Measuring success

"Measuring success"

Who We Are

   metriQuality prepares companies for IT audits,  collecting required documentation, and implementing controls for information security and compliance with corporate policies and regulatory requirements.

How We Help

   By monitoring what your people and processes do,
we help to ensure compliance with corporate policies and regulatory requirements.

   By measuring resource utilization:

  Are your people working effectively?
  Are your projects and/or vendors delivering the results you expect?

What We Do

Policy Management   Write and review company policies and procedures

Compliance Controls   Monitor, assess, and improve compliance controls

Performance Management   Optimize business operations through performance audits

Security Awareness Training   Train and mentor staff for compliance and information security issues

Vendor Risk Management   Manage outsourced IT projects and third-party service providers

Vulnerability Assessments   Conduct security  assessments and  minimize risk exposure

Corporate Standards   Align corporate standards with generally accepted standards

Incident Response   Plan, coordinate, and respond to security incidents


Lean Six Sigma

Seven wasteful compliance practices:

  1. Defects - Why document a process which yields too many defects? Is the process itself unstable? Is input the root cause or the processing phase? Can we dismiss defects as non-recurring anomalies?

  2. Transport - One word: spreadsheets

  3. Motion - Resources spent finding documents and Subject Matter Experts to answer basic questions

  4. Inventory - IT Portfolio may contain under-utilized assets in the form of systems, applications, vendors, and data

  5. Over-processing - Implementing "best practices" without standards or frameworks for delivering business value

  6. Over-production - aka "overkill": too many policies, procedures, controls, tools, and documents

  7. Waiting - for completion when completion is undefined; usually due to a lack of measurable standards

Seven wasteful security practices:

  1. Defects - False positives and false negatives

  2. Transport - Unnecessary log shipping

  3. Motion - Excessive siloed applications and tools

  4. Inventory - Controls which satisfy compliance requirements but provide only questionable security benefits

  5. Over-processing - Cascading controls for specific requirements when common controls offer greater efficiencies

  6. Over-production - too many alerts, reports, and threats. These can be curtailed through proper strategic planning, oversight, and prioritizing risks

  7. Waiting - for the most likely incidents to occur before doing something about them

Why is this important to you?

Because remediating risks due to errors is a waste of valuable resources.

metriQuality applies Lean Six Sigma principles and practices to everything we deliver -- including compliance and information security tasks.

How Six Sigma Reduces Cost of Compliance

   The Cost of Compliance is defined as all direct and indirect costs incurred in meeting compliance requirements. These costs typically include: process reengineering, retooling of systems, time and materials.

   Six Sigma represents the ideal ratio of quality defects which is the leading indicator of whether a process, mechanism, or individual is producing the desired outcome.

   While Six Sigma is desirable as a quality standard, the most critical factor is whether or not a process is stable. Unstable processes cannot be effectively managed, which exponentially increases the cost of compliance. When a customer orders a hamburger, the customer should get a hamburger -- and in the case of information security,
only a hamburger.