ISO/IEC Certifications

Certify your organization to ISO 27001, ISO 27017, ISO 27018, and ISO 27701 standards

Contact Us

Deomonstrate the Maturity of Your ISMS

ISO 27001 is an internationally accepted standard for helping your organization manage the security of your services, data, intellectual property or any information entrusted to you by a third party. Obtaining a certification to ISO standards is a valuable way to differentiate your organization as it demonstrates your compliance with industry standards and your commitment to keeping information secure.

Let us help you improve your Information Security Management System (ISMS) with the following:

BARR's ISO Services

ISO 27001

This is specifically focused on the ISMS following ISO 27002 control implementation guidance.

ISO 27017

This leverages ISO 27002 with an enhanced focus on cloud security.

ISO 27018

The international standards focused on protection of personal data in the cloud. This also leverages ISO 27002, but applies these controls and more to public cloud Personally Identifiable Information (PII).

ISO 27701

ISO 27701, also known as the Privacy Information Management System (PIMS) framework, is the data privacy extension of ISO 27001. It outlines controls and processes to manage data privacy and protect PII.

Our Proven Process

At BARR, we are committed to guiding you through every stage of your ISO 27001 certification from kickoff to final deliverable and everything in between.

  • About us
  • About you
  • Solutions
  • Proposal
ISMS Implementation and Internal Audit
  • Third-party assistance (optional)
ISO Stage 1
  • Discuss Stage 1 audit
  • Select dates to walk through ISO clauses 4-10
  • Review documentation
  • BARR to conclude if ISO clauses were met
Closing Meeting
  • Review nonconformities
  • Discuss next steps
  • Develop and execute corrective action plan
  • BARR to validate nonconformity remediation
ISO Stage 2
  • Discuss Stage 2 audit
  • Select dates to walk through Annex A controls
  • Review documentation
  • BARR to conclude if Annex A controls were met
Closing Meeting
  • Review nonconformities
  • Discuss next steps
  • BARR to communicate certification decision
  • Develop and execute corrective action plan
  • BARR to validate nonconformity remediation
  • Draft report
  • Quality review
  • Issue report
Celebrate & Optimize
  • Debrief
  • Rate engagement
  • Improve security
  • Next steps (includes annual surveillance)

Why BARR for Certification to ISO standards

  • BARR specialists have deep expertise in implementing effective Information Security Management Systems
  • Trusted advisor to some of the fastest growing cloud service providers (IaaS, PaaS, SaaS) in the country
  • Serving the most regulated industries including technology, financial services, healthcare and government
  • 40% of BARR’s reports are delivered early
  • Competitive, fixed rates to accommodate growing enterprises
  • We put you and your business first, providing unparalleled communication and accessibility at all times

ISO Resources



How to Leverage ISO 27001 to Obtain a SOC 2 Report

| ISO27000, SOC Reporting | No Comments

If your organization has scaled to work with clients in and outside of the U.S., you might be curious about the benefits of a compliance framework that meets both national…

Frequently Asked Questions Answered—ISO 27001 Certifications 

| ISO 27001, ISO27000 | No Comments

As one of the most thorough cybersecurity assessments an organization can go through, achieving ISO certification might initially seem daunting. At BARR, we aim to keep it simple. We clarify…

BARR is 1 of 9 Firms in the U.S. Eligible to Perform Audits Against ISO 27001, SOC 2, and HITRUST

| HITRUST, ISO 27001, SOC Reporting | No Comments

BARR is proud to say that we are one in nine firms in the U.S. eligible to perform audits against all three highest regarded frameworks: ISO 27001, SOC 2, and…

A Breakdown of ISO 27001:2022 Annex A Controls

| ISO 27001 | No Comments

When working toward certification to ISO/IEC 27001, your organization will select relevant controls to implement from a checklist called Annex A. Think of Annex A as a catalog of information….

Contact Us for a Free Consultation

We’re here to help you! Speak with a BARR specialist about your security and compliance needs.