BARR SOC for Cybersecurity Compliance provides examination and reporting services based on the AICPA SOC for Cybersecurity Reporting Framework. The service enables organizations to communicate information about their cybersecurity risk management programs to stakeholders and customers. The service offers three reporting levels: Entity-level reports provide transparency to key elements of cybersecurity risk management programs; Service provider reports address vendor risk management needs with detailed information; Supply chain reports provide information to address supply chain risk management requirements. Reports include management's description of the cybersecurity risk management program, management's assertion regarding presentation and effectiveness of controls, and a CPA's opinion on the description and control effectiveness. The service provides both Type 1 reports (point-in-time assessment of control design) and Type 2 reports (assessment of operating effectiveness over a review period). The examination covers how organizations identify information assets, manage cybersecurity risks, and implement security policies and processes to protect information assets. The service is available to organizations of any size or industry and can be used by lenders, investors, analysts, insurance providers, and regulators.