At BARR, we build trust through cyber resilience. We help protect the world’s data, people, and information networks through a human-first approach to cybersecurity and compliance.
Learn more about what makes BARR unique and how we help strengthen security, ensure compliance, and grow business.
We’re relentless in our pursuit to add more value for our clients.
We build relationships based on respect, accountability, and trust.
We value diversity of people and ideas.
Simple is powerful. We focus on what’s essential.
Our clients’ challenges are our challenges and, as thought leaders, we innovate to provide the best solutions.
Founded by Brad Thies as Barr Advisory & Assurance Inc., a remote-first company
BARR calls Kansas City its official HQ
Associates begin serving on industry task force committees that provide AICPA guidance on SOC examination reporting
After achieving the highest rating possible by an independent peer reviewer, the company rebrands to BARR Advisory, P.A.
First annual Day of Giving with associates volunteering in their communities all across the U.S.
BARR builds global partner network of providers to connect clients with best-fit experts
Designated a HITRUST Authorized Assessor, BARR is listed as one of KC Business Journal’s fastest growing companies
Named one of only nine firms in the U.S. eligible to perform both ISO/IEC 27001 and SOC 2 audits
BARR Advisory was named the #3 Best Cybersecurity Compliance Services Vendor by Network Assured. Today, we serve hundreds of clients across 5 continents, and have nearly 100% client retention rate, and a 9.51 client NPS, a world-class ranking.
If you’re not satisfied with the quality of our work, you don’t pay us. Yes, you read that right. We have 100% confidence in our people, processes, and expertise that your satisfaction is a guarantee.
Human-First Approach
Cybersecurity, at its core, is about humans feeling safe and protected. We will educate and empower your people using real talk to raise awareness, change behavior, and embed best practices into your company culture.
Perspective
BARR is a trusted advisor to hundreds of SaaS and enterprise-level clients across all industries. No matter your organization’s stage of growth, we can help you stay secure and compliant at every stage of your growth.
Connections
Through our global network of partners, we will connect you with best-fit experts. These partners are integrated into our own tools, processes, and services. They drive innovation, so why wouldn’t we share them with you?
BARR works hard to make each phase of the engagement process as easy as possible for your organization. Learn what to expect with your engagement lead from kickoff to final deliverable and everything in between.
During the SOC examination kickoff phase, BARR will request several things from you that will help us during your assessment.
We are committed to guiding you through this process by providing you unparalleled support.
If this is your first audit, or you’d like an analysis of the potential challenges that might arise when implementing new processes, the readiness assessment is right for you.
While optional, the readiness assessment ensures that your examination will go as smoothly as possible. Through this period, you’ll engage in three specific meetings with your lead and correct gaps prior to starting the audit period.
While we cater our services to meet your specific needs, here’s a condensed timeline on what to expect from your engagement team:
For more information, see each step of our SOC 2 Engagement Process.
Once your audit is complete, you’re ready to receive your report. BARR provides reports for SOC 1, 2, 3, and SOC for cybersecurity. For each report, you can choose a Type I or Type II.
Once you complete your SOC examination, BARR provides you with a promotional package that you can share with your customers, partners, and other company stakeholders. This reassures them their data is safe with you and differentiates your organization from the rest.
Our HITRUST team works with healthcare organizations through a five-step engagement process, starting with an optional readiness period. Through the readiness period, you have the opportunity to assess any potential challenges that might arise from implementing new processes. See what to expect:
For more information, see each step of our HITRUST Engagement Process.
The HITRUST Quality Assurance Review is the final phase toward HITRUST certification. During this phase, the HITRUST Assurance and Compliance teams will both check the validated assessment and determine whether the organization has met the requirements to achieve certification.
After the final report is posted, your engagement lead will set up a time for an internal and external debrief. It is important to note, that the i1 validation report is only valid for one calendar year from the date of submission, while the r2 repeats every two years with an interim period in between.
The CISO Advisory team helps our clients establish a cybersecurity program that is flexible and adaptive to the needs of their business stakeholders. This includes a common structure to safeguard information assets and streamline business deals with customers’ security demands. Our approach includes the phases, activities, and deliverables below:
We believe in determining the why before proposing the how and that careful planning and thorough identification of gaps are imperative to achieve your security objectives.
During the gap assessment phase, which typically takes 1-2 months to complete, BARR:
After you complete an initial gap assessment, your vCISO will work with you to remediate any gaps. Our goal in Phase 2 is to take the client from a posture with gaps to at least a level of compliance with the given framework(s) or standard(s).
This includes establishing a security committee, ensuring all gaps and recommendations progress toward remediation, all deliverables are finalized, and defining a sustainable security plan for a long and short-term information security program. For more information, see our CISO Engagement Process.
Security Roadmap: We work with you to create a successful roadmap toward remediation, turning what were gaps in our clients’ security programs into competitive advantages.
Continuous Management: With the continuous support of a virtual CISO, we provide a valuable strategic asset. We weave security and compliance into the DNA of our clients’ organizations, differentiating them from their competition.
The ISO 27001 is an internationally recognized standard for helping your organization manage the security of your services through a third-party auditor.
The ISO 27001 internal audit is a prerequisite to stage 1 of the certification process, where either your organization or a third-party firm will assess the effectiveness of your information security management system (ISMS) program to meet clause 9.2 of the ISO 27001 standards. Benefits to the internal audit include:
Stage 1: Your engagement lead will conduct a walkthrough of clauses 4-10, review nonconformities, and develop and execute a corrective action plan.
Stage 2: BARR will conduct a walkthrough of Annex A controls, review nonconformities, and start the certification process.
For more information, see each step of our ISO 27001 Engagement Process.
BARR currently offers certification for ISO 27001 and 27701 standards. The initial certificate issued is valid for three years from the issuance date. At least annually, surveillance audits are conducted to help ensure a certified organization is able to maintain its compliance to the standard. These audits include limited testing and an onsite review to determine the impact of any significant changes since the original certification.
Have questions? Schedule a call to speak with a BARR specialist.
The Security You Need.
The Compliance to Succeed.
© 2023 All Rights Reserved. BARR Advisory, P.A.