Digital Identity
Multi-agency, multi-stakeholder programs where procurement, compliance, and mission alignment determine success.
Inside this journey
-
Pre-Discovery
Align decision-makers, policy constraints, timelines, and risk tolerances before detailed discovery.
-
Stakeholder & Decision Alignment
Confirm decision roles, timelines, success criteria, and key constraints (legal, budget, and regulatory) before detailed discovery.
Alignment Questions
Getting Started: What’s Most Pressing Right Now?
- What single problem brought you to explore a new identity platform today?
- How urgent is a decision on this project on a scale from ‘nice to have’ to ‘mission-critical’?
- Who will you need in the room to move from evaluation to a signed engagement?
- What concerns or fears do you hear internally when this modernization is discussed?
- If we could solve just one of those concerns in the pilot, which would unlock the most momentum and why?
Who Holds the Keys? (Decisions, Dollars, and Deadlines)
- If the program director walked out today, would the project lose momentum or continue—what would change?
- List the formal decision-makers, their titles, and the one thing each cares about most for this project.
- Which procurement and legal approvals are required before a pilot contract can be executed?
- Who controls the budget for pilot vs. long‑term rollout, and how flexible is that budget?
- Describe any internal stakeholders who have historically blocked identity projects, why, and what convinced them to change.
Deadlines That Keep You Up at Night
- If your regulatory deadline (e.g., Real ID) didn’t move, what would happen to your operations six months before the cutoff?
- What hard regulatory dates or audit milestones are tied to this project? Please list dates and consequences of missing them.
- How long do you estimate you have for pilot validation before a compliance-driven rollout is required?
- If a pilot shows problems with false rejections or bias, how long would leadership tolerate remediation before escalating politically?
- What contingency plans do you already have for meeting deadline exposure (e.g., manual processing, temporary policy changes)?
What Would Failure Feel Like?
- If this modernization fails, what would the most visible consequence be to your agency or the public?
- Which stakeholder groups would you expect to blame first if things go wrong, and why?
- What KPIs would you use to define pilot failure vs. pilot success?
- How would a governance or escalation pathway look if pilot performance dipped below acceptance thresholds?
- How long could you tolerate degraded service before political or leadership intervention becomes unavoidable?
Hidden Risks We Need to Surface
- What regulatory or privacy assumptions are you making that, if proven false, would force a major redesign?
- Have you identified populations or use-cases where biometrics have historically produced higher rejection or complaint rates? Tell us where and why.
- What legal or procurement clauses would you consider deal-breakers (for example, restrictive IP ownership or unilateral exit penalties)?
- How do you currently assess vendor lock‑in risk, and what porting or data export guarantees matter most?
- When you run privacy, equity, or security risk assessments, who signs the final approval and what are their main criteria?
What Does Your Data and Process Landscape Look Like Today?
- How many legacy enrollment systems or databases will need to be considered for deduplication and migration?
- Describe the current end-to-end enrollment flow—where do applicants start, what checkpoints exist, and where do they finish?
- Roughly what percentage of records are estimated to be duplicates, incomplete, or low‑quality?
- What types of biometric modalities and document sources are in use today (select all that apply)?
- Where do enrollment operators struggle most—hardware, instructions, throughput pressure, or adjudication backlogs?
How Would You Measure Success in a Pilot?
- If you had to pick three metrics that would make leadership say ‘approve full rollout’, which would they be?
- What are your acceptable thresholds for those KPIs (provide numeric targets where possible)?
- Beyond raw metrics, what qualitative signals would convince you (e.g., operator confidence, stakeholder testimonials, equity assessment results)?
- How should pilot success be validated—who signs off, and what artifacts (reports, logs, test cases) are required?
- If a KPI misses target by 10–20%, what remediation or gating approach would you accept to still consider rollout?
Practical Pilot Design: Scope, Sites, and Acceptance
- What operational sites or user populations would be highest-value pilot candidates and why?
- If you had to run a pilot for 90 days, what minimum sample size or transaction count would feel statistically meaningful?
- Which modules must be included in the pilot (pick all that should be demonstrated end-to-end)?
- What acceptance tests or simulators (e.g., edge-case demographics, low-light captures, high-concurrency load) would you require during pilot validation?
- Who will own pilot operations on your side—who is the day-to-day contact and who is the executive sponsor?
Operational Readiness: People, Training, and Bias Mitigation
- If operators are the difference between success and failure, what are the toughest skills for your teams to learn?
- How long does your typical operator training program run today, and what retention or quality checks are in place?
- When you evaluate bias or equity, what specific demographic slices do you insist on analyzing?
- Describe an example where a training or process change reduced error or bias—what changed and how long before results improved?
- What monitoring or continuous-improvement cycles do you want built into operations post-pilot?
Integration, Security & Portability: The Contractual and Technical Must-Haves
- If you had to force a worst-case: what integration failure would cause the most damage (e.g., lost records, false matches, outage)?
- What security certifications or technical standards are non-negotiable for vendors (select all that apply)?
- How do you want data portability handled at contract exit—what format, timeline, and verification are required?
- What encryption, access control, or key-management constraints must any solution satisfy to be acceptable?
- Who will perform security and interoperability testing on the vendor deliverables and what pass/fail criteria do they use?
Next Steps: What Would Give You Confidence to Move Forward?
- If we delivered a pilot plan tomorrow that addressed your top three concerns, how soon could you commit to a pilot kickoff?
- What would we need to show in a short executive one-page summary to get a sponsor’s signature?
