Regulatory Compliance Expert Certrec Passes ISO 27002 Audit Assessment

Share Article

3rd Party Assessment Found Controls are in Place with ISO IT Security, Confidentiality, Integrity, and Infrastructure Control Standard

News Image
The need to ensure our customers’ data security is at the forefront of our thinking, says Ted Enos, President of Certrec.

Certrec, a leading licensing and regulatory compliance provider for NRC, FERC, and NERC compliance, announced today compliance with ISO 27002 – verified through an independent audit assessment. ISO/IEC 27002 is an information security standard published by the International Organization for Standardization (ISO) and by the International Electrotechnical Commission (IEC), entitled Information Technology - Security Techniques - Code of Practice for Information Security Management.

ISO/IEC 27002 provides best practice recommendations on Information Security Management for use by those responsible for initiating, implementing, or maintaining Information Security Management Systems (ISMS).

Information Security is defined within the standard in the context of the C-I-A triad as the preservation of:

  • Confidentiality – ensuring that information is accessible only to those authorized to have access.
  • Integrity – safeguarding the accuracy and completeness of information and processing methods.
  • Availability – ensuring that authorized users have access to information and associated assets when required.

According to Steven Thomas, IT Manager with Certrec, “Certrec was found to have technical controls in place, formalized IT security policies and procedures, and has implemented several physical security measures and countermeasures that protect it from unauthorized access or compromise. Certrec personnel were found to be conscientious and knowledgeable in best practices.”

“I am quite proud of our team for achieving this great success,” says Thomas. “With the rise in cyber security attacks and concerns, we knew our IT infrastructure must comply with best practice standards to protect our customers’ information assets. ISO 27002 compliance is a rigorous process. This assessment established the level of information security controls currently in place, confirmed the maturity of the controls as it stands (in accordance with the agreed scope), and measured the level of compliance against the latest version of the Code of Practice.”

“The need to ensure our customers’ data security is at the forefront of our thinking”, says Ted Enos, President of Certrec. “Ensuring that our network is in compliance with the international standard provides peace of mind for all the regulatory compliance managers we serve. With the increasing popularity of our Electronic Reading Rooms, we must ensure that our systems meet the security and reliability our customers expect when purchasing Certrec solutions.“

Founded in 1988, CERTREC is a regulatory compliance process expert that helps utilities manage the regulatory process to their advantage. With more than 300 cumulative years of regulatory and industry experience with the Nuclear Regulatory Commission, the Federal Energy Regulatory Commission, the North American Electric Reliability Corporation (NERC), and other Regional Entities, Certrec’s Office of Licensing and Compliance, Office of NERC Compliance, Office of Assessment and Recovery and New Plant services are used by utilities across North America.

Share article on social media or email:

View article via:

Pdf Print

Contact Author

Michelle Thomas
Visit website