Health, Education & Government Government & Public Sector Government IT & Digital Services

Digital Identity

Multi-agency, multi-stakeholder programs where procurement, compliance, and mission alignment determine success.

IDEMIA Thales Group Leidos CGI Federal
Inside this journey
  1. Pre-Discovery

    Align decision-makers, policy constraints, timelines, and risk tolerances before detailed discovery.

    1. Stakeholder & Decision Alignment

      Confirm decision roles, timelines, success criteria, and key constraints (legal, budget, and regulatory) before detailed discovery.

      Alignment Questions

      Getting Started: What’s Most Pressing Right Now?

      • What single problem brought you to explore a new identity platform today? Options: Regulatory deadline (e.g., Real ID), High fraud/synthetic identity rates, Poor interoperability with legacy systems, Need for online services/remote proofing, Other
      • How urgent is a decision on this project on a scale from ‘nice to have’ to ‘mission-critical’? Options: Mission-critical (deadline-driven), High priority (within 6 months), Medium priority (6–12 months), Low priority (12+ months)
      • Who will you need in the room to move from evaluation to a signed engagement?
      • What concerns or fears do you hear internally when this modernization is discussed? Options: Equity / demographic bias, Vendor lock-in, Migration cost/time, Operational disruption, Security/privacy, Political/public backlash, Other
      • If we could solve just one of those concerns in the pilot, which would unlock the most momentum and why?

      Who Holds the Keys? (Decisions, Dollars, and Deadlines)

      • If the program director walked out today, would the project lose momentum or continue—what would change? Options: Lose momentum immediately, Continue but slower, No change, Not sure
      • List the formal decision-makers, their titles, and the one thing each cares about most for this project.
      • Which procurement and legal approvals are required before a pilot contract can be executed? Options: Procurement office sign-off, Legal counsel review, Data protection officer approval, Budget/finance approval, External counsel, Other
      • Who controls the budget for pilot vs. long‑term rollout, and how flexible is that budget? Options: Single centralized budget owner, Multiple owners across programs, Pilot-funded separately, Contingent on outcomes, Not yet defined
      • Describe any internal stakeholders who have historically blocked identity projects, why, and what convinced them to change.

      Deadlines That Keep You Up at Night

      • If your regulatory deadline (e.g., Real ID) didn’t move, what would happen to your operations six months before the cutoff? Options: Significant backlogs, Temporary exemptions sought, Surge hiring/training, Service reductions, Other
      • What hard regulatory dates or audit milestones are tied to this project? Please list dates and consequences of missing them.
      • How long do you estimate you have for pilot validation before a compliance-driven rollout is required? Options: <3 months, 3–6 months, 6–12 months, 12+ months, Unsure
      • If a pilot shows problems with false rejections or bias, how long would leadership tolerate remediation before escalating politically? Options: Less than 1 month, 1–3 months, 3–6 months, Depends on remediation plan
      • What contingency plans do you already have for meeting deadline exposure (e.g., manual processing, temporary policy changes)?

      What Would Failure Feel Like?

      • If this modernization fails, what would the most visible consequence be to your agency or the public? Options: Service outages, Non-compliance fines, Public backslash/media scrutiny, Backlogs and delays, Security incidents, Other
      • Which stakeholder groups would you expect to blame first if things go wrong, and why?
      • What KPIs would you use to define pilot failure vs. pilot success? Options: False rejection rate, Deduplication rate, Average enrollment time, Operator error rate, Public complaints, System uptime
      • How would a governance or escalation pathway look if pilot performance dipped below acceptance thresholds?
      • How long could you tolerate degraded service before political or leadership intervention becomes unavoidable? Options: Days, Weeks, Months, Depends on severity

      Hidden Risks We Need to Surface

      • What regulatory or privacy assumptions are you making that, if proven false, would force a major redesign? Options: Data residency requirements, Consent model constraints, Identity proofing assurance level, Retention/ERASURE rules, Vendor data sharing limits, Other
      • Have you identified populations or use-cases where biometrics have historically produced higher rejection or complaint rates? Tell us where and why.
      • What legal or procurement clauses would you consider deal-breakers (for example, restrictive IP ownership or unilateral exit penalties)?
      • How do you currently assess vendor lock‑in risk, and what porting or data export guarantees matter most? Options: Full data export on demand, Interoperable standards support, Third-party escrow, API portability clauses, Other
      • When you run privacy, equity, or security risk assessments, who signs the final approval and what are their main criteria?

      What Does Your Data and Process Landscape Look Like Today?

      • How many legacy enrollment systems or databases will need to be considered for deduplication and migration? Options: One, Two to three, Four to six, More than six, Unsure
      • Describe the current end-to-end enrollment flow—where do applicants start, what checkpoints exist, and where do they finish?
      • Roughly what percentage of records are estimated to be duplicates, incomplete, or low‑quality? Options: <5%, 5–15%, 16–30%, 30–50%, >50%, Don't know
      • What types of biometric modalities and document sources are in use today (select all that apply)? Options: Face photos (2D), Live face capture (liveness), Fingerprints, Iris, Scanned paper IDs, PDF/gov portals, Other
      • Where do enrollment operators struggle most—hardware, instructions, throughput pressure, or adjudication backlogs? Options: Hardware, Operator training/skill, Process complexity, Throughput/time pressure, Manual adjudication, Other

      How Would You Measure Success in a Pilot?

      • If you had to pick three metrics that would make leadership say ‘approve full rollout’, which would they be? Options: False rejection rate, Deduplication rate, Average enrollment time, Operator error rate, Public satisfaction score, Total cost per enrollment
      • What are your acceptable thresholds for those KPIs (provide numeric targets where possible)?
      • Beyond raw metrics, what qualitative signals would convince you (e.g., operator confidence, stakeholder testimonials, equity assessment results)? Options: Operator readiness, Equity bias report, Interoperability tests, Legal/DP approval, Public user feedback, Other
      • How should pilot success be validated—who signs off, and what artifacts (reports, logs, test cases) are required?
      • If a KPI misses target by 10–20%, what remediation or gating approach would you accept to still consider rollout? Options: Extend pilot with fixes, Restrict rollout scope, Require third-party audit, Reject proceeding, Depends on root cause analysis

      Practical Pilot Design: Scope, Sites, and Acceptance

      • What operational sites or user populations would be highest-value pilot candidates and why?
      • If you had to run a pilot for 90 days, what minimum sample size or transaction count would feel statistically meaningful? Options: <1,000 enrollments, 1,000–5,000, 5,000–20,000, >20,000, Unsure
      • Which modules must be included in the pilot (pick all that should be demonstrated end-to-end)? Options: Biometric capture, Document authentication, Deduplication/search, Legacy DB integration, Credential issuance, Operator dashboard
      • What acceptance tests or simulators (e.g., edge-case demographics, low-light captures, high-concurrency load) would you require during pilot validation?
      • Who will own pilot operations on your side—who is the day-to-day contact and who is the executive sponsor?