- Who on your team should be included in the initial scoping workshop and what outcomes should that workshop produce?
- Are there any external stakeholders (federal partners, advocacy groups, auditors) we should engage early? If so, who and why?
- Finally, what keeps you up at night about choosing the wrong identity partner—and what reassurance would change that feeling?
-
Risk & Compliance Inventory
Capture Real ID and other regulatory deadlines, assurance-level requirements, privacy rules, equity obligations, and vendor lock-in concerns.
Compliance Questions
One-Sentence Brief: Why We're Here
- In one sentence, what single compliance or risk concern brought you to evaluate identity modernization now?
- Which single regulatory driver is the highest priority for your program?
- Who, by title or role, will be the ultimate owner of meeting that regulatory requirement?
- How confident are you right now that your current systems will meet the top regulatory requirement on time?
- What would you say is the single worst operational outcome if compliance slips (citizen disruption, fines, political fallout, etc.)?
The Deadline That's Haunting Your Calendar
- If you had to bet the agency’s reputation on one upcoming compliance date, would you be betting on people, process, or technology?
- List the regulatory milestones and fixed dates that must be met in the next 6, 12, and 24 months (e.g., enforcement dates, audit windows).
- Which of these milestones are statutory (legal) deadlines versus internal program targets?
- How often have these dates shifted in the past 24 months, and what changed when they did?
- If a single milestone slips, which external audience would react most strongly (oversight body, elected officials, media, citizens)?
Rules, Levels, and the Paper Trail That Proves It
- If your identity proofing met the letter of the assurance standard but stakeholders still said 'this doesn't feel secure enough,' what would that reveal about your true requirements?
- Which identity assurance levels must the solution support?
- What specific audit artifacts must be produced and retained (e.g., biometric match logs, chain-of-custody, document authentication evidence)?
- What are your mandatory retention periods or legal hold requirements for identity records?
- Who in your organization currently signs off on audit/assurance evidence (role or committee)?
Privacy, Consent & The Story You Tell Citizens
- Are you comfortable telling citizens exactly how their biometric data will be used — and can you do that in a single plain-English sentence?
- Which privacy or data protection frameworks apply to your program?
- Do you have an approved Privacy Impact Assessment (PIA) or Data Protection Impact Assessment (DPIA) for biometric collection and storage?
- What consent model do you currently use (or are required to use) for biometric capture?
- Have you experienced privacy-related complaints or FOIA/record requests related to identity records in the past three years?
- Are there strict data residency or cross-border transfer limits that would affect cloud hosting or vendor processing?
When Equity Is the Test: Accuracy, Trust, and Fairness
- If testing shows your biometric system rejects a specific demographic group at 3x the rate of others, would you pause deployment, limit rollout, or continue with mitigations—and why?
- Which demographic or operational cohorts are most sensitive in your population (age bands, skin tone ranges, disability, language, regional enrollment sites)?
- Do you have historical metrics for false rejection (FRR) or false acceptance (FAR) broken down by demographic group?
- What disparity threshold would you consider a showstopper (e.g., >1.5x, >2x, >3x, zero tolerance)?
- Which mitigation levers are you willing to deploy if bias is detected (operator retraining, alternate enrollment pathways, algorithm tuning, procurement pause)?
- Who in your organization is responsible for equity and civil liberties risk (title/office)?
Vendor Lock-In: Exit Isn’t an Afterthought
- What's the last thing you want to hear three years into a contract—'we can't export your enrollment data in a usable format'—and how real is that fear today?
- Which data export and interoperability standards must a vendor support at contract exit?
- How critical is the ability to self-host or port to another supplier without rebuilding integrations?
- Do your procurement templates include clauses for data portability, escrow, and transition support?
- Which integrations would be hardest to replace (e.g., national databases, payment gateways, legacy credential printers)?
- What notice period and handover scope would you require to consider a vendor exit minimally disruptive?
Where the Data Hides: Legacy Stores, Duplicates, and Migration Reality
- If every ambiguous legacy record required manual adjudication, do you have the staffing and political bandwidth to do it at scale?
- Describe the primary legacy systems (type, approximate record count, formats) that must integrate or be migrated.
- What duplicate/merge rate do you estimate across legacy systems today?
- Which legacy stores must be deduplicated prior to pilot vs. which can be reconciled post-pilot?
- Are there legal or policy constraints on merging or altering legacy identity records (e.g., guardian consent, court orders)?
- How comfortable is leadership with record deletion versus archival when resolving duplicates?
Risk Appetite: What 'Good Enough' Actually Means
- If perfect compliance meant never launching, would you accept a phased rollout that accepts measured risk to achieve operational gains sooner?
- Which KPIs will you use to decide whether a pilot meets risk and compliance expectations?
- What are the minimum non-negotiable thresholds for biometric accuracy or dedupe performance?
- Which security or assurance certifications must the vendor hold before procurement moves forward?
- If a compliance gap is discovered during pilot, what remediation timeline would be acceptable (days/weeks/months)?
- Who has final authority to accept residual risk and sign pilot closure documents?
Next Steps That Actually Move the Needle
- What single decision or deliverable from a vendor would make you feel ready to approve a pilot (e.g., signed data escrow, PIA, test results)?
- Who must be on a pilot steering committee for the work to be considered legitimate and well-governed?
- What tangible preconditions must be satisfied before you will permit a pilot to begin (e.g., PIAs approved, data sharing agreements signed, staff trained)?
- What is your target window to begin a pilot once contract terms are acceptable?
- How will pilot results be shared and escalated internally—what communication cadence and artifact types do stakeholders expect?
