Analysis prompts | from the webinar
Prompt Construct for analysis framework
My client on this study is (Brief background of the client i.e. no. 3 players in __ category etc) Business objective behind conducting this study was to achieve/solve/develop (Business objective). And hence the research objective for this study was (Research objective). The transcripts are from In-depth interviews conducted for a Study covering (Information areas for data collected) with (type of participants. Add sample size and segments as necessary)
Act like (Full name of the framework/ mental model l inventor). Analyze the given transcripts using (Name of the analysis framework/ mental model). Categorize insights into (Components of the framework/ mental model). Identify key themes, emotional tones and sentiment variations. Provide a structured report with verbatim examples supporting each category/level. Compare insights across (name of the segments). Ensure traceability of insights to original responses and format the output with bullet points, tables, and structured categories
Prompt used for Webinar outputs:
Kapferer’s Prism
Act like Jean-Noël Kapferer. Analyze the given transcripts using Kapferer’s Brand Identity Prism for Brand A. Categorize insights into the six facets: Physique, Personality, Culture, Relationship, Reflection, and Self-Image. Identify key themes, emotional tones, and sentiment variations. Provide a structured report with verbatim examples supporting each category. Compare insights across brand loyalists vs competition loyalists. Ensure traceability of insights to original responses and format the output with bullet points, tables, and structured categories.
Maslow’s Hierarchy
Act like Abraham Maslow. These transcripts are from In-depth interviews conducted for a Study covering the attitudes towards home ownership, the buying journey, and perception of client properties and their home buying preferences. Analyze these transcripts using Maslow’s Hierarchy of Needs. Categorize insights into the five levels: Physiological, Safety, Love & Belonging, Esteem, and Self-Actualization. Compare insights across male and female segments highlighting diWerences in their need level wherever applicable. Ensure traceability of insights to original responses and format the output with bullet points, tables and structural categories.
Eisenhower Matrix
Prompt 1:
Act like Abraham Maslow. These transcripts are from In-depth interviews conducted for a Study covering the attitudes towards home ownership, the buying journey, and perception of client properties and their home buying preferences. Analyze these transcripts using Maslow’s Hierarchy of Needs. Categorize insights into the five levels: Physiological, Safety, Love & Belonging, Esteem, and Self-Actualization. Compare insights across male and female segments highlighting diWerences in their need level wherever applicable. Ensure traceability of insights to original responses and format the output with bullet points, tables and structural categories.
Follow up:
Act like a Priority Management Expert well-versed in the Eisenhower/Covey decision matrix. For all the recommendations that you came up with, construct a detailed Eisenhower Box, categorizing tasks or challenges into the four quadrants: urgent and important, not urgent but important, urgent but not important, and neither urgent nor important. Dive into the strategic implications of each quadrant & advise on the best course of action or focus for each.
Hofstede’s model
These transcripts are from In-depth interviews conducted for a Study covering the attitudes towards home ownership, the buying journey, and perception of client properties and their home buying preferences. Act like Geert Hofstede. Analyse these qualitative data transcripts using Hofstede’s Cultural Dimensions Model. Categorize insights into the six dimensions: Power Distance, Individualism vs. Collectivism, Masculinity vs. Femininity, Uncertainty Avoidance, Long-Term vs. Short-Term Orientation, and Indulgence vs. Restraint. Compare insights across males and females respondents. Ensure traceability of insights to original responses and format the output with bullet points, tables, and structured categories.
Generic Recommendation prompts
Prompt 1: Key themes identification
System prompt: (Common for all questions : To be put in instruction part of flowres)
My client on this study is (Brief background of the client i.e. no. 3 players in __ category etc) Business objective behind conducting this study was to achieve/solve/develop (Business objective). And hence the research objective for this study was (Research objective). The transcripts are from In-depth interviews conducted for a Study covering (Information areas for data collected)
User/ chat prompt
Based on the given transcripts, analyse the key themes and patterns that emerge from participant responses. Identify recurring viewpoints, contrasting perspectives, and any underlying motivations. Summarize the most significant conclusions that can be drawn from these insights, ensuring they are grounded in the data. Provide evidence or verbatim quotes where applicable
Prompt 2: Asking for recommendations
Given the key findings from this qualitative study, what are the most actionable recommendations for (mention specific stakeholder teams: e.g., product team, marketers, CEOs/owners. Repeat the prompt for each stakeholder if needed]? Consider the challenges, opportunities, and sentiment expressed in business objectives. Prioritize recommendations based on feasibility and impact given the business objectives. Provide justification for each suggestion.