      Operational Readiness: People, Training, and Bias Mitigation

      • If operators are the difference between success and failure, what are the toughest skills for your teams to learn? Options: Camera/framing technique, Document inspection, Adjudication policies, Technical troubleshooting, Customer interaction
      • How long does your typical operator training program run today, and what retention or quality checks are in place? Options: <1 day, 1–3 days, 1 week, Ongoing certification
      • When you evaluate bias or equity, what specific demographic slices do you insist on analyzing? Options: Age groups, Race/ethnicity, Gender, Disability status, Geography/urban-rural, Other
      • Describe an example where a training or process change reduced error or bias—what changed and how long before results improved?
      • What monitoring or continuous-improvement cycles do you want built into operations post-pilot? Options: Daily dashboards, Weekly QA reviews, Monthly bias audits, Quarterly executive reviews, Ad-hoc investigations

      Integration, Security & Portability: The Contractual and Technical Must-Haves

      • If you had to force a worst-case: what integration failure would cause the most damage (e.g., lost records, false matches, outage)? Options: Failed dedupe (false matches), Data loss during migration, Downtime preventing enrollments, Unauthorized data access, Other
      • What security certifications or technical standards are non-negotiable for vendors (select all that apply)? Options: FedRAMP, FIPS 201, SOC 2, ISO 27001, NIST compliance (800-63), Other
      • How do you want data portability handled at contract exit—what format, timeline, and verification are required? Options: Full export in open format, API access for migration, Third-party data escrow, Assist migration with vendor support, Other
      • What encryption, access control, or key-management constraints must any solution satisfy to be acceptable?
      • Who will perform security and interoperability testing on the vendor deliverables and what pass/fail criteria do they use?

      Next Steps: What Would Give You Confidence to Move Forward?

      • If we delivered a pilot plan tomorrow that addressed your top three concerns, how soon could you commit to a pilot kickoff? Options: Immediately, Within 2 weeks, Within 1 month, 2–3 months, Longer
      • What would we need to show in a short executive one-page summary to get a sponsor’s signature?
      • Who on your team should be included in the initial scoping workshop and what outcomes should that workshop produce?
      • Are there any external stakeholders (federal partners, advocacy groups, auditors) we should engage early? If so, who and why?
      • Finally, what keeps you up at night about choosing the wrong identity partner—and what reassurance would change that feeling?
    2. Risk & Compliance Inventory

      Capture Real ID and other regulatory deadlines, assurance-level requirements, privacy rules, equity obligations, and vendor lock-in concerns.

      Compliance Questions

      One-Sentence Brief: Why We're Here

      • In one sentence, what single compliance or risk concern brought you to evaluate identity modernization now?
      • Which single regulatory driver is the highest priority for your program? Options: Real ID, State ID law (non-Real ID), Federal identity mandate, Online services legislation, Fraud investigation findings, Other
      • Who, by title or role, will be the ultimate owner of meeting that regulatory requirement? Options: Agency CIO/CTO, Program Director, Identity Division Chief, Legal Counsel, Procurement/Contracts Officer, Other
      • How confident are you right now that your current systems will meet the top regulatory requirement on time? Options: Very confident, Somewhat confident, Unsure, Not confident
      • What would you say is the single worst operational outcome if compliance slips (citizen disruption, fines, political fallout, etc.)?

      The Deadline That's Haunting Your Calendar

      • If you had to bet the agency’s reputation on one upcoming compliance date, would you be betting on people, process, or technology? Options: People (staffing/training), Process (policy/workflow), Technology (systems/integration), All three equally, Unsure
      • List the regulatory milestones and fixed dates that must be met in the next 6, 12, and 24 months (e.g., enforcement dates, audit windows).
      • Which of these milestones are statutory (legal) deadlines versus internal program targets? Options: Statutory/legal, Internal/programmatic, Both, Unsure
      • How often have these dates shifted in the past 24 months, and what changed when they did? Options: Never, Once, Multiple times, Frequently/Unpredictable
      • If a single milestone slips, which external audience would react most strongly (oversight body, elected officials, media, citizens)? Options: Oversight/regulators, Elected officials, Media/public, Internal leadership, Other

      Rules, Levels, and the Paper Trail That Proves It

      • If your identity proofing met the letter of the assurance standard but stakeholders still said 'this doesn't feel secure enough,' what would that reveal about your true requirements? Options: We need higher assurance, We need better documentation/auditability, We need stakeholder education, Unsure
      • Which identity assurance levels must the solution support? Options: NIST IAL1, NIST IAL2, NIST IAL3, AAL1, AAL2, AAL3, Agency-defined level, Other
      • What specific audit artifacts must be produced and retained (e.g., biometric match logs, chain-of-custody, document authentication evidence)? Options: Biometric match logs, Image capture records, Document authentication reports, Operator activity logs, Full transaction audit trail, Other
      • What are your mandatory retention periods or legal hold requirements for identity records? Options: < 1 year, 1–3 years, 3–7 years, 7+ years, Indefinite/Until revoked, Varies by data type
      • Who in your organization currently signs off on audit/assurance evidence (role or committee)? Options: Compliance Officer, Legal Counsel, Security/InfoSec Lead, Program Director, Other

      Privacy, Consent & The Story You Tell Citizens

      • Are you comfortable telling citizens exactly how their biometric data will be used — and can you do that in a single plain-English sentence? Options: Yes, we already have a clear statement, We have a draft but not finalized, No, we need help crafting it, Unsure
      • Which privacy or data protection frameworks apply to your program? Options: Federal Privacy Act, State privacy law, GDPR-like standards, HIPAA, None explicitly, Other
      • Do you have an approved Privacy Impact Assessment (PIA) or Data Protection Impact Assessment (DPIA) for biometric collection and storage? Options: Approved and current, In progress, Planned, No PIA/DPIA
      • What consent model do you currently use (or are required to use) for biometric capture? Options: Explicit opt-in, Implicit/condition of service, Mandated by law (no consent option), Opt-out, Varies by use case
      • Have you experienced privacy-related complaints or FOIA/record requests related to identity records in the past three years? Options: Yes — multiple, Yes — one or two, No, Unsure
      • Are there strict data residency or cross-border transfer limits that would affect cloud hosting or vendor processing? Options: Yes — strict residency required, Some limits on transfers, No notable residency constraints, Unsure