- Who should we schedule next—your compliance lead, legal counsel, or data custodian—to close the remaining open questions?
-
-
Current State Assessment
Map legacy enrollment processes, data stores, duplicates, operator practices, and throughput bottlenecks driving the modernization need.
Current State
Start Here: Tell Us About Today
- In a few sentences, describe your current enrollment footprint: number of sites, typical daily applicants per site, and the credentials you issue.
- Which enrollment channels are actively used right now?
- Do you track average end-to-end enrollment time per applicant today?
- What single enrollment metric does your leadership most often ask for (e.g., average time, backlog, error rate)?
- How confident are you that your current process reliably prevents duplicate identities?
- Tell us about one recent enrollment day that felt unusually difficult — what happened and how did it feel for staff and customers?
Are We Just Patching Around the Real Problem?
- What part of your enrollment system do you suspect is an illusion of working—something you tolerate that actually causes most downstream pain?
- What workarounds or manual hacks have staff built to keep the process moving? Select all that apply.
- How often do those workarounds trigger a follow-up investigation, complaint, or rework order?
- Share a concrete example where a workaround led to a customer-facing failure or an internal crisis: what happened and who noticed it first?
- Which of these costs best describes the impact of these patches on your program right now?
- How willing is leadership to replace a familiar but fragile process with a new approach that may change roles or systems?
Where Do Your Records Hide—and How Messy Are They?
- If I queried your environment for ‘applicant identity data’, how many distinct systems should I expect to find?
- Which systems store identity-related data today? (Select all that apply and add names in the next question.)
- List the system names, owners, and primary data formats (e.g., SQL, CSV exports, proprietary) for the top three sources of enrollment data.
- Estimate your current duplicate / potential-duplicate rate across the population.
- Have you attempted deduplication or record merges before? If so, what tools or processes were used and why did they succeed or fail?
- Who owns ongoing data quality and the authority to resolve duplicates—describe roles and how conflicts are adjudicated.
Who’s Running the Show When It Matters?
- If enrollment slowed by 50% tomorrow, which role or team would be most exposed and why?
- Who makes operational decisions for enrollment sites (scheduling, staffing, escalation)?
- Describe your operator training program: initial training length, refresher cadence, and how you verify ongoing competency.
- What is your operator turnover or vacancy rate over the last 12 months?
- How do frontline staff feel about current tools and processes—what do they say is the most frustrating part?
- What escalation paths exist when an operator encounters a complex identity issue (e.g., mismatched biometrics, disputed identity)?
When the Line Gets Long: Bottlenecks, Delays, and Backlogs
- If you could snap your fingers and eliminate one bottleneck today, which one would free the most capacity?
- Which of these frequently cause bottlenecks at your sites? Select all that apply.
- During peak periods, what average queue length or wait time do applicants experience?
- How often do enrollment sessions end without successful completion (applicant leaves, refusal, failed capture)?
- Describe how backlogs are cleared today: overtime, additional sites, manual rework, or other tactics.
- What KPI change would be most meaningful to you (pick one): shorter processing time, fewer duplicates, fewer adjudications, or improved customer satisfaction?
Regulatory, Legal, and Equity Landmines
- Which regulation, legal requirement, or public concern worries you most about modernizing enrollment?
- Which of the following compliance items apply to your program right now? Select all that apply.
- Have you completed any bias or demographic performance assessments for your existing biometric system? If yes, summarize the findings.
- When a demographic disparity or privacy complaint has arisen, how was it handled and who led the response?
- Do you currently have contractual language or procurement constraints intended to minimize vendor lock-in?
- What level of evidence would satisfy your legal or privacy teams to move forward with a pilot (e.g., test data results, third‑party audit, ATO documentation)?
If We Could Reimagine Enrollment Tomorrow
- Imagine enrollment is faster, fairer, and auditable — what three things would change first for operators and citizens?
- Which target KPIs matter most for a successful pilot? (Select up to three.)
- What acceptance criteria would you require to consider a pilot successful? Please be specific (e.g., enrollment time < X minutes; dedupe rate > Y%).
- What data or sample workload are you willing to provide for a pilot (select all that apply)?
- How soon could your team start a small pilot if contractual and privacy questions were addressed?
- Who are the essential stakeholders you would involve in a pilot decision and their roles (names/titles preferred)?
What Would Make You Say Yes to a Pilot?
- What are the top three non-negotiables that would prevent you from approving a pilot?
- Which of these pilot risk mitigations would make you most comfortable? Select all that apply.
- How should success be measured and who signs off—program director, CIO, legal, or another party?
- What internal approvals or documentation will we need to gather before a pilot (e.g., SOW, data sharing agreement, PIA, budget approval)?
- Would you be willing to designate a single point of contact to run pilot logistics and approval coordination?
-
Outcome Discovery
Define target KPIs (false rejection rates, deduplication targets, enrollment time), pilot success signals, and measurable acceptance criteria.
Discovery Questions
Starting Together: How Outcomes Feel Today
- How would you briefly describe your current experience setting measurable outcomes for identity programs (what’s worked, what hasn’t)?
- How often do you use quantified KPIs (not just anecdotes) to make go/no-go decisions on identity projects?
- Which outcome owners in your organization currently sign off on operational KPIs?
- Can you share one recent example where a KPI (good or bad) changed project direction? What happened?
What Would Failure Actually Look Like — and Who Feels It First?
- If the new identity platform misses its targets, what concrete harms would your agency face in the next 6–12 months?
