Regulatory Compliance Expert Certrec Announces ISO/IEC 27001:2005 Certification

Share Article

3rd Party Audit Confirms Certrec’s compliance with ISO Standard and demonstrates continued commitment to information security at every level

News Image
We take threats to the availability, integrity, and confidentiality of our clients’ information seriously,” says Ted Enos, CEO of Certrec, We’re excited that Certrec has received ISO/IEC 27001: 2005 certification.

Certrec Corporation, a leading licensing and regulatory compliance provider for NRC and NERC compliance announced today it has received ISO/IEC 27001:2005 certification.

ISO/IEC 27001:2005 – Information technology – Security techniques – Information security management systems – requirements (ISO/IEC 27001:2005), part of the growing ISO/IEC 27000 family of standards, is an information security management system (ISMS) standard published in October 2005 by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC). ISO 27001:2005 formally specifies a management system that is intended to bring information security under explicit management control.

The scope of the ISO/IEC 27001:2005 certification is limited to the information security management system (ISMS) supporting Certrec’s Website Development, Website Hosting, Network Infrastructure, Network Security, Engineering Consulting, Regulatory Compliance Solutions, Training, Information Management, Safety Culture Consulting, Document Management, and Information Research operations, and in accordance with the statement of applicability version 3 dated June 14, 2013.

“We take threats to the availability, integrity, and confidentiality of our clients’ information seriously,” says Ted Enos, President of Certrec, “We’re excited that Certrec’s information security management system has received third-party accreditation from the International Standards Organization.”

A recent report ("Electric Grid Vulnerability") released by Congressmen Ed Markey (D-MA) and Henry Waxman (D-CA), May 21, 2013, found that the US electricity grid is under near constant attack from malware and cyber-criminals. The report found that many utilities were under "daily," "frequent," or "constant" attack each month, yet few implement only the barest minimum of security standards.

“In contrast, our clients are assured that our web-based tools and information storage solutions are certified to be protected by comprehensive information security controls, risk management practices, and the prevention of IT architecture security risks,” says Enos.

An independent, third party audit found Certrec to have technical controls in place and formalized IT Security policies and procedures. Certrec has implemented several physical security measures and countermeasures that protect it from unauthorized access or compromise and IT personnel were found to be conscientious and knowledgeable in best practices. This certification demonstrates Certrec’s continued commitment to information security at every level. Compliance with this internationally recognized standard confirms that Certrec’s security management program is comprehensive and follows leading practices. This certification provides more clarity and strength of Certrec’s security practices.

Founded in 1988, Certrec is an engineering and technology based organization providing regulatory support services in the electric power industry. With over 600 cumulative years of direct industry experience (including nuclear, fossil, and renewables), Certrec has developed exceptional capabilities to support regulatory activities emanating from regulatory entities such as the Nuclear Regulatory Commission (NRC) , North American Electric Reliability Corporation and Regional Entities (NERC) Federal Emergency Management Agency (FEMA) and others regulatory agencies. Certrec's Office of Licensing and Compliance (OLC), Office of Assessment and Recovery (OAR), Office of NERC Compliance (ONC), and Office of New Plant (ONP) services are used by utilities and entities across the United States to help manage the regulatory process to their advantage.

Certrec offers support from highly skilled and experienced industry professionals including degrees in a variety of engineering disciplines (Civil, Electrical, Mechanical, and Nuclear). Additionally Certrec's staff has multiple degreed personnel in physics, communications, a variety of MBAs, and information technology. This highly skilled team of personnel has direct working experience in all regulatory areas of licensing, compliance, and engineering including nuclear, fossil, and renewable generation and transmission.

For over 25 years, Certrec has been utilizing its hundreds of years of industry experience to help clients develop and manage solutions to complex regulatory issues. Combining this direct industry experience with Certrec's Information Technology assets has led to development of technology-based solutions and tools directly targeted to the electric power industry and specifically focused on helping clients manage regulatory issues.

Share article on social media or email:

View article via:

Pdf Print

Contact Author

Michelle Thomas
Visit website