      When Equity Is the Test: Accuracy, Trust, and Fairness

      • If testing shows your biometric system rejects a specific demographic group at 3x the rate of others, would you pause deployment, limit rollout, or continue with mitigations—and why? Options: Pause rollout, Limit rollout/pilot adjustments, Continue with mitigations, Unsure
      • Which demographic or operational cohorts are most sensitive in your population (age bands, skin tone ranges, disability, language, regional enrollment sites)? Options: Elderly, Children/minors, Diverse skin tones, Disability/assisted enrollments, Non-native language speakers, Remote/online applicants, Other
      • Do you have historical metrics for false rejection (FRR) or false acceptance (FAR) broken down by demographic group? Options: Yes — disaggregated by group, Partial data exists, No historical breakdown, Unsure
      • What disparity threshold would you consider a showstopper (e.g., >1.5x, >2x, >3x, zero tolerance)? Options: Zero tolerance, <=1.5x, <=2x, <=3x, No defined threshold, Unsure
      • Which mitigation levers are you willing to deploy if bias is detected (operator retraining, alternate enrollment pathways, algorithm tuning, procurement pause)? Options: Operator retraining, Alternate/manual adjudication pathways, Algorithm/threshold tuning, Expanded pilot and measurement, Policy/legal remedies, Other
      • Who in your organization is responsible for equity and civil liberties risk (title/office)? Options: Civil Rights/Civil Liberties Office, Legal Counsel, Equity Officer/DEI Lead, Program Director, Other

      Vendor Lock-In: Exit Isn’t an Afterthought

      • What's the last thing you want to hear three years into a contract—'we can't export your enrollment data in a usable format'—and how real is that fear today? Options: Very real, Somewhat real, Low concern, Unsure
      • Which data export and interoperability standards must a vendor support at contract exit? Options: ANSI/NIST, ISO formats, CSV/flat export, Open REST APIs, SQL/database dump, Data escrow arrangement, Other
      • How critical is the ability to self-host or port to another supplier without rebuilding integrations? Options: Critical — must be possible, Important but negotiable, Prefer vendor-managed, Unsure
      • Do your procurement templates include clauses for data portability, escrow, and transition support? Options: Yes — standard clauses present, Partial/negotiable, No — needs inclusion, Unsure
      • Which integrations would be hardest to replace (e.g., national databases, payment gateways, legacy credential printers)? Options: National identity DBs, Legacy enrollment DBs, Credential personalization/printing, Payment processors, Third-party biometric services, Other
      • What notice period and handover scope would you require to consider a vendor exit minimally disruptive? Options: 30 days, 60 days, 90 days, 6 months, Custom transition plan

      Where the Data Hides: Legacy Stores, Duplicates, and Migration Reality

      • If every ambiguous legacy record required manual adjudication, do you have the staffing and political bandwidth to do it at scale? Options: Yes — staffed and funded, Partially — would need support, No — cannot staff that effort, Unsure
      • Describe the primary legacy systems (type, approximate record count, formats) that must integrate or be migrated.
      • What duplicate/merge rate do you estimate across legacy systems today? Options: <1%, 1–5%, 5–15%, 15–30%, >30%, Unknown
      • Which legacy stores must be deduplicated prior to pilot vs. which can be reconciled post-pilot? Options: All must be deduped pre-pilot, Core systems pre-pilot, others later, Can handle post-pilot dedupe, Unsure
      • Are there legal or policy constraints on merging or altering legacy identity records (e.g., guardian consent, court orders)? Options: Yes—strict constraints, Some constraints, No notable constraints, Unsure
      • How comfortable is leadership with record deletion versus archival when resolving duplicates? Options: Prefer archival only, Allow merges with audit trail, Allow deletion where legally permissible, Unsure

      Risk Appetite: What 'Good Enough' Actually Means

      • If perfect compliance meant never launching, would you accept a phased rollout that accepts measured risk to achieve operational gains sooner? Options: Yes — phased rollout preferred, Maybe — depends on mitigations, No — cannot accept added risk, Unsure
      • Which KPIs will you use to decide whether a pilot meets risk and compliance expectations? Options: False rejection rate (FRR), False acceptance rate (FAR), Deduplication success, Audit pass rate, Privacy/consent adherence, Other
      • What are the minimum non-negotiable thresholds for biometric accuracy or dedupe performance? Options: FRR < 1%, FRR < 2%, FRR < 5%, Match accuracy > 95%, Match accuracy > 99%, No defined thresholds yet
      • Which security or assurance certifications must the vendor hold before procurement moves forward? Options: FedRAMP, FIPS 201, ISO 27001, SOC 2, NIST SP 800-53 compliance, Other
      • If a compliance gap is discovered during pilot, what remediation timeline would be acceptable (days/weeks/months)? Options: <30 days, 30–90 days, 90–180 days, >180 days, Depends on severity
      • Who has final authority to accept residual risk and sign pilot closure documents? Options: Agency CIO/CTO, Program Director, Legal/Compliance Officer, Oversight Board/Commission, Other

      Next Steps That Actually Move the Needle

      • What single decision or deliverable from a vendor would make you feel ready to approve a pilot (e.g., signed data escrow, PIA, test results)?
      • Who must be on a pilot steering committee for the work to be considered legitimate and well-governed? Options: Program Director, Legal Counsel, Security/InfoSec, Equity/DEI representative, Procurement/Contracts, Other
      • What tangible preconditions must be satisfied before you will permit a pilot to begin (e.g., PIAs approved, data sharing agreements signed, staff trained)?
      • What is your target window to begin a pilot once contract terms are acceptable? Options: Immediately (within 30 days), 30–60 days, 60–120 days, 3–6 months, Longer
      • How will pilot results be shared and escalated internally—what communication cadence and artifact types do stakeholders expect? Options: Weekly status + dashboards, Biweekly executive brief, Formal final report and scorecard, Ad hoc updates as issues arise, Other
      • Who should we schedule next—your compliance lead, legal counsel, or data custodian—to close the remaining open questions? Options: Compliance lead, Legal counsel, Data custodian/DBA, Program director, Other
  2. Current State Assessment

    Map legacy enrollment processes, data stores, duplicates, operator practices, and throughput bottlenecks driving the modernization need.

    Current State

    Start Here: Tell Us About Today

    • In a few sentences, describe your current enrollment footprint: number of sites, typical daily applicants per site, and the credentials you issue.
    • Which enrollment channels are actively used right now? Options: In-person at agency offices (fixed sites), Mobile enrollment units, Online/remote identity proofing, Partner / third-party kiosks, Field outreach events, Other
    • Do you track average end-to-end enrollment time per applicant today? Options: Yes — consistently tracked, Yes — sporadically tracked, No, but we estimate, No, we do not track
    • What single enrollment metric does your leadership most often ask for (e.g., average time, backlog, error rate)?
    • How confident are you that your current process reliably prevents duplicate identities? Options: Very confident, Somewhat confident, Not confident, Unsure
    • Tell us about one recent enrollment day that felt unusually difficult — what happened and how did it feel for staff and customers?

    Are We Just Patching Around the Real Problem?

    • What part of your enrollment system do you suspect is an illusion of working—something you tolerate that actually causes most downstream pain?
    • What workarounds or manual hacks have staff built to keep the process moving? Select all that apply. Options: Paper overrides, Manual photo uploads, Local spreadsheets for reconciliation, Shadow databases, Ad-hoc phone/verification calls, Other
    • How often do those workarounds trigger a follow-up investigation, complaint, or rework order? Options: Daily, Weekly, Monthly, Rarely, Never
    • Share a concrete example where a workaround led to a customer-facing failure or an internal crisis: what happened and who noticed it first?
    • Which of these costs best describes the impact of these patches on your program right now? Options: Increased staff hours / overtime, Slower throughput / longer queues, Higher error/appeal rates, Regulatory risk / audits, Reputational damage, Other
    • How willing is leadership to replace a familiar but fragile process with a new approach that may change roles or systems? Options: Very willing, Cautiously willing, Requires strong evidence, Reluctant / politically sensitive

    Where Do Your Records Hide—and How Messy Are They?