- Which stakeholder groups would raise the loudest alarms (e.g., front-line operators, public advocates, federal auditors)?
- How would public trust or political risk change if false rejections or demographic bias materialize at scale?
- What short-term operational impacts would you expect (e.g., backlog growth, manual adjudication hours, credential issuance delays)?
Which Numbers Will Decide This Project’s Fate?
- Which single metric would you say is most likely to determine whether leadership continues funding this program?
- From the list below, select all KPIs you expect to track during pilot and rollout.
- For the top three KPIs you just selected, please list your current baseline and the target value you would accept at pilot completion (e.g., FRR: baseline 6% → target ≤2%).
- How soon do you expect to see measurable improvement against those targets after pilot launch?
What Tradeoffs Are You Willing — or Not Willing — to Make?
- Which outcome(s) are absolutely non‑negotiable from a regulatory or public-trust perspective?
- Where could you tolerate a short-term compromise to gain long-term benefit (choose all that apply)?
- What level of temporary manual adjudication (%) would you accept during pilot without triggering escalation?
- Are there legal, equity, or contractual limits that would make any tradeoff unacceptable? Please describe.
If the Pilot Only Shows One Thing, It Must Be This
- What single signal from the pilot would convince leadership the platform is fit for scale?
- Select the pilot success signals you want measured (these must be instrumented and reported).
- For each selected pilot signal, please define the numeric acceptance criteria and how it will be measured (data source and cadence).
- How large a pilot sample do you need for results to be credible (approx. applicants/day or total participants)?
- Who must sign off that the pilot passed (list specific roles/titles)?
Trustworthy Measurement — Avoiding False Signals
- What’s your biggest worry about pilot data being misleading or biased?
- What minimum statistical confidence or power do you require before treating pilot results as valid?
- Which monitoring cadence feels right for pilot reporting (how frequently do you want interim reports)?
- Which tools or dashboards do you currently use or prefer for KPI reporting and analytics?
- What escalation thresholds should trigger immediate remediation (give one or two examples with numbers)?
Bias, Equity, and the Public’s Trust — What Will You Tolerate?
- If specific demographic groups show worse outcomes, at what point would you pause or limit rollout?
- Which fairness metrics must we report during pilot (select all that apply)?
- What mitigation strategies do you expect if we detect bias (select preferred responses)?
- How should we communicate bias findings to stakeholders and the public (preferred channels and tone)?
Who Signs, Who Monitors, and Who Owns the Numbers?
- Who will be the executive sponsor accountable for outcome acceptance at pilot and handover?
- Which team will own day-to-day measurement, reporting, and issue triage during pilot?
- What contractual or governance controls are required to make acceptance binding (e.g., SLA credits, exit triggers)?
- If stakeholders disagree on whether acceptance criteria were met, what arbitration mechanism do you prefer?
From Targets to Test Plans — Ready to Lock in Three Priorities?
- If you had to name the three outcome priorities we should instrument first for this pilot, what would they be and why?
- Are you able to provide a representative, anonymized dataset for pilot validation (helps reproduce baselines)?
- What date do you need an initial baseline report by (approximate week/month)?
- Who should be included on the weekly outcome review invite list (names or roles)?
- What would success look and feel like to you and your team at pilot close (one-paragraph description)?
-
Solution Experience
Run scenario-based walkthroughs using the agency’s data and workflows to validate how the platform achieves the defined outcomes and mitigates risks.
Experience Meetings
- Solution Experience Kickoff — Confirm Context & Success Criteria
- Scenario Walkthrough — Nominal Enrollment (Agency Data)
- Scenario Walkthrough — Edge Cases, Fraud Detection & Bias Assessment
- Integration & Throughput Validation — Dedupe, Migration Tradeoffs, and Performance
- Validation Review & Pilot Sign‑off
- Produce a dedupe accuracy and performance report with recommended thresholds and indexing changes.
- Quantify false rejection and false match rates across targeted demographic cohorts and identify gaps relative to KPIs.
- Confirm operator guidance and adjudicator SLAs are sufficient to prevent backlog and political risk.
- Produce a prioritized mitigation plan for any scenario failing acceptance thresholds.
- Deliver a bias assessment report with measured error rates per demographic and recommended threshold adjustments.
- Implement tuned detection thresholds and document rationale for each change.
- Define an adjudication staffing and SLA plan to handle projected exception volumes.
- Schedule follow‑up tests after mitigations are applied to confirm effectiveness.
- Integration Topology & Data Mapping Review
- Confirm deduplication accuracy at the volumes required and agree tuning needed to meet KPIs.
- Verify integration approach will not break existing operations and understand latency impacts.
- Validate throughput targets and identify concrete actions to remove identified bottlenecks.
- Agree on migration strategy options and associated manual adjudication volume projections.
- Introductions & Objectives
- Deliver a proposed migration strategy with estimated FTE, timeline, and expected manual adjudication load.
- Create the performance tuning backlog with owners to resolve identified bottlenecks before pilot.
- Finalize rollback and incident response runbook and distribute to stakeholders.
- Executive Summary of Scenario Outcomes vs KPIs
- Obtain formal mutual agreement to proceed to pilot with clearly documented acceptance criteria.
- Confirm all high‑priority mitigations are assigned with delivery dates prior to pilot start.
- Secure legal/commercial preconditions that protect portability and limit vendor lock‑in risk.
- Establish the pilot kickoff timeline, owners, and reporting cadence.
- Publish and circulate the Pilot Charter including site list, acceptance tests, KPIs, and dates.