Prompt 3: Uncovering hidden insights:
Review the transcripts and identify any hidden insights or implicit messages that participants may not have stated explicitly but can be inferred from their responses. What underlying concerns, unmet needs, or emerging trends can be extracted? Provide justification and your thinking behind each of these conclusions. ? How do these insights shape the broader conclusions of the study
Prompt 4: Comparing segments:
Compare the qualitative insights emerging from ( Name of the segments e.g., demographics, usership etc). Identify any variations in perspectives and explain their significance. What conclusions can be drawn from these diWerences, and how should decision-makers tailor their strategies accordingly?
Prompt 5: Recommendations to maximize business value
Can you give me 5 specific recommendations that I can give to my client which will help him attract more buyers? The recommendations need to be in line with the tradeoWs and should maximize the value for my client and at the same time helpful in attracting more buyers.
Prompt 6: Exploring trade offs
Analyze the qualitative research transcripts to identify key tradeoWs that participants consider when making decisions related to [Study topic). Outline the primary factors influencing these tradeoWs, highlighting competing priorities, perceived benefits, and associated risks. Where applicable, compare how diWerent participant segments weigh these factors diWerently. Provide a structured summary of these tradeoWs and recommend how decision-makers can optimize solutions based on participant preferences
Prompt 7: Pareto Analysis
Analyze the qualitative research transcripts to conduct a Pareto analysis identify the most critical factors driving [specific outcome: e.g., customer satisfaction, product adoption, service issues, decision making]. Categorize and quantify recurring themes based on frequency and impact, following the 80/20 principle—where approximately 20% of the factors contribute to 80% of the observed eWects. Provide a ranked list of these key drivers and explain their relative importance. OWer strategic recommendations on which high-impact areas should be prioritized for maximum eWectiveness. Give a supporting quote wherever possible.
Compliance
ISO 27001 Certification
Controls
Infrastructure security
Encryption key access restricted
The company restricts privileged access to encryption keys to authorized users with a business need.
Unique account authentication enforced
The company requires authentication to systems and applications to use unique username and password or authorized Secure Socket Shell (SSH) keys.
Production application access restricted
System access restricted to authorized access only
Access control procedures established
The company's access control policy documents the requirements for adding new users, modifying users, and removing an existing user's access.
Firewall access restricted
The company restricts privileged access to the firewall to authorized users with a business need.
Access revoked upon termination
The company completes termination checklists to ensure that access is revoked for terminated employees within SLAs.
Unique network system authentication enforced
The company requires authentication to the "production network" to use unique usernames and passwords or authorized Secure Socket Shell (SSH) keys.
Remote access MFA enforced
The company's production systems can only be remotely accessed by authorized employees possessing a valid multi-factor authentication (MFA) method.
Remote access encrypted enforced
The company's production systems can only be remotely accessed by authorized employees via an approved encrypted connection.
Log management utilized
The company utilizes a log management tool to identify events that may have a potential impact on the company's ability to achieve its security objectives.
Infrastructure performance monitored
An infrastructure monitoring tool is utilized to monitor systems, infrastructure, and performance and generates alerts when specific predefined thresholds are met.
Intrusion detection system utilized
The company uses an intrusion detection system to provide continuous monitoring of the company's network and early detection of potential security breaches.
Network segmentation implemented
The company's network is segmented to prevent unauthorized access to customer data.
Network firewalls reviewed
The company reviews its firewall rulesets at least annually. Required changes are tracked to completion.
Network firewalls utilized
The company uses firewalls and configures them to prevent unauthorized access.
Organizational security
Asset disposal procedures utilized
The company has electronic media containing confidential information purged or destroyed in accordance with best practices, and certificates of destruction are issued for each device destroyed.