    • If I queried your environment for ‘applicant identity data’, how many distinct systems should I expect to find? Options: One centralized system, 2–3 systems, 4–6 systems, More than 6 / widespread
    • Which systems store identity-related data today? (Select all that apply and add names in the next question.) Options: Legacy enrollment database, CRMs / case management, Biometric matcher / FIS, Document management system, Cloud storage buckets, Third-party vendor databases, Other
    • List the system names, owners, and primary data formats (e.g., SQL, CSV exports, proprietary) for the top three sources of enrollment data.
    • Estimate your current duplicate / potential-duplicate rate across the population. Options: <0.1%, 0.1%–0.5%, 0.5%–1%, 1%–5%, >5%, Unsure / no estimate
    • Have you attempted deduplication or record merges before? If so, what tools or processes were used and why did they succeed or fail?
    • Who owns ongoing data quality and the authority to resolve duplicates—describe roles and how conflicts are adjudicated.

    Who’s Running the Show When It Matters?

    • If enrollment slowed by 50% tomorrow, which role or team would be most exposed and why?
    • Who makes operational decisions for enrollment sites (scheduling, staffing, escalation)? Options: Local site manager, Regional operations, Central program office, Third-party vendor, Hybrid/shared model
    • Describe your operator training program: initial training length, refresher cadence, and how you verify ongoing competency.
    • What is your operator turnover or vacancy rate over the last 12 months? Options: <5%, 5%–10%, 10%–20%, >20%, Unknown
    • How do frontline staff feel about current tools and processes—what do they say is the most frustrating part?
    • What escalation paths exist when an operator encounters a complex identity issue (e.g., mismatched biometrics, disputed identity)? Options: Immediate supervisor, Central adjudication team, Legal/privacy counsel, External vendors, No formal path

    When the Line Gets Long: Bottlenecks, Delays, and Backlogs

    • If you could snap your fingers and eliminate one bottleneck today, which one would free the most capacity?
    • Which of these frequently cause bottlenecks at your sites? Select all that apply. Options: Document verification time, Biometric capture retries, Manual data entry, Network/system latency, Adjudication queue, Hardware availability, Other
    • During peak periods, what average queue length or wait time do applicants experience? Options: <5 minutes, 5–15 minutes, 15–30 minutes, 30–60 minutes, >60 minutes, Unknown
    • How often do enrollment sessions end without successful completion (applicant leaves, refusal, failed capture)? Options: Daily, Weekly, Monthly, Rarely, Never
    • Describe how backlogs are cleared today: overtime, additional sites, manual rework, or other tactics.
    • What KPI change would be most meaningful to you (pick one): shorter processing time, fewer duplicates, fewer adjudications, or improved customer satisfaction? Options: Shorter processing time, Fewer duplicates, Fewer adjudications, Higher customer satisfaction, Other

    Regulatory, Legal, and Equity Landmines

    • Which regulation, legal requirement, or public concern worries you most about modernizing enrollment?
    • Which of the following compliance items apply to your program right now? Select all that apply. Options: Real ID deadlines, NIST 800-63 / IAL/AAL/IAL2/IAL3 requirements, Privacy Impact Assessment (PIA) required, Data residency/localization, Equity / anti-discrimination mandates, FedRAMP / FIPS 201 requirements, Other
    • Have you completed any bias or demographic performance assessments for your existing biometric system? If yes, summarize the findings. Options: Yes — formal assessment with report, Yes — informal/internal review, No assessment done, Assessment in progress
    • When a demographic disparity or privacy complaint has arisen, how was it handled and who led the response?
    • Do you currently have contractual language or procurement constraints intended to minimize vendor lock-in? Options: Yes — strong portability clauses, Some clauses but limited, No specific provisions, Unsure
    • What level of evidence would satisfy your legal or privacy teams to move forward with a pilot (e.g., test data results, third‑party audit, ATO documentation)? Options: Technical test results, Third-party audit/assessment, Pilot with non-production data, Formal legal review / contract amendments, Other

    If We Could Reimagine Enrollment Tomorrow

    • Imagine enrollment is faster, fairer, and auditable — what three things would change first for operators and citizens?
    • Which target KPIs matter most for a successful pilot? (Select up to three.) Options: Average enrollment time, False rejection rate by demographic, Deduplication accuracy / reduction in duplicates, Operator error rate, Number of manual adjudications, Customer satisfaction / NPS
    • What acceptance criteria would you require to consider a pilot successful? Please be specific (e.g., enrollment time < X minutes; dedupe rate > Y%).
    • What data or sample workload are you willing to provide for a pilot (select all that apply)? Options: Synthetic/test data only, Anonymized historical records, Subset of live applicant flows, No data available for pilot, Undecided / need approvals
    • How soon could your team start a small pilot if contractual and privacy questions were addressed? Options: Immediately, Within 1–3 months, 3–6 months, 6+ months, Unsure / dependent on approvals
    • Who are the essential stakeholders you would involve in a pilot decision and their roles (names/titles preferred)?

    What Would Make You Say Yes to a Pilot?

    • What are the top three non-negotiables that would prevent you from approving a pilot?
    • Which of these pilot risk mitigations would make you most comfortable? Select all that apply. Options: Data minimization & anonymization, Escrow / portability guarantees, Independent accuracy testing, Limited-scope timeboxed trial, Operator shadow mode (no citizen-facing changes), Other
    • How should success be measured and who signs off—program director, CIO, legal, or another party? Options: Program director, CIO/CTO, Legal/privacy, Operations lead, A steering committee
    • What internal approvals or documentation will we need to gather before a pilot (e.g., SOW, data sharing agreement, PIA, budget approval)? Options: Statement of Work (SOW), Data Sharing Agreement / MOU, Privacy Impact Assessment, Budget certification, Security / ATO paperwork, Other
    • Would you be willing to designate a single point of contact to run pilot logistics and approval coordination? Options: Yes — we have someone in mind, Yes — will identify after internal discussion, Maybe — depends on workload, No
  3. Outcome Discovery

    Define target KPIs (false rejection rates, deduplication targets, enrollment time), pilot success signals, and measurable acceptance criteria.

    Discovery Questions

    Starting Together: How Outcomes Feel Today

    • How would you briefly describe your current experience setting measurable outcomes for identity programs (what’s worked, what hasn’t)?
    • How often do you use quantified KPIs (not just anecdotes) to make go/no-go decisions on identity projects? Options: Never, Often, Sometimes, Rarely, Always
    • Which outcome owners in your organization currently sign off on operational KPIs? Options: Program Director, CIO/CTO, Identity Division Chief, Contracting Officer, Operations Lead, Legal/Compliance, Other
    • Can you share one recent example where a KPI (good or bad) changed project direction? What happened?

