KANSAS CITY, Mo. — BARR Certifications, a partner of the cybersecurity and compliance solutions provider BARR Advisory, today announced its accreditation to certify cloud-based organizations against the new ISO/IEC 27001:2022 standard.
The accreditation by the ANSI National Accreditation Board (ANAB), the largest multidisciplinary accreditation body in North America, affirms BARR’s competence in performing certification services according to the latest version of the ISO/IEC 27001 framework.
Together, BARR Certifications and BARR Advisory are one of just nine U.S. firms accredited to audit against three of the highest-regarded security standards: ISO/IEC 27001, SOC 2, and HITRUST.
For its part, ISO/IEC 27001 defines the requirements of an Information Security Management System (ISMS). The internationally accepted standard is updated every five years to keep up with changes in technology and security best practices. The 2022 version builds on the foundations laid by the previous standard, ISO/IEC 27001:2013, making relatively minor revisions to terms and controls.
Among the most notable changes:
- The updated standard includes a small change to ISO 27001 management clauses 4.4 and 8.1. Organizations will now be required to identify necessary processes and their interactions, as well as define process criteria, within their ISMS.
- Moderate updates were made to Annex A controls; instead of 14 families, controls are now centered around four themes: organizational, people, physical, and technological.
- Most significantly, ISO 27001:2022 adds 11 new controls to reflect new and evolving security areas, including threat intelligence, data masking, and data leakage prevention.
Existing ISO/IEC 27001:2013 certificates will expire or be withdrawn no later than Oct. 31, 2025.
“Our biggest goal at BARR is to help organizations achieve long-term cyber resilience. In today’s digital environment, that comes down to recognizing areas of weakness and adapting your security strategy to mitigate those risks,” said Angela Redmond, director of attest services at BARR. “By becoming accredited to audit against the latest security frameworks, we’re better positioned to help our clients prepare for and respond to new and emerging threats.”
In addition to ISO 27001, BARR is also accredited to certify against ISO 27701.
To learn more about pursuing ISO/IEC 27001:2022 certification with BARR, visit: https://www.barradvisory.com/services/iso/
ABOUT BARR ADVISORY & BARR CERTIFICATIONS
BARR is a cloud-based security and compliance solutions provider specializing in cybersecurity consulting and compliance for companies with high-value information in cloud environments like AWS, Microsoft Azure, and Google Cloud Platform. A trusted advisor to some of the fastest growing cloud-based organizations around the globe, BARR simplifies compliance across multiple regulatory and customer requirements in highly regulated industries including technology, financial services, healthcare, and government.
BARR Advisory and BARR Certifications services include:
- Compliance Program Assistance
- SOC 1 Examinations
- SOC 2 and 3 Examinations
- SOC for Cybersecurity
- PCI DSS Assessment Services
- ISO 27001 Assessments
- FedRAMP Security Assessments
- HIPAA/HITECH Services
- HITRUST Services
- Penetration Testing and Vulnerability Assessments
- Cybersecurity Consulting