The Oracles of Opportunities

Getting the right answers from your data, processes, and operations starts with asking the right questions.

How accurate is the data? Where was it collected? Is it accessible by those who need it? How are we protected from those who might misuse it? What is our process? Does it match our policies?

We use the answers to help clients in heavily regulated sectors use data to avoid the traps of human bias and bad information, and insulate themselves from the potential for penalties and reputation risk arising from compliance audit deficiencies.

Augmented by tools like machine learning and predictive algorithms, the results can lead to extraordinary outcomes, including more agile business processes, and asymmetric strategic advantage.

Our Process

Our Process - JNN Group, Inc.png
noun_Planning_1960651.png

PLANNING

Define & Confirm Problem Statement

Define & Confirm Project Objective

Develop Data Analysis Plan

Confirm Access to Data

If Applicable, Evaluate & Tests Data Privacy, Data Security, Access Rights and other regulations

Evaluate Executive Management Buy-in

Confirming Review Period and Scope of Audit

Definition of Key Supporting Documents

Evaluate Target Organization’s Ability to Support Audit (Executive Management Buy-in)

Determine Applicable Best Practices/Rules/Regulations


noun_Meeting_1960653.png

UNDERSTANDING

Data Blending

Data Profiling

Process Capture

Imputation & Null Analysis

Evaluate Organization’s Controls

Evaluate Supporting Documentation

Obtain Supporting Documentation


noun_Research_1960650.png

TESTING

Data Cleanup & Preparation

Predictive Analytics

Quick Descriptive Analytics

Predictive Modeling

Prescriptive & Recommender Systems

Develop & Execute Tests of Controls

Document Test Results

Document Test of Controls


 REPORTING

REPORTING

Dashboard & Visualizations

Reports & Insights

Recommendations

Documentation

AT 101 Reports & Attestations

Summarize Test Results

Categorize Deficiencies

Develop Corrective Actions

Project Management Methodology

We employ a project management process tailored to deliver our services with the highest levels of efficiency, quality and defensibility.  Drawn from years of experience managing Information Technology and Data Security of all types coupled with Lean Six Sigma efficiency methodologies, our Project Management Process governs all aspects of our services, including:

  • Preliminary Project Planning

  • Detailed Budget Forecasting: Include continual refinement of projections through every stage of a project

  • Team Selection, Roles, and Responsibilities

  • Communications Strategy: Within the project team, with the corporate law department, with litigation counsel and, when appropriate, with external service providers

  • Team Training and Communication Plans

  • Project Documentation

  • Change Management

  • Quality Control

  • Knowledge Transfer to Corporate Staff

 

CONTINUOUS QUALITY CONTROL

We recommend the implementation of Continuous Quality Control processes on each project.  Using a combination of statistical sampling, data analytics and infrastructure optimization, our team can closely monitor and adjust each project's phases progress from initiation through completion.  This allows us to immediately flag ambiguities or issues requiring additional clarification – before the team invests significant time in the project. Integral to our Continuous Quality Control process is rigorous documentation and record keeping throughout each review to demonstrate the defensibility of the project management efforts.

PROJECT MANAGEMENT STAFF

In our experience, projects are most successful when a project manager is fully focused on a project’s success.  Therefore, we typically allocate a project manager to work full-time on one project, tackling different responsibilities as the demands of the project shift.  Occasionally, as a project is ramping up or winding down and the overall work requirements are minimal, a project manager may shift a portion of their time to one or more other matters. We may also assign more than one project manager to a project in the event that the team size becomes particularly large.

Assessment Framework and Standards

AICPA TSP

GAPP

HIPAA/HITECH

HITRUST

PCI DSS 2.0

PCI DSS 3.0

PCI DSS 3.2

FEDRAMP - LOW IMPACT

FEDRAMP - MODERATE IMPACT

ITAR

SHARED ASSESSMENTS 2017 AUP

FERPA

JERICHO FORUM

MEXICO - FEDERAL LAW ON PROTECTION OF PERSONAL DATA HELD BY PRIVATE PARTIES

NERC CIP

ISO/IEC 27001:2005

ISO/IEC 27001:2013

NIST SP800-53

NIST SP800-53 R4 APPENDIX J

NZISM

NZISM V2.5

ODCA UM: PA R2.

CMMI