- Execute required legal and data access agreements needed for pilot (NDAs, SOW addendum, data sharing).
- Assign owners and schedule the pilot kickoff meeting and weekly status cadence.
- Close out any outstanding high‑priority mitigations or document residual risk acceptance before pilot starts.
- Record and lock a crystal‑clear current state sentence that all parties acknowledge.
- Agree quantified consequences (cost/time/risk) that create urgency.
- Define the future state in operational terms and set measurable KPIs.
- Finalize scenario list, required datasets, and environment access for live runs.
- Establish validation protocol and decision gates for the experience series.
- Document and circulate the agreed one‑sentence Current State, Consequence summary, and Future State with KPIs.
- Deliver sanitized data extracts and grant environment access to vendor test team.
- Publish the prioritized scenario list and assign owners for each scenario.
- Distribute the validation checklist and signoff template for use in walkthroughs.
- Recap Scope & Acceptance Criteria
- Demonstrate the platform meets the enrollment time and dedupe targets for a typical applicant.
- Verify end‑to‑end interoperability with the selected legacy system(s) used in the scenario.
- Surface operator or UX issues that could degrade enrollment quality and propose immediate mitigations.
- Collect SME confirmation at validation checkpoints to avoid interpretation drift.
- Create a defect ticket for each issue observed, include severity and suggested mitigations.
- Adjust capture configuration and retest parameter(s) shown to affect KPI (e.g., camera settings, threshold).
- Schedule targeted operator training adjustments addressing identified technique problems.
- Record and store logs and artifacts from the run for audit and compliance review.
- Edge Scenario Overview & Expected Outcomes
- Validate fraud detection logic and that flagged cases follow the agreed adjudication workflow.
- Synthetic Identity / Fraud Run
- Risk Register & Mitigation Commitments
- Dedupe Accuracy Tests (Sample & Scale)
- Environment & Data Verification
- Current State (One Sentence)
- Demographic & Bias Sensitivity Tests
- Consequence Quantification
- Pilot Scope, Sites, and Success Criteria
- Live Walkthrough — Enrollment Flow
- Throughput & Stress Test Results
- Commercial, Legal & Data Portability Preconditions
- Degraded Input & Partial Document Scenarios
- Data Migration Tradeoffs & Strategy
- Tie Steps Back to Consequences
-
Solution Scope
Define modules (biometric capture, document auth, dedupe, integrations), responsibilities, pilot sites, and acceptance tests.
Scope Configuration
- Biometric Enrollment and Capture
- Document Authentication and Tamper Detection
- Remote Identity Proofing with Liveness
- Biometric Deduplication (1:N Search)
- Credential Issuance and Card Personalization
- Enrollment Kiosk Deployment and Provisioning
- Legacy Database Connector and Synchronization
- Federated Identity Integration (SAML/OIDC)
- HSM Key Management and FIPS Crypto
- Operator Training and Certification
- Real-time Fraud Detection and Synthetic ID Flagging
- Credential Lifecycle Management and Revocation
- Mobile SDK for Remote Enrollment
- Audit Logging with Tamper-Evident Export
Scope Questions
Biometric Enrollment and Capture
- Which enrollment locations do you plan to support?
- Which biometric modalities must be captured in scope?
- What is the expected average enrollments per site per day during pilot and scale phases?
- Which capture quality / compliance standards must be met?
- What maximum end-to-end capture time per enrollee is acceptable (operator time)?
- Are there environmental or accessibility constraints (e.g., outdoor, low light, wheelchair access)? Describe.
Document Authentication and Tamper Detection
- Which document intake modes are required?
- What types of identity documents must be supported?
- Is machine-readable zone (MRZ) / barcode / OCR extraction required?
- Do you require visual security-feature analysis (hologram, UV, microprint) and tamper detection?
- Which languages/scripts must OCR and template matching support?
- Are there regulatory thresholds or acceptance criteria for false accepts / false rejects for document checks?
Remote Identity Proofing with Liveness
- Is remote (self-service) identity proofing required for the program?
- What identity assurance level (IAL) or equivalent target is required?
- Which liveness detection approaches are acceptable?
- Which device/platform constraints must the remote proofing SDK support?
- What is the acceptable remote proofing failure rate or user retry budget before manual adjudication?
- Are accessibility accommodations or alternative flows required for certain populations? Describe.
Biometric Deduplication (1:N Search)
- What is the size of the biometric repository(s) that require 1:N deduplication?
- Do you need cross-database deduplication across multiple legacy systems?
- What search latency is acceptable for a 1:N query (ms/seconds)?
- What match score thresholds should trigger automatic match, possible match (manual adjudication), or no-match?
- Should dedupe operate continuously in production or only during migration/pilot?
- Are there data protection or privacy constraints impacting how template data or search indexes are stored/queried?
Credential Issuance and Card Personalization
- Will the program issue physical credentials (cards) or digital credentials or both?
- Which card personalization features are required?
- Do you require on-site personalization (per site) or centralized bureau issuance?
- What monthly issuance volume do you expect during pilot and full rollout?
- Are there cryptographic or certification requirements for credentials (e.g., FIPS, Common Criteria, PKI interoperability)?
- What acceptance tests for issued credentials (e.g., chip read, visual inspection, durability) must be included?
Enrollment Kiosk Deployment and Provisioning
- What form factors are needed for enrollment hardware?
- How many pilot sites and devices per site are planned?
- Which peripherals must be supported and provisioned (camera, fingerprint reader model, printer, card encoder)?
- Who will manage kiosk provisioning, OS updates, and remote monitoring?
