Schellman auditors find Certrec’s security has technical controls in place and formalized IT security policies and procedures.
FORT WORTH, Texas, August 15, 2024 — Certrec, a leading provider of regulatory compliance and advanced SaaS applications for the energy industry, has recently undergone its ninth yearly audit for SOC 2 Type 2 and its eleventh annual audit for ISO 27001. Certrec successfully transitioned its ISO 27001 certification to the 2022 version of the standard, an attestation to Certrec’s adherence to industry standards for cybersecurity.
A recent report by the E-ISAC highlights an increase in critical infrastructure cyberattacks targeting the energy sector, discovering that cyber vulnerabilities have more than doubled from 2019 to 2023. Security compromises have costly and time-consuming consequences, making data protection imperative. Through yearly evaluations conducted by an independent party, Certrec maintains an objective view of how effectively customer data is protected, reducing the risk of data breaches.
“Certrec’s successful completion of the ISO 27001 Surveillance Review and Type 2 SOC 2 Examination speaks to the organization’s commitment to security in general and to the ongoing maintenance and improvement of their information security management system.”
– Grayson Taylor, Director at Schellman
Certrec’s Information Security Management System (ISMS) mitigates risks in business disruptions and safeguards physical and cyber assets. Our ISMS is certifiable against ISO/IEC 27001:2022 and is integrable with other compliance frameworks such as SOC 2 Type 2. Our certification mark, acquired on August 12, 2024, attests to Certrec’s ISMS conformity with standards in effectively managing information security, designing controls to address risks, and adopting a management process to ensure those controls meet future security needs.
SOC 2 Type 2 examinations are intended to meet the needs of a broad range of users seeking detailed insights and assurance regarding a service organization’s controls. They play a vital role in internal corporate governance, risk management, and regulatory and organizational oversight. During the external audit, Certrec underwent an examination against the security, availability, and confidentiality principles.
“We are very pleased that, once again, our external audit did not identify any material deficiencies in our security operation and systems,” said Ted Enos, CEO of Certrec. Certrec remains committed to maintaining and exceeding our current levels of service and thus performing an independent SOC 2 Type 2 examination yearly as well as to performing both internal and third-party external audits to ensure conformance with ISO/IEC 27001:2022.
To learn more, visit: https://www.certrec.com/
About Certrec:
Certrec is a leading provider of regulatory compliance and digital integration solutions for the energy industry, with the mission of helping ensure a stable, reliable, bulk electric supply. Since 1988, Certrec’s innovation combined with industry expertise has helped hundreds of power-generating facilities manage their regulatory compliance with both the Nuclear Regulatory Commission (NRC) and North American Electric Reliability Corporation (NERC) and reduce their risks.
Certrec brings a cumulative 1,500+ years of working experience in the areas of licensing, regulatory affairs, compliance, engineering, training, and operations, in support of nuclear, fossil, solar, wind facilities, and other types of generating assets.
Certrec has helped more than 200 generating facilities establish and maintain NERC Compliance Programs. We manage the entire NERC compliance program for 80+ registered entities in the US, Canada, and Mexico that trust us to decrease their regulatory and reputational risk. Certrec is ISO/IEC 27001:2022 certified and has successfully completed annual SOC 2 Type 2 examinations.
For press and media inquiries, please contact marketing@certrec.com.