Portable media encrypted
The company encrypts portable and removable media devices when used.
Anti-malware technology utilized
The company deploys anti-malware technology to environments commonly susceptible to malicious attacks and configures this to be updated routinely, logged, and installed on all relevant systems.
Performance evaluations conducted
The company managers are required to complete performance evaluations for direct reports at least annually.
Password policy enforced
The company requires passwords for in-scope system components to be configured according to the company's policy.
Visitor procedures enforced
The company requires visitors to sign-in, wear a visitor badge, and be escorted by an authorized employee when accessing the data center or secure areas.
Security awareness training implemented
The company requires employees to complete security awareness training within thirty days of hire and at least annually thereafter.
Production inventory maintained
The company maintains a formal inventory of production system assets.
Employee background checks performed
The company performs background checks on new employees.
Code of Conduct acknowledged by contractors
The company requires contractor agreements to include a code of conduct or reference to the company code of conduct.
Code of Conduct acknowledged by employees and enforced
The company requires employees to acknowledge a code of conduct at the time of hire. Employees who violate the code of conduct are subject to disciplinary actions in accordance with a disciplinary policy.
Confidentiality Agreement acknowledged by contractors
The company requires contractors to sign a confidentiality agreement at the time of engagement.
Confidentiality Agreement acknowledged by employees
The company requires employees to sign a confidentiality agreement during onboarding.
MDM system utilized
The company has a mobile device management (MDM) system in place to centrally manage mobile devices supporting the service.
Product security
Data encryption utilized
The company's datastores housing sensitive customer data are encrypted at rest.
Data transmission encrypted
The company uses secure data transmission protocols to encrypt confidential and sensitive data when transmitted over public networks.
Vulnerability and system monitoring procedures established
The company's formal policies outline the requirements for vulnerability management and system monitoring.
Control self-assessments conducted
The company performs control self-assessments at least annually to gain assurance that controls are in place and operating effectively. Corrective actions are taken based on relevant findings.
Penetration testing performed
The company's penetration testing is performed at least annually. A remediation plan is developed and changes are implemented to remediate vulnerabilities in accordance with SLAs.
Internal security procedures
Continuity and Disaster Recovery plans established
The company has Business Continuity and Disaster Recovery Plans in place that outline communication plans in order to maintain information security continuity in the event of the unavailability of key personnel.
Change management procedures enforced
The company requires changes to software and infrastructure components of the service to be authorized, formally documented, tested, reviewed, and approved prior to being implemented in the production environment.
Production deployment access restricted
The company restricts access to migrate changes to production to authorized personnel.
Development lifecycle established
The company has a formal systems development life cycle (SDLC) methodology in place that governs the development, acquisition, implementation, changes (including emergency changes), and maintenance of information systems and related technology requirements.
Board oversight briefings conducted
The company's board of directors or a relevant subcommittee is briefed by senior management at least annually on the state of the company's cybersecurity and privacy risk. The board provides feedback and direction to management as needed.
Board expertise developed
The company's board members have sufficient expertise to oversee management's ability to design, implement and operate information security controls. The board engages third-party information security experts and consultants as needed.
Board meetings conducted
The company's board of directors meets at least annually and maintains formal meeting minutes. The board includes directors that are independent of the company.
Backup processes established
The company's data backup policy documents requirements for backup and recovery of customer data.
Management roles and responsibilities defined
The company management has established defined roles and responsibilities to oversee the design and implementation of information security controls.
Roles and responsibilities specified
Roles and responsibilities for the design, development, implementation, operation, maintenance, and monitoring of information security controls are formally assigned in job descriptions and/or the Roles and Responsibilities policy.
System changes communicated
The company communicates system changes to authorized internal users.
Incident response policies established
The company has security and privacy incident response policies and procedures that are documented and communicated to authorized users.
Incident management procedures followed
The company's security and privacy incidents are logged, tracked, resolved, and communicated to affected or relevant parties by management according to the company's security incident response policy and procedures.
Physical access processes established
The company has processes in place for granting, changing, and terminating physical access to company data centers based on an authorization from control owners.