    What Would Failure Actually Look Like — and Who Feels It First?

    • If the new identity platform misses its targets, what concrete harms would your agency face in the next 6–12 months?
    • Which stakeholder groups would raise the loudest alarms (e.g., front-line operators, public advocates, federal auditors)? Options: Front-line operators, Program leadership, Legal/Compliance, Public/policy advocates, Oversight bodies/auditors, Contracting office, Other
    • How would public trust or political risk change if false rejections or demographic bias materialize at scale?
    • What short-term operational impacts would you expect (e.g., backlog growth, manual adjudication hours, credential issuance delays)? Options: Backlog growth, Increased manual adjudication, Longer enrollment time, Higher per-citizen cost, Legal challenges, None of the above, Other

    Which Numbers Will Decide This Project’s Fate?

    • Which single metric would you say is most likely to determine whether leadership continues funding this program? Options: False rejection rate (FRR), False acceptance rate (FAR), Deduplication (duplicate record) reduction, Average enrollment time, Manual adjudication rate, Credential issuance time, Other
    • From the list below, select all KPIs you expect to track during pilot and rollout. Options: False rejection rate (FRR), False acceptance rate (FAR), Deduplication reduction (%), Average time per enrollment (seconds/minutes), Throughput per operator per hour, Manual adjudication rate (%), Applicant drop-off rate at enrollment kiosk, Credential issuance lead time, System availability / uptime (%), Integration success rate with legacy DBs, Cost per enrollment, Demographic accuracy gaps
    • For the top three KPIs you just selected, please list your current baseline and the target value you would accept at pilot completion (e.g., FRR: baseline 6% → target ≤2%).
    • How soon do you expect to see measurable improvement against those targets after pilot launch? Options: Within pilot period (≤3 months), 3–6 months post-pilot, 6–12 months, 12+ months, Unsure

    What Tradeoffs Are You Willing — or Not Willing — to Make?

    • Which outcome(s) are absolutely non‑negotiable from a regulatory or public-trust perspective? Options: Specific FRR threshold, No demographic disparity >X%, Full audit traceability, No credential issuance delays, Full compliance with named regulation (e.g., Real ID), Other
    • Where could you tolerate a short-term compromise to gain long-term benefit (choose all that apply)? Options: Higher manual adjudication during migration, Slightly longer enrollment times to improve accuracy, Limited initial geographic pilot scope, Temporary SLA reductions during integration, Phased feature rollout, None of the above
    • What level of temporary manual adjudication (%) would you accept during pilot without triggering escalation? Options: 0–1%, 1–3%, 3–5%, 5–10%, >10%, Unsure
    • Are there legal, equity, or contractual limits that would make any tradeoff unacceptable? Please describe.

    If the Pilot Only Shows One Thing, It Must Be This

    • What single signal from the pilot would convince leadership the platform is fit for scale? Options: Achievement of numeric KPI thresholds, Successful legacy DB deduplication at X scale, Demonstrated demographic parity, Operational throughput targets met, Positive user/operator feedback, Other
    • Select the pilot success signals you want measured (these must be instrumented and reported). Options: KPI thresholds met for enrolment accuracy, Deduplication rate improvement, Operator enrollment time under target, Manual adjudication below threshold, No critical integration failures, Public feedback sentiment positive, Security penetration tests passed, Other
    • For each selected pilot signal, please define the numeric acceptance criteria and how it will be measured (data source and cadence).
    • How large a pilot sample do you need for results to be credible (approx. applicants/day or total participants)? Options: <100 total, 100–500, 500–2,000, 2,000–10,000, >10,000, Unsure
    • Who must sign off that the pilot passed (list specific roles/titles)?

    Trustworthy Measurement — Avoiding False Signals

    • What’s your biggest worry about pilot data being misleading or biased?
    • What minimum statistical confidence or power do you require before treating pilot results as valid? Options: 90% confidence, 95% confidence, 80% confidence, No formal requirement, Unsure
    • Which monitoring cadence feels right for pilot reporting (how frequently do you want interim reports)? Options: Daily, Weekly, Biweekly, Monthly, Milestone-based
    • Which tools or dashboards do you currently use or prefer for KPI reporting and analytics? Options: Splunk/ELK, Power BI/Tableau, SaaS analytics (vendor provided), Custom internal dashboards, Statistical analysis in R/Python, Other
    • What escalation thresholds should trigger immediate remediation (give one or two examples with numbers)?

    Bias, Equity, and the Public’s Trust — What Will You Tolerate?

    • If specific demographic groups show worse outcomes, at what point would you pause or limit rollout? Options: Any measurable disparity, Disparity > 1%, Disparity > 3%, Disparity > 5%, Only if public complaints arise, Unsure
    • Which fairness metrics must we report during pilot (select all that apply)? Options: False rejection rate by demographic, False acceptance rate by demographic, Adjudication frequency by demographic, Coverage/participation rates by demographic, Statistical parity difference, Other
    • What mitigation strategies do you expect if we detect bias (select preferred responses)? Options: Adjust algorithm threshold, Operator retraining and quality control, Targeted additional data collection, Pause rollout in affected sites, Public transparency report, Legal review
    • How should we communicate bias findings to stakeholders and the public (preferred channels and tone)? Options: Formal agency press release, Technical appendix for auditors, Community stakeholder briefings, Internal memo only, Other

    Who Signs, Who Monitors, and Who Owns the Numbers?

    • Who will be the executive sponsor accountable for outcome acceptance at pilot and handover? Options: Program Director, Agency CIO, Identity Division Chief, Operations Lead, Other
    • Which team will own day-to-day measurement, reporting, and issue triage during pilot? Options: Vendor delivery team, Agency analytics team, Joint vendor-agency working group, Third-party auditor, Other
    • What contractual or governance controls are required to make acceptance binding (e.g., SLA credits, exit triggers)?
    • If stakeholders disagree on whether acceptance criteria were met, what arbitration mechanism do you prefer? Options: Independent third-party validation, Joint review board, Executive escalation to program sponsor, Contractual mediation/arbitration, Other

    From Targets to Test Plans — Ready to Lock in Three Priorities?

    • If you had to name the three outcome priorities we should instrument first for this pilot, what would they be and why?
    • Are you able to provide a representative, anonymized dataset for pilot validation (helps reproduce baselines)? Options: Yes — full sample available, Yes — partial sample with limitations, Not yet, but we can prepare one, No, cannot share
    • What date do you need an initial baseline report by (approximate week/month)?
    • Who should be included on the weekly outcome review invite list (names or roles)?
    • What would success look and feel like to you and your team at pilot close (one-paragraph description)?
  4. Solution Experience

    Run scenario-based walkthroughs using the agency’s data and workflows to validate how the platform achieves the defined outcomes and mitigates risks.

