ECS Case Study

ECS Leverages BARR’s Coordinated Audit Approach to Streamline SOC, ISO, HITRUST, and PCI DSS Compliance

At a Glance

ECS is a leading provider of solutions in science, engineering, and advanced technologies, including cloud, cybersecurity, artificial intelligence (AI), and data, delivering trusted solutions across a diverse range of industries in the U.S. public and private sectors.

Committed to maintaining the highest standards of security and compliance, ECS has built a robust GRC program that aligns with key industry frameworks, including ISO 27001, SOC 1, SOC 2, HITRUST, and PCI DSS. By partnering with BARR to take a proactive approach to compliance, ECS ensures its clients can rely on a secure, resilient, and future-ready cybersecurity infrastructure.

The Challenge

ECS’s compliance journey began in 2018 with a clear objective: to establish a strong security foundation that would support its rapid growth while meeting clients’ evolving expectations. 

ECS first pursued ISO 27001 as its foundational certification, then layered additional frameworks—including SOC 1, SOC 2, HITRUST, and PCI DSS—on top of it. This multi-framework approach allowed ECS to meet client requirements across a diverse range of industries while demonstrating its commitment to security. However, as the number of required certifications grew, so did the complexity of maintaining compliance.  

The challenge lay in streamlining the audit process while ensuring that compliance efforts did not become a burden on internal teams. Managing audits for multiple standards simultaneously—some with more than 200 controls in scope—posed a significant administrative challenge. ECS needed a solution that would reduce inefficiencies, minimize disruptions, and provide clarity across its organization.  

Additionally, ECS sought a partner that could help them stay ahead of evolving security and regulatory landscapes, ensuring they remained competitive and prepared to meet new client demands.  

When you’re managing clients’ infrastructure, including their systems and data, that requires a level of trust, reliability, and adherence to security standards and mature frameworks.

Beverly Goodwin
Senior Director of Cyber Compliance
ECS

The Solution

To address these challenges, ECS partnered with BARR Advisory, leveraging BARR’s coordinated audit approach to streamline the auditing process and accelerate the timeline to compliance. By conducting a single, integrated audit that covered multiple frameworks, BARR helped ECS reduce redundancies and optimize resources.  

“It’s just one audit, and at the end of it, you get the five different reports,” BARR Attest Services Manager Steve Ryan explained. “How do we do that? It’s one team. You’re going to have one main point of contact,” he said.

Rather than treating each framework as a separate project, BARR’s coordinated audit approach reduces redundancies by leveraging evidence across multiple audits.

“It doesn’t feel like we’re just talking in silos,” Ryan added. “The goal is [for organizations] to feel as though we’re just having a conversation [about] security, and then on the back side, the onus is on us to map them out to the different frameworks.”

Beyond optimizing compliance workflows, BARR’s centralized audit platform provided ECS with a simple and streamlined way to track audit progress, manage evidence collection, and ensure seamless communication between teams.  

“Not only can we submit [evidence] there, but we can talk back and forth as a message board,” said Sydney Will, GRC Project Manager at ECS. “If we have a specific question about one of the 200+ controls, we’re not losing where we are in that conversation or getting it confused with another task that might be at hand.”

By reducing the administrative burden of compliance, ECS was able to focus its efforts on strengthening security measures rather than navigating complex audit logistics. BARR’s team provided expert guidance, ensuring ECS could maintain compliance with minimal disruption to daily operations.

“From an organizational standpoint, it makes things cleaner for us,” Will said. Across the organization, teams know to expect an audit or recertification at a regular, predictable cadence. 

“Not only does it relieve or reduce some of that administrative burden, but it also helps engrain the security into our culture here at ECS,” Will said. With clear expectations, team members are empowered to embrace cybersecurity best practices year-round.

One of the benefits from our point of view is the consistent approach. We have one team that we’re talking with, we have one team that our team is talking with, and there’s no need for duplication. They know who to go to for what, when, where, and how.

Sydney Will
GRC Project Manager
ECS

The Results

Through its partnership with BARR Advisory, ECS has successfully built and maintained a well-rounded compliance program that supports its continued growth and market expansion. By consolidating multiple audits into a single, streamlined process, ECS has:  

  • Streamlined compliance: BARR’s coordinated audit approach reduces administrative burden by eliminating redundancies and improving efficiency throughout the auditing process.
  • Maintained a competitive edge: Achieving compliance with frameworks including ISO 27001, SOC 1, SOC 2, HITRUST, and PCI DSS helps ECS stay ahead of competitors.
  • Strengthened its security culture: Teams follow a predictable audit cadence, reducing disruptions to daily operations while weaving compliance into the organizational culture.
  • Established itself as a market leader: Meeting top security standards strengthens ECS’s credibility and industry standing.

“It really does just put us in more of a competitive space within the industry,” Will said. “We do maintain many other standards as well…all of that gives ECS a competitive edge, and it has allowed us to grow as a GRC department and have that collaboration and that trust in each other.”

Through a strategic and proactive approach to compliance, ECS has built a security compliance program that not only meets today’s standards but also anticipates the challenges of tomorrow. BARR’s expertise and integrated approach have played a crucial role in this journey, ensuring ECS remains compliant, secure, and ready for the future.

“We’re always on the lookout for what’s next,” Goodwin said.

*BARR Certifications is the certifying body that provided the ISO 27001 audit.

Through its partnership with BARR, ECS:

Streamlined compliance with frameworks including ISO 27001, SOC 1, SOC 2, HITRUST, and PCI DSS

Gained a competitive advantage and established itself as a market leader

Strengthened its organizational security culture

By aligning with a broader set of industry standards, such as SOC 2, SOC 1, HITRUST, and PCI, we’ve been able to grow and strengthen our security measures by introducing these stronger and more effective controls across different areas.

Beverly Goodwin
Senior Director of Cyber Compliance
ECS

Contact Us for a Free Consultation

We’re here to help you!
Speak with a BARR specialist about your security and compliance needs.
Connect With BARR