- Are there site-network constraints (airgap, NAT, low bandwidth) or power/environmental limits?
- Is secure provisioning (tamper-resistant configuration, device attestation) required for kiosks?
Legacy Database Connector and Synchronization
- Which legacy data sources must be connected?
- Do you require real-time change-data-capture (CDC) synchronization or scheduled batch imports?
- What is the expected total record count and average record size to be synchronized?
- Are there complex field transformations, schema mappings, or PII reformatting required?
- How should conflicts and duplicates be handled during sync (auto-merge, flag for manual adjudication)?
- Are retention, legal hold, or jurisdictional residency rules applicable to synchronized data?
Federated Identity Integration (SAML/OIDC)
- Which federation standards are required for integration?
- Which external identity providers or partner systems must be federated?
- Are specific attribute mappings, claims, or transformations required for SSO?
- Do you require central session management and single logout across federated systems?
- Is multi-factor authentication integration required as part of federation?
- Are certificate management and metadata exchange processes defined for trust establishment?
HSM Key Management and FIPS Crypto
- Do you require on-prem HSMs, cloud HSMs, or HSM-as-a-service?
- Which FIPS level or crypto certification is mandated (e.g., FIPS 140-2 Level 2/3)?
- Are HSM key lifecycle policies defined (rotation frequency, backup, split-knowledge)?
- Is separation of duties and multi-person authorization required for key operations?
- Which systems will integrate with the HSM (card issuance, PKI, tokenization)?
- What logging, audit, and export requirements exist for key events and crypto operations?
Operator Training and Certification
- How many operators and administrators require initial training and certification?
- Which training delivery modes are preferred?
- What certification levels or passing criteria should be enforced for operators?
- Should training include hands-on scenarios using representative agency data and workflows?
- What cadence is required for refresher training and re-certification?
- Are compliance or background-check prerequisites required before operator certification?
-
Mutual Commit
Agree commercial, legal, data migration, SLAs, pilot criteria, and exit/portability terms to minimize vendor lock‑in risk.
Agreement Modules
- Statement of Work (SOW)
- Master Services Agreement (MSA)
- Service Level Agreement (SLA)
- Commercial Pricing & Payment Schedule
- Data Migration & Portability Plan
- Pilot Criteria & Acceptance Tests
- Security & Compliance Addendum
- Data Processing Agreement (DPA)
- IP Rights & Software Licensing Agreement
- Source Code Escrow / Escrow Agreement
- Exit, Transition & Portability Agreement
- Third-Party & Subcontractor Disclosure
- Change Control & Change Order Process
- Training, Knowledge Transfer & Certification Plan
- Insurance, Indemnity & Risk Allocation Schedule
- Governance, Reporting & Steering Committee Charter
- Privacy, Equity & Bias Mitigation Plan
- Regulatory & Audit Support Commitment
-
Deployment
Operationalize rollout with readiness checks, training, sequencing, and validation to control equity, data migration, and scale risks.
-
Pre-Deployment Readiness
Confirm data migration plans, test environments, operator training, and mitigation strategies for demographic bias and manual adjudication.
Readiness Questions
Getting Oriented: A Quick Snapshot
- Which office or program are you representing today and what is your role?
- What's the primary trigger driving modernization for you right now (pick the most urgent)?
- Who are the core stakeholders we should know about for decision-making and why (names/titles if possible)?
- Do you already have a target go‑live window or hard deadline? If so, when?
- What would you like our time together to accomplish in the next 30 days?
Are We Just Patching Around the Real Problem?
- If I told you 'we can paper over the symptoms but not the cause'—where do you think you might be doing that today?
- Tell me about a specific recent case where a workaround failed to prevent an operational or compliance issue—what happened and who felt the pain?
- How often do these workarounds create rework, delays, or complaints that ripple into other teams?
- How long have you tolerated this pattern before deciding to pursue modernization?
- If nothing changes, what negative outcome worries you most (compliance penalties, public complaints, processing collapse, other)?
Where the Risk Really Hides
- Which hidden compliance or equity risks keep you awake at night that current systems aren’t addressing?
- When was the last formal audit or risk review of your identity enrollment systems, and what were its top findings?
- Do you have recorded assurance-level requirements (e.g., NIST 800-63 levels) for your services and where do you fall short?
- What specific regulatory or legislative deadlines (Real ID or other) are we mapping to, and how firm are those dates?
- Have you experienced or anticipated public equity complaints related to biometric false rejects? If yes, how were/are they handled?
When Enrollment Stalls: The Human Story
- What human or operational failures—training gaps, inconsistent operator behavior, or site variability—most often cause enrollments to fail?
- Can you share a concrete example of an enrollment that required manual adjudication or caused a customer escalation? What was the root trigger?
- On average, what percentage of enrollments require human intervention or second-stage review today?
- How consistent is operator performance across sites—do some teams reliably outperform others? If yes, what explains that difference?
- How do failed or delayed enrollments affect public trust or your agency's political exposure?
If We Could Measure Success in One Number
- If you had to name the single most important KPI for a pilot to prove value, what would it be?
- What are your target thresholds for those KPIs (provide numbers if possible)?
- Which of these outputs must be demonstrably improved in pilot to greenlight scale: accuracy, throughput, interoperability, or community impact?
- Do you have historical baseline data we can use to compare pilot results (match rates, processing times, adjudication volumes)?
- How will leadership decide success after the pilot—what outcomes will earn advocacy vs. skepticism?
What Would a Safer, Faster Enrollment Day Look Like?
