BARR Advisory Auditor Profile
BARR Advisory is a cybersecurity and compliance firm founded in 2014 in Kansas, specializing in serving cloud-native SaaS companies. They've built a reputation for deep expertise in SOC 2, HITRUST, and FedRAMP assessments.
The firm takes a modern, technology-forward approach to auditing, working extensively with companies built on AWS, Azure, and GCP. Their team understands cloud architecture at a technical level, which allows for more efficient and relevant audit engagements.
What BARR Advisory Does Well
- Cloud-native expertise — Built from the ground up to serve SaaS and cloud companies, with deep understanding of AWS, Azure, and GCP environments.
- FedRAMP specialization — One of the most experienced 3PAOs for companies seeking government cloud authorization.
- Collaborative approach — Known for working closely with compliance teams rather than treating audits as adversarial.
Engagement Process
- Scoping — Define systems, frameworks, and timeline.
- Readiness assessment — Identify gaps before formal audit.
- Evidence collection — Review controls through your compliance platform.
- Fieldwork — Testing and interviews.
- Report delivery — Final signed report with remediation guidance.
Pricing Expectations
SOC 2 Type II for a mid-size SaaS company typically costs $25,000-$40,000. HITRUST assessments start around $30,000. FedRAMP 3PAO assessments are priced higher based on system complexity.
Who Should Choose BARR Advisory
Best for cloud-native SaaS companies pursuing SOC 2, HITRUST, or FedRAMP who want an auditor that understands modern cloud infrastructure deeply.