    Experience Meetings

    • Solution Experience Kickoff — Confirm Context & Success Criteria
    • Scenario Walkthrough — Nominal Enrollment (Agency Data)
    • Scenario Walkthrough — Edge Cases, Fraud Detection & Bias Assessment
    • Integration & Throughput Validation — Dedupe, Migration Tradeoffs, and Performance
    • Validation Review & Pilot Sign‑off
    • Produce a dedupe accuracy and performance report with recommended thresholds and indexing changes.
    • Quantify false rejection and false match rates across targeted demographic cohorts and identify gaps relative to KPIs.
    • Confirm operator guidance and adjudicator SLAs are sufficient to prevent backlog and political risk.
    • Produce a prioritized mitigation plan for any scenario failing acceptance thresholds.
    • Deliver a bias assessment report with measured error rates per demographic and recommended threshold adjustments.
    • Implement tuned detection thresholds and document rationale for each change.
    • Define an adjudication staffing and SLA plan to handle projected exception volumes.
    • Schedule follow‑up tests after mitigations are applied to confirm effectiveness.
    • Integration Topology & Data Mapping Review
    • Confirm deduplication accuracy at the volumes required and agree tuning needed to meet KPIs.
    • Verify integration approach will not break existing operations and understand latency impacts.
    • Validate throughput targets and identify concrete actions to remove identified bottlenecks.
    • Agree on migration strategy options and associated manual adjudication volume projections.
    • Introductions & Objectives
    • Deliver a proposed migration strategy with estimated FTE, timeline, and expected manual adjudication load.
    • Create the performance tuning backlog with owners to resolve identified bottlenecks before pilot.
    • Finalize rollback and incident response runbook and distribute to stakeholders.
    • Executive Summary of Scenario Outcomes vs KPIs
    • Obtain formal mutual agreement to proceed to pilot with clearly documented acceptance criteria.
    • Confirm all high‑priority mitigations are assigned with delivery dates prior to pilot start.
    • Secure legal/commercial preconditions that protect portability and limit vendor lock‑in risk.
    • Establish the pilot kickoff timeline, owners, and reporting cadence.
    • Publish and circulate the Pilot Charter including site list, acceptance tests, KPIs, and dates.
    • Execute required legal and data access agreements needed for pilot (NDAs, SOW addendum, data sharing).
    • Assign owners and schedule the pilot kickoff meeting and weekly status cadence.
    • Close out any outstanding high‑priority mitigations or document residual risk acceptance before pilot starts.
    • Record and lock a crystal‑clear current state sentence that all parties acknowledge.
    • Agree quantified consequences (cost/time/risk) that create urgency.
    • Define the future state in operational terms and set measurable KPIs.
    • Finalize scenario list, required datasets, and environment access for live runs.
    • Establish validation protocol and decision gates for the experience series.
    • Document and circulate the agreed one‑sentence Current State, Consequence summary, and Future State with KPIs.
    • Deliver sanitized data extracts and grant environment access to vendor test team.
    • Publish the prioritized scenario list and assign owners for each scenario.
    • Distribute the validation checklist and signoff template for use in walkthroughs.
    • Recap Scope & Acceptance Criteria
    • Demonstrate the platform meets the enrollment time and dedupe targets for a typical applicant.
    • Verify end‑to‑end interoperability with the selected legacy system(s) used in the scenario.
    • Surface operator or UX issues that could degrade enrollment quality and propose immediate mitigations.
    • Collect SME confirmation at validation checkpoints to avoid interpretation drift.
    • Create a defect ticket for each issue observed, include severity and suggested mitigations.
    • Adjust capture configuration and retest parameter(s) shown to affect KPI (e.g., camera settings, threshold).
    • Schedule targeted operator training adjustments addressing identified technique problems.
    • Record and store logs and artifacts from the run for audit and compliance review.
    • Edge Scenario Overview & Expected Outcomes
    • Validate fraud detection logic and that flagged cases follow the agreed adjudication workflow.
    • Synthetic Identity / Fraud Run
    • Risk Register & Mitigation Commitments
    • Dedupe Accuracy Tests (Sample & Scale)
    • Environment & Data Verification
    • Current State (One Sentence)
    • Demographic & Bias Sensitivity Tests
    • Consequence Quantification
    • Pilot Scope, Sites, and Success Criteria
    • Live Walkthrough — Enrollment Flow
    • Throughput & Stress Test Results
    • Commercial, Legal & Data Portability Preconditions
    • Degraded Input & Partial Document Scenarios
    • Data Migration Tradeoffs & Strategy
    • Tie Steps Back to Consequences
  5. Solution Scope

    Define modules (biometric capture, document auth, dedupe, integrations), responsibilities, pilot sites, and acceptance tests.

    Scope Configuration

    • Biometric Enrollment and Capture
    • Document Authentication and Tamper Detection
    • Remote Identity Proofing with Liveness
    • Biometric Deduplication (1:N Search)
    • Credential Issuance and Card Personalization
    • Enrollment Kiosk Deployment and Provisioning
    • Legacy Database Connector and Synchronization
    • Federated Identity Integration (SAML/OIDC)
    • HSM Key Management and FIPS Crypto
    • Operator Training and Certification
    • Real-time Fraud Detection and Synthetic ID Flagging
    • Credential Lifecycle Management and Revocation
    • Mobile SDK for Remote Enrollment
    • Audit Logging with Tamper-Evident Export

    Scope Questions

    Biometric Enrollment and Capture

    • Which enrollment locations do you plan to support? Options: Fixed office sites, Mobile teams/vehicles, Temporary pop-up sites, Remote (user device), Combination
    • Which biometric modalities must be captured in scope? Options: Face (photo), Single finger (2D/optical), Rolled fingerprint (live-scan), Iris, Voice, Multimodal (combination)
    • What is the expected average enrollments per site per day during pilot and scale phases? Options: <50, 50-250, 250-1,000, 1,000-5,000, 5,000+
    • Which capture quality / compliance standards must be met? Options: FIPS 201, ISO/IEC 19794, NIST SP 500-288, Agency-specific spec, No formal standard
    • What maximum end-to-end capture time per enrollee is acceptable (operator time)? Options: <2 minutes, 2-4 minutes, 4-8 minutes, 8+ minutes
    • Are there environmental or accessibility constraints (e.g., outdoor, low light, wheelchair access)? Describe.

    Document Authentication and Tamper Detection

    • Which document intake modes are required? Options: On-site document scanner, Mobile camera capture (remote), Hybrid (on-site + mobile)
    • What types of identity documents must be supported? Options: Driver's license, Passport, National ID card, Birth certificate, Utility bills / proofs of address, Other
    • Is machine-readable zone (MRZ) / barcode / OCR extraction required? Options: Yes, No
    • Do you require visual security-feature analysis (hologram, UV, microprint) and tamper detection? Options: Yes - advanced feature checks, Yes - basic authenticity check, No
    • Which languages/scripts must OCR and template matching support?
    • Are there regulatory thresholds or acceptance criteria for false accepts / false rejects for document checks?

