Certrec Corporation, a leading licensing and regulatory compliance provider for NRC and NERC compliance, declared today it has maintained its ISO 27001:2013 certification for the fifth consecutive year and has successfully completed its second Type 2 SOC 2 examination.
An independent, third-party audit found Certrec to have technical controls in place as well as formalized IT Security policies and processes. Certrec has implemented several physical security measures and countermeasures that protect it from unauthorized access or compromise, and IT personnel were found to be conscientious and knowledgeable in best practices. The certification and examination demonstrate Certrec’s constant commitment to information security at every level. Compliance with these standards confirms that Certrec’s security management program is comprehensive and follows leading practices.
“We take threats to the availability, security, and confidentiality of our clients’ information extremely,” says Ted Enos, President of Certrec. “We lead our industries in data protection and security by investing in third-party examinations and certifications of our compliance to the most stringent standards and controls,” says Enos.
Several Certrec customers have provided feedback representing the ISO 27001 certification and Type 2 SOC 2 examination were a key part of their business decision. Certrec’s certification and examination allow customers to qualify Certrec immediately as a secure vendor, relieving them of the burden of conducting an expensive and time-consuming audit and negotiation of security standards and protocols.
“Our ISO certification assures our clients of the quality of our Information Security Management System and of the confidentiality of their data. This certification, combined with the independent Type 2 SOC 2 examination, precludes the client from having to perform their own expensive security examination,” notes Enos.
Cyber security threats are becoming more prevalent in the industries Certrec supports; therefore, Certrec is committed to maintaining or exceeding current levels of service and to performing the ISO 27001:2013 certification and Type 2 SOC 2 examination each year in the future.
“Our customers are assured that our web-based tools, information storage solutions, and physical security are protected by comprehensive information security controls, risk management practices, and the prevention of IT architecture security risks,” says Steven Thomas, Certrec IT Director.