Continuity and disaster recovery plans tested
The company has a documented business continuity/disaster recovery (BC/DR) plan and tests it at least annually.
Cybersecurity insurance maintained
The company maintains cybersecurity insurance to mitigate the financial impact of business disruptions.
Configuration management system established
The company has a configuration management procedure in place to ensure that system configurations are deployed consistently throughout the environment.
SOC 2 - System Description
Complete a description of your system for Section III of the audit report
Whistleblower policy established
The company has established a formalized whistleblower policy, and an anonymous communication channel is in place for users to report potential issues or fraud concerns.
Board charter documented
The company's board of directors has a documented charter that outlines its oversight responsibilities for internal control.
System changes externally communicated
The company notifies customers of critical system changes that may affect their processing.
Organization structure documented
The company maintains an organizational chart that describes the organizational structure and reporting lines.
Security policies established and reviewed
The company's information security policies and procedures are documented and reviewed at least annually.
Support system available
The company has an external-facing support system in place that allows users to report system information on failures, incidents, concerns, and other complaints to appropriate personnel.
Access requests required
The company ensures that user access to in-scope system components is based on job role and function or requires a documented access request form and manager approval prior to access being provisioned.
Incident response plan tested
The company tests their incident response plan at least annually.
Data center access reviewed
The company reviews access to the data centers at least annually.
Company commitments externally communicated
The company's security commitments are communicated to customers in Master Service Agreements (MSA) or Terms of Service (TOS).
External support resources available
The company provides guidelines and technical support resources relating to system operations to customers.
Service description communicated
The company provides a description of its products and services to internal and external users.
Risk assessment objectives specified
The company specifies its objectives to enable the identification and assessment of risk related to the objectives.
Risks assessments performed
The company's risk assessments are performed at least annually. As part of this process, threats and changes (environmental, regulatory, and technological) to service commitments are identified and the risks are formally assessed. The risk assessment includes a consideration of the potential for fraud and how fraud may impact the achievement of objectives.
Risk management program established
The company has a documented risk management program in place that includes guidance on the identification of potential threats, rating the significance of the risks associated with the identified threats, and mitigation strategies for those risks.
Third-party agreements established
The company has written agreements in place with vendors and related third-parties. These agreements include confidentiality and privacy commitments applicable to that entity.
Data and privacy
Data retention procedures established
The company has formal retention and disposal procedures in place to guide the secure retention and disposal of company and customer data.
Customer data deleted upon leaving
The company purges or removes customer data containing confidential information from the application environment, in accordance with best practices, when customers leave the service.
Data classification policy established
The company has a data classification policy in place to help ensure that confidential data is properly secured and restricted to authorized personnel.
Subprocessors
- Cloud provider used by us for web hosting, file storage, search indexes and chat history
- All instances are operated by us remotely and physically located in us-east-1 (N. Virginia). All other instances for web hosting, file storage*, chat history are located here as well.
*users can now elect to choose where to store raw files uploaded to CoLoop. New regions now include EU, UK and US.
- AI Model provider used by us for generating text and indexes for search
- We currently use the following models: GPT-3.5, GPT-4, Embeddings
- Data is retained for as long as required to provide their service and prevent misuse
- No data submitted to OpenAI is used for training of models either by them or by us
- Payment processing service
- Handles financial transactions for our subscription services
- Collects and processes payment information in compliance with PCI-DSS standards
- Does not have access to user-generated content on CoLoop
- Processing textual data
- Processing media data
- Generating data based on customer data
- Fallback provider of Cloud Services
- Provider of the OpenAI API mirror
- Vector search provider used internally for indexing and searching files
- Data is retained for as long as the underlying files exist on CoLoop
- They can be deleted at any point from the app after which all data is removed immediately
- Provides the access to some of the AI models CoLoop offerings rely on
- Content delivery network (CDN) and security services
- DDoS protection and web application firewall
- DNS services and traffic optimization
- Data processing compliant with GDPR requirements
- Live chat and customer messaging platform
- Customer support ticket management
- Real-time visitor monitoring and engagement tools
- Data processing with comprehensive privacy protections