    Remote Identity Proofing with Liveness

    • Is remote (self-service) identity proofing required for the program? Options: Yes - primary channel, Yes - optional channel, No
    • What identity assurance level (IAL) or equivalent target is required? Options: IAL1 (low), IAL2 (substantial), IAL3 (high), Custom / agency-defined
    • Which liveness detection approaches are acceptable? Options: Passive liveness, Active challenge (movement/pose), Audio challenge, Combination / adaptive
    • Which device/platform constraints must the remote proofing SDK support? Options: iOS, Android, Modern desktop browsers, Older devices (specify), Agency-managed devices
    • What is the acceptable remote proofing failure rate or user retry budget before manual adjudication?
    • Are accessibility accommodations or alternative flows required for certain populations? Describe.

    Biometric Deduplication (1:N Search)

    • What is the size of the biometric repository(s) that require 1:N deduplication? Options: <100k records, 100k-1M, 1M-10M, 10M-100M, 100M+
    • Do you need cross-database deduplication across multiple legacy systems? Options: Yes - realtime, Yes - periodic batch, No - single repository
    • What search latency is acceptable for a 1:N query (ms/seconds)? Options: <100ms, 100-500ms, 500ms-2s, 2-10s, No strict requirement
    • What match score thresholds should trigger automatic match, possible match (manual adjudication), or no-match?
    • Should dedupe operate continuously in production or only during migration/pilot? Options: Continuous real-time dedupe, One-time migration dedupe, Scheduled periodic batch dedupe, Hybrid
    • Are there data protection or privacy constraints impacting how template data or search indexes are stored/queried?

    Credential Issuance and Card Personalization

    • Will the program issue physical credentials (cards) or digital credentials or both? Options: Physical cards only, Digital credentials only, Both
    • Which card personalization features are required? Options: Magstripe, Contact chip (ISO7816), Contactless (NFC), Printed visual features, PKI certificate provisioning
    • Do you require on-site personalization (per site) or centralized bureau issuance? Options: On-site personalization, Centralized bureau, Hybrid
    • What monthly issuance volume do you expect during pilot and full rollout? Options: <1k, 1k-10k, 10k-100k, 100k-1M, 1M+
    • Are there cryptographic or certification requirements for credentials (e.g., FIPS, Common Criteria, PKI interoperability)? Options: FIPS, Common Criteria, PKI / PIV-compatible, None specified, Other
    • What acceptance tests for issued credentials (e.g., chip read, visual inspection, durability) must be included?

    Enrollment Kiosk Deployment and Provisioning

    • What form factors are needed for enrollment hardware? Options: Fixed desk workstation, Self-service kiosk, Mobile tablet kit, Vehicle-mounted, Operator handheld
    • How many pilot sites and devices per site are planned? Options: 1-3 sites, 4-10 sites, 11-50 sites, 50+ sites
    • Which peripherals must be supported and provisioned (camera, fingerprint reader model, printer, card encoder)?
    • Who will manage kiosk provisioning, OS updates, and remote monitoring? Options: Agency IT, Vendor-managed, Third-party integrator, Hybrid
    • Are there site-network constraints (airgap, NAT, low bandwidth) or power/environmental limits?
    • Is secure provisioning (tamper-resistant configuration, device attestation) required for kiosks? Options: Yes, No, Undecided

    Legacy Database Connector and Synchronization

    • Which legacy data sources must be connected? Options: SQL (e.g., MSSQL), Oracle, NoSQL, Flat files / CSV, Custom API, Other
    • Do you require real-time change-data-capture (CDC) synchronization or scheduled batch imports? Options: Real-time CDC, Scheduled batch, One-time migration
    • What is the expected total record count and average record size to be synchronized?
    • Are there complex field transformations, schema mappings, or PII reformatting required? Options: Yes - extensive mapping, Yes - minor mapping, No
    • How should conflicts and duplicates be handled during sync (auto-merge, flag for manual adjudication)? Options: Auto-merge rules, Flag for manual review, Custom merge rules
    • Are retention, legal hold, or jurisdictional residency rules applicable to synchronized data?

    Federated Identity Integration (SAML/OIDC)

    • Which federation standards are required for integration? Options: SAML 2.0, OIDC / OAuth2, Both, Other
    • Which external identity providers or partner systems must be federated?
    • Are specific attribute mappings, claims, or transformations required for SSO? Options: Yes, No
    • Do you require central session management and single logout across federated systems? Options: Yes, No, Conditional
    • Is multi-factor authentication integration required as part of federation? Options: Yes - required, Optional, No
    • Are certificate management and metadata exchange processes defined for trust establishment? Options: Yes, No, Need vendor guidance

    HSM Key Management and FIPS Crypto

    • Do you require on-prem HSMs, cloud HSMs, or HSM-as-a-service? Options: On-prem HSM, Cloud HSM (managed), HSM-as-a-service, No HSM required
    • Which FIPS level or crypto certification is mandated (e.g., FIPS 140-2 Level 2/3)? Options: FIPS 140-2 Level 2, FIPS 140-2 Level 3, FIPS 140-3, No FIPS requirement, Other
    • Are HSM key lifecycle policies defined (rotation frequency, backup, split-knowledge)? Options: Yes - defined, Partially defined, No
    • Is separation of duties and multi-person authorization required for key operations? Options: Yes, No
    • Which systems will integrate with the HSM (card issuance, PKI, tokenization)?
    • What logging, audit, and export requirements exist for key events and crypto operations?

    Operator Training and Certification

    • How many operators and administrators require initial training and certification? Options: 1-10, 11-50, 51-200, 200+
    • Which training delivery modes are preferred? Options: Onsite instructor-led, Virtual instructor-led, Self-paced eLearning, Train-the-trainer
    • What certification levels or passing criteria should be enforced for operators? Options: Basic operator, Advanced operator, Supervisor/Adjudicator, No formal certification
    • Should training include hands-on scenarios using representative agency data and workflows? Options: Yes - required, Optional, No
    • What cadence is required for refresher training and re-certification? Options: Every 6 months, Annually, On major release only, Other
    • Are compliance or background-check prerequisites required before operator certification? Options: Yes, No
  6. Mutual Commit

    Agree commercial, legal, data migration, SLAs, pilot criteria, and exit/portability terms to minimize vendor lock‑in risk.

    Agreement Modules

    • Statement of Work (SOW)
    • Master Services Agreement (MSA)
    • Service Level Agreement (SLA)
    • Commercial Pricing & Payment Schedule
    • Data Migration & Portability Plan
    • Pilot Criteria & Acceptance Tests
    • Security & Compliance Addendum
    • Data Processing Agreement (DPA)
    • IP Rights & Software Licensing Agreement
    • Source Code Escrow / Escrow Agreement
    • Exit, Transition & Portability Agreement
    • Third-Party & Subcontractor Disclosure
    • Change Control & Change Order Process
    • Training, Knowledge Transfer & Certification Plan
    • Insurance, Indemnity & Risk Allocation Schedule
    • Governance, Reporting & Steering Committee Charter
    • Privacy, Equity & Bias Mitigation Plan
    • Regulatory & Audit Support Commitment
  7. Deployment

    Operationalize rollout with readiness checks, training, sequencing, and validation to control equity, data migration, and scale risks.

