products.

“Certrec’s successful completion of the ISO 27001 Surveillance Review and Type 2 SOC 2 Examination is an achievement that speaks to the organization’s commitment to not only security in general, but to the ongoing maintenance and continual improvement of their information security management system,” stated Grayson Taylor, Senior Manager at Schellman & Company, LLC. “As both assessments have information security as a prominent component, Certrec’s leadership continues to demonstrate their commitment to this core principle throughout their organization.”

“We take threats to the availability, integrity, and confidentiality of our clients’ information seriously,” asserts Ted Enos, President of Certrec. “Our clients are assured that our compliance tools, information storage solutions, and physical security are protected by comprehensive information security controls, risk management practices, and the prevention of IT architecture security risks,” says Enos.

As technology evolves and cyber security threats become more prevalent, Certrec is committed to maintaining and exceeding its security standards.


Founded in 1988, Certrec is a leading regulatory compliance and advanced online technology service provider. Certrec’s highly skilled, experienced industry professionals possess degrees in a variety of engineering disciplines—such as civil, electrical, mechanical, and nuclear—as well as in physics, communications, business, and information technology. This accomplished team has direct working experience in all regulatory areas of licensing, compliance, and engineering, including nuclear, fossil, and renewable generation and transmission. This combination of direct industry experience with our innovative information technology capabilities has led to the development of advanced, web-based technology solutions and tools that help our clients manage the regulatory process.

Certrec’s industry professionals have direct working experience in all regulatory areas of licensing, compliance, and engineering. This expertise, combined with Certrec’s Information Technology assets, gives the electric power industry technology-based solutions and tools designed specifically to help them manage regulatory issues.

Certrec’s significant expertise in all facets of the regulatory process includes the realm of NRC and NERC regulatory compliance. Its Office of NERC Compliance staff has helped more than 120 different generating facilities establish and maintain NERC Compliance Programs. Currently, Certrec provides the entire NERC compliance program for more than 45 registered sites located in the US and Canada that trust our ability to decrease their regulatory, operational, financial, and public opinion risk.

Certrec is ISO/IEC 27001:2022 certified, ensuring that its web tools and facilities comply with an internationally recognized standard of best practices regarding business, cyber and physical security, and control. Also, Certrec successfully completed a SOC 2 Type 2 examination where the scope of Document Management and Regulatory Services was examined against the Trust Services principles of Security, Availability, and Confidentiality. Certrec is committed to undergoing similar annual examinations and audits to maintain or exceed current levels of service.

For press and media inquiries please contact