- Imagine a typical enrollment day where delays, errors, and equity complaints are rare—what happens differently in that scenario?
- Which parts of the enrollment workflow must remain unchanged for operations to accept a new platform (what are sacred processes)?
- What integrations are mandatory from day one (legacy databases, DMV back-ends, credential printers, external ID registries)?
- How important is in‑place data migration vs. a phased parallel approach with sync/replication?
- What would reduced processing time per applicant mean for your daily operations (staffing, throughput, backlog)?
Trading Commitments: What’s Non‑Negotiable?
- If forced to pick, what contractual or technical commitments are absolute non-negotiables for you?
- What level of SLA failure would trigger executive escalation or penalties?
- How do you define acceptable vendor lock‑in risk and what contractual language or technical controls would reduce that risk?
- Which certifications or attestations must the vendor possess before procurement can proceed?
- What data residency or encryption controls are required for your citizen data?
Picking the First Win: Pilot Design and Readiness
- What would count as a clear, low-risk pilot site where success is both measurable and politically acceptable?
- How many pilot sites and what applicant volumes do you think are realistic for an initial test?
- What datasets would you allow us to run tests on (sanitized production, synthetic, parallel live traffic)?
- What training and certification requirements should operators meet before the pilot launches?
- What are the top three signals during a pilot that would make you pause or stop the test?
- Who will own day-to-day pilot execution and who will be the escalation contact for technical issues?
The Decision Room: Budgets, Timelines, and Politics
- What governance processes and approvals are required to move from pilot to procurement to enterprise rollout?
- Where does the budget for this program come from, and how flexible is it if unplanned migration costs arise?
- Which internal or external stakeholders are likely to be the biggest supporters, and who tends to be the most skeptical?
- What political or community sensitivities should we be mindful of when designing biometric collection and public messaging?
- How fast do you realistically need vendor proposals, and what procurement vehicle (RFP, cooperative contract, sole source) will you use?
Next Steps Together: A Focused Commitment
- Based on our conversation, what would a sensible first milestone look like in the next 30–60 days?
- What additional information or assurances do you need from a vendor to feel comfortable advancing to a pilot?
- Who should be our single point of contact for scheduling technical workshops and who signs technical acceptance at the end of a pilot?
- On a scale from 1–5, how ready is your agency to commit resources to a pilot within the next quarter?
- What lingering concerns, if any, would you like us to address before we draft a pilot statement of work?
-
Deployment Enablement
Schedule site design, hardware provisioning, training, and pilot execution with clear owners, timelines, and escalation paths.
-
Validation & Interoperability Testing
Verify biometric accuracy, deduplication rates, legacy database integration, and security tests against acceptance criteria before scale.
Validation Questions
Why Are We Here, Really?
- In one sentence, what immediate event or deadline brought this identity modernization project to the top of your list?
- Who will be the ultimate decision-maker on whether to proceed with a pilot or procurement, and who influences that decision most?
- What is your target timeline for a pilot sign‑off and for a first small rollout? Be specific about months or quarters.
- Which non-negotiable constraints are driving this timeline (pick all that apply)?
- How do you feel about the current urgency—confident we can meet it, cautiously optimistic, or worried about missing it? Tell us why.
What’s Breaking Under the Surface?
- If you had to name the one part of your identity lifecycle you’re most embarrassed to show a peer, what would it be and why?
- How often do those failure modes occur (e.g., false rejections, duplicate enrollments, operator errors)?
- Where do these failures hit hardest—customer wait times, legal exposure, program integrity, public trust, or operational cost?
- Can you share a recent concrete example or story where the current system failed or nearly failed (what happened and what was the fallout)?
- How long has this particular pain point been tolerated before someone raised it as a priority?
Who Holds the Keys — and the Pain?
- Who actually approves vendor selection — and where does the invisible resistance (political, cultural, technical) usually come from in your agency?
- Which teams will need to be actively engaged during discovery and pilot (pick all that apply)?
- Which team has the final sign‑off for security certifications, and are there specific attestations they require?
- What procurement or contracting model do you prefer or must follow (GSA schedule, RFP, IDIQ, sole source, other)?
- Thinking about stakeholders’ emotions: who is most excited, who is skeptical, and what are each group’s core fears?
Show Me the Data We Can't Ignore
- If your legacy data could speak, would it warn us that it’s messy, siloed, incomplete, or actually surprisingly ready?
- Which data sources must be deduplicated or reconciled in any migration or integration (select all that apply)?
- Estimate the size and shape of the data migration we should plan for (number of records, average documents per record, and any unusual formats).
- Which of the following describes your current technical interfaces or integration patterns?
- What data quality metrics do you currently track (e.g., duplicate rate, missing fields, FTEs spent on manual adjudication)? Please include current values if available.
How Do You Measure Success (and Failure)?
- What single KPI would make you declare the pilot a success? (Pick one that would make leadership sleep better.)
- Set realistic acceptance thresholds for the pilot for these metrics: facial FRR, dedupe detection rate, enrollment throughput (applicants/hour). If unknown, select 'Need help establishing.'
- What tolerance do you have for manual adjudication during pilot (percentage of enrollments requiring human review) and how many trained adjudicators are available?
- How will you measure equity across demographic groups during pilot, and which demographics are highest priority to protect?
- If the pilot misses a KPI but shows strong potential in others, what tradeoffs are you willing to accept to continue development?
Equity, Trust, and the Public's Gut Check
- Imagine a community group publicly questions your use of biometrics—what single argument would make you seriously reconsider or pause?
