Ryan Wallace

Ryan Wallace is a Cyber Risk Supervisor at HORNE Cyber where he works to provide IT-focused assurance to clients both public and private.

Recent Posts

May 7, 2019 9:00:00 AM

Early Review of AICPA’s SOC for Supply Chain Criteria Pt. 2

Part 2 of 2 in our deep dive into the AICPA’s proposed Description Criteria for its new SOC Suite of Services, SOC for Supply Chain This is our final blog post in the 2-part series detailing the recent AICPA’s SOC for Supply Chain Description Criteria. For a shorter read, check out our previous blog summarizing the Criteria, or read part 1 before continuing here. In part 2, we look at Description Criteria #6-10, which dives deeper into control activities and the environment at the supply chain company.

Topics: SOC for Supply Chain, SOC Suite of Services, SOC

May 2, 2019 9:00:00 AM

Early Review of AICPA’s SOC for Supply Chain Criteria Pt. 1

Part 1 of 2 in a deep dive into the AICPA’s proposed Description Criteria for its new SOC Suite of Services, SOC for Supply Chain Recently, the AICPA has released its exposure draft for the SOC for Supply Chain Description Criteria for public comment. In a follow-up to our recent blog summarizing the Description Criteria, this blog will be part of a 2-part series exploring the details. In the first part, we will discuss the importance of describing the inputs and outputs to the System in a Supply Chain SOC report.  

Topics: SOC for Supply Chain, SOC Suite of Services, SOC

Mar 26, 2019 9:00:00 AM

Summary: Early Review of AICPA’s SOC for Supply Chain Criteria

A summary of the AICPA’s proposed Description Criteria for its SOC for Supply Chain Recently, the AICPA has released its exposure draft for the SOC for Supply Chain Description Criteria for public comment. HORNE reviewed the draft and summarized the overview and main points below. This is an introductory post. Stay tuned for a 2-part deep dive into the new Criteria.

Topics: SOC for Supply Chain, SOC Suite of Services, SOC

Feb 21, 2019 6:30:00 AM

2018 SOC 2 Criteria and Positive Cybersecurity Impacts

How the AICPA’s 2018 SOC 2 Update can Positively Impact your Cybersecurity Model and Organization READ TIME: 2 minutes In January 2018, the AICPA released detailed guidance on its newest SOC 2 Common Criteria (based on COSO 2013 Framework for an entity-wide reporting level). The new framework officially went into effect December 15, 2018. Many organizations, including some of HORNE’s clients, were early adopters of the new framework and have already benefited greatly from its guidance.

Topics: SOC 2

Aug 16, 2018 9:30:00 AM

Topics: Cyber Assurance Insights

Jun 28, 2018 9:30:00 AM

NIST for Cybersecurity: What You Need to Know About the Framework v1.1 Update

At the end of April, NIST released the v1.1 update to its Cybersecurity Framework (‘CSF’). (See our introduction to the Framework through our most recent blog article.) HORNE had the opportunity to attend the NIST update webinar last month. Below is a summary of the the latest updates to be considered by your organization if you currently utilize or plan to utilize the Cybersecurity Framework.

Topics: Cyber Assurance Insights

Jun 26, 2018 9:30:00 AM

NIST for Cybersecurity: Understanding the Framework

NIST Cybersecurity Framework (CSF) Overview The NIST Cybersecurity Framework is a cybersecurity risk management program developed with a focus on industries necessary to national and economic security, such as the energy, banking, communications and defense sectors. Due to its flexibility, however, both small and large companies have adopted the Framework across every industry sector, including federal, state and local governments.

Topics: Cyber Assurance Insights

Apr 6, 2017 10:02:00 AM

SSAE 18 and Your Company's SOC 1 Audit

For the purposes of this article, we’ll be entirely focused on SOC 1. Look for future blogs related to the impact of SSAE 18 on your SOC 2 and 3 reports. The Standards, They are a-Changin’ In 2016, the Accounting Standards Board (ASB) of the AICPA looked at its attestation standards and said, “We need to do some clarifying.” Out of this Clarity Project came the “Concepts Common to all Attestation Engagements,” and with it SSAE 18, which covers all attestation engagements with a major focus on third party vendor management, data validation, and risk assessments. Your SOC 1 audits fall under these new standards, so buckle up and hold tight to that Client Assistance list, because this request list’s about to get bumpy.

Topics: Service Organization Controls, SOC 1 Audit

Oct 25, 2016 10:00:00 AM

Under the Surface Cyber Risk

Part of my role as a Cyber Risk Analyst is to help companies think through their cybersecurity threats. Like most threats, they lie under the surface and most of the time remain unseen until it's too late.

Topics: cyber risk