- Have you experienced formal complaints, FOIA requests, or legal challenges related to identity collection or biometric use in the last three years?
- Which safeguards do you require to demonstrate fairness and protect privacy during a pilot (pick all that apply)?
- How comfortable are you publishing pilot accuracy and fairness results publicly, and what would make you comfortable?
- What internal or external stakeholders must be consulted before any public messaging about biometrics or pilot outcomes (e.g., Civil Rights office, unions, community groups)?
Integration Math: What Has to Fit Together
- What would stop this project cold if systems can’t exchange data seamlessly—missing a single API, incompatible identifiers, or something else?
- List the primary external systems we must interoperate with during pilot (select all that apply).
- Which authentication and transport standards does your environment require for integrations (select all that apply)?
- Do you have a staging environment and sample production‑like data we can use for interoperability tests? If not, what are the barriers?
- How many concurrent sites and what peak daily volume must integrations support during rollout planning?
What Would Success Look Like — and What’s the Exit Plan?
- If you could freeze a successful future state in 12 months, what three concrete things would be true about your identity program?
- How important is vendor portability and exit/portability terms to you when evaluating solutions?
- Which contractual protections matter most to you (select up to three)?
- What ongoing operational model do you envision after rollout—fully internal, vendor‑managed, hybrid, or a managed service with local operators?
- What would you need from us this month to feel confident moving to a pilot (design doc, proof of concept, cost estimate, security package, stakeholder intro)?
-
-
Success
Review pilot and rollout outcomes against KPIs, capture lessons learned, and maintain a shared issues and enhancement tracker for continuous improvement.
Success Reviews
- Pilot Outcomes Diagnostic (Solution Experience)
- Rollout Acceptance & Scale Decision
- Lessons Learned & Continuous Improvement Workshop
- Issues & Enhancements Triage (Recurring)
- Executive Summary & Strategic Decision
Issues & Enhancements
- Keep the issues/enhancements tracker current and prioritized for engineering and ops work.
- Draft and circulate formal acceptance memo reflecting decision and any conditions for sign-off.
- Update project plan with phased rollout dates, owners, and gating KPIs.
- Legal/Procurement to prepare any required change orders or SLA amendments.
- Communications owner to prepare internal/external messaging for the rollout decision.
- Workshop Framing & Desired Outputs
- Produce a prioritized improvement backlog with measurable acceptance criteria for each item.
- Identify root causes for recurring failures and agree on corrective actions (technical, operational, training).
- Capture operator and equity feedback and encode required mitigations into the backlog.
- Assign owners and timelines so improvements are actionable and traceable.
- Populate the shared issues/enhancements tracker with prioritized backlog items and acceptance tests.
- Ops to schedule targeted operator retraining sessions and share materials within 10 business days.
- Engineering to estimate effort and provide timeline estimates for top 5 technical fixes.
- Equity lead to propose demographic bias mitigation experiments and measurement plan.
- Review Open Critical Issues
- Introductions & Meeting Objectives
- Commit critical fixes to the next available sprint with owners and clear acceptance criteria.
- Ensure timely stakeholder communications for high-impact items.
- Update tracker statuses and assign SLO-driven ETAs for all open critical issues.
- Engineering lead to add committed fixes to sprint board and notify QA of acceptance tests.
- Communications lead to send weekly status digest to executive and operational stakeholders.
- Concise Executive Summary
- Secure executive decision on whether to scale, conditionally scale, or extend the pilot.
- Obtain approval for required funding and procurement actions tied to the chosen option.
- Agree on executive communications and oversight cadence for the next phase.
- Prepare executive decision memo and circulate to signing authorities.
- If approved, allocate budget and instruct procurement to execute amendments/change orders.
- Publish executive-facing status summary and schedule oversight checkpoints for the rollout phase.
- Establish a single, agreed one-sentence current state describing what is breaking and who is affected.
- Quantify the operational and compliance consequences of KPI shortfalls in concrete terms (hours, $/case, complaint risk).
- Validate which aspects of the future state the platform proved and which require remediation, with stakeholder confirmation.
- Produce an agreed list of prioritized remediation items and data artifacts required for root-cause analysis.
- Customer to deliver anonymized pilot datasets and logs for flagged scenarios within 3 business days.
- Platform engineering to run targeted diagnostics on top 3 failure modes and deliver findings in 5 business days.
- Schedule technical deep-dive session with ops and vendor engineers to resolve top-priority items.
- Update shared KPI dashboard with final, validated numbers and mark items needing remediation.
- Executive Recap of Pilot Findings
- Reach a documented acceptance decision (full acceptance, conditional acceptance, or remediation required).
- Agree a phased rollout plan with timelines, owners, and go/no-go gates tied to KPIs.
- Identify contractual or funding actions required before scale and assign owners to complete them.
- Acceptance Criteria Mapping
- Timeline Walkthrough of Pilot Events
- One-sentence Current State
- New Issues & Customer Escalations
- ROI & Operational Impact
- Options & Recommended Path
- KPI Dashboard Walkthrough
- Facilitated Root-Cause Analysis
- Risk & Mitigation Review for Scale
- Prioritization & Sprint Commitments
- Quick Wins & Operational Adjustments
- Operator & Field Feedback
- Phased Rollout Plan & Timeline
- Consequence Quantification
- Funding & Procurement Implications
- Scenario Proofs (Diagnosis -> Proof)
- Equity, Bias & Public Feedback Review
- Status Communications & Stakeholder Updates
- Commercial/Contractual Implications
- Decision & Endorsement