    1. Pre-Deployment Readiness

      Confirm data migration plans, test environments, operator training, and mitigation strategies for demographic bias and manual adjudication.

      Readiness Questions

      Getting Oriented: A Quick Snapshot

      • Which office or program are you representing today and what is your role? Options: CIO/CTO, Program Director, Identity Division Chief, Procurement/Contracts, Operations/Site Manager, Other
      • What's the primary trigger driving modernization for you right now (pick the most urgent)? Options: Real ID / regulatory deadline, Fraud / synthetic identity discovery, Legislative push for online services, Performance/backlogs, Security incident, Other
      • Who are the core stakeholders we should know about for decision-making and why (names/titles if possible)?
      • Do you already have a target go‑live window or hard deadline? If so, when? Options: Within 3 months, 3–6 months, 6–12 months, 12+ months, No fixed date yet
      • What would you like our time together to accomplish in the next 30 days?

      Are We Just Patching Around the Real Problem?

      • If I told you 'we can paper over the symptoms but not the cause'—where do you think you might be doing that today? Options: Temporary manual checks, Ad hoc vendor scripts, Separate legacy systems still in use, Manual adjudication backlog, Other
      • Tell me about a specific recent case where a workaround failed to prevent an operational or compliance issue—what happened and who felt the pain?
      • How often do these workarounds create rework, delays, or complaints that ripple into other teams? Options: Daily, Weekly, Monthly, Rarely, Unsure
      • How long have you tolerated this pattern before deciding to pursue modernization? Options: Under 6 months, 6–12 months, 1–2 years, 2+ years
      • If nothing changes, what negative outcome worries you most (compliance penalties, public complaints, processing collapse, other)? Options: Compliance penalties, Public equity complaints, Increased fraud, Processing backlog, Vendor lock-in, Other

      Where the Risk Really Hides

      • Which hidden compliance or equity risks keep you awake at night that current systems aren’t addressing? Options: Real ID deadlines, Assurance-level mismatch, Privacy law gaps, Demographic bias in biometrics, Unclear audit trail, Other
      • When was the last formal audit or risk review of your identity enrollment systems, and what were its top findings? Options: Within 6 months, 6–12 months, 1–2 years, Never / informal only
      • Do you have recorded assurance-level requirements (e.g., NIST 800-63 levels) for your services and where do you fall short? Options: AAL2/IAL2 required and met, AAL2/IAL2 required but gaps exist, Higher assurance required (AAL3/IAL3), Not formally defined
      • What specific regulatory or legislative deadlines (Real ID or other) are we mapping to, and how firm are those dates?
      • Have you experienced or anticipated public equity complaints related to biometric false rejects? If yes, how were/are they handled? Options: Yes—formal complaints, Yes—informal feedback, No, Unsure

      When Enrollment Stalls: The Human Story

      • What human or operational failures—training gaps, inconsistent operator behavior, or site variability—most often cause enrollments to fail? Options: Insufficient operator training, Poor hardware setup, Inconsistent workflows, High adjudication rate, Language/accessibility gaps, Other
      • Can you share a concrete example of an enrollment that required manual adjudication or caused a customer escalation? What was the root trigger?
      • On average, what percentage of enrollments require human intervention or second-stage review today? Options: <1%, 1–5%, 5–15%, 15–30%, 30%+
      • How consistent is operator performance across sites—do some teams reliably outperform others? If yes, what explains that difference? Options: Very consistent, Some variability, Highly variable, Unknown
      • How do failed or delayed enrollments affect public trust or your agency's political exposure?

      If We Could Measure Success in One Number

      • If you had to name the single most important KPI for a pilot to prove value, what would it be? Options: False rejection rate (FRR), False acceptance rate (FAR), Average enrollment time, Deduplication rate, Operator error rate, Customer satisfaction
      • What are your target thresholds for those KPIs (provide numbers if possible)?
      • Which of these outputs must be demonstrably improved in pilot to greenlight scale: accuracy, throughput, interoperability, or community impact? Options: Accuracy, Throughput, Interoperability, Community equity impact, All of the above, Other
      • Do you have historical baseline data we can use to compare pilot results (match rates, processing times, adjudication volumes)? Options: Yes—complete datasets, Partial data available, No historical data, Working on gathering it
      • How will leadership decide success after the pilot—what outcomes will earn advocacy vs. skepticism?

      What Would a Safer, Faster Enrollment Day Look Like?

      • Imagine a typical enrollment day where delays, errors, and equity complaints are rare—what happens differently in that scenario?
      • Which parts of the enrollment workflow must remain unchanged for operations to accept a new platform (what are sacred processes)? Options: Data capture fields, Operator roles, Local policies, Interfacing legacy systems, Other
      • What integrations are mandatory from day one (legacy databases, DMV back-ends, credential printers, external ID registries)? Options: Legacy enrollment DBs, Credential issuance system, Biometric matcher, National ID registry, Payment systems, Other
      • How important is in‑place data migration vs. a phased parallel approach with sync/replication? Options: Full migration up front, Phased migration with sync, Keep legacy as source of truth, Unsure—need recommendations
      • What would reduced processing time per applicant mean for your daily operations (staffing, throughput, backlog)?

      Trading Commitments: What’s Non‑Negotiable?

      • If forced to pick, what contractual or technical commitments are absolute non-negotiables for you? Options: Data portability, Exit/portability terms, SLAs for uptime/latency, FedRAMP/FIPS compliance, On-premise deployment option, Other
      • What level of SLA failure would trigger executive escalation or penalties? Options: <99.9% uptime, Match latency > threshold, Data breach, High false reject spike, Other
      • How do you define acceptable vendor lock‑in risk and what contractual language or technical controls would reduce that risk?
      • Which certifications or attestations must the vendor possess before procurement can proceed? Options: FedRAMP, FIPS 201, NIST 800-63 compliance, ISO 27001, SOC 2 Type II, Other
      • What data residency or encryption controls are required for your citizen data? Options: In‑country residency, At-rest encryption, Field-level encryption, Key management by agency, Other

      Picking the First Win: Pilot Design and Readiness

      • What would count as a clear, low-risk pilot site where success is both measurable and politically acceptable? Options: Single DMV office, Regional benefits center, Border control lane, Mobile outreach site, Other
      • How many pilot sites and what applicant volumes do you think are realistic for an initial test? Options: 1 site / low volume, 2–3 sites / moderate volume, Multiple sites / high volume, Unsure—need guidance
      • What datasets would you allow us to run tests on (sanitized production, synthetic, parallel live traffic)? Options: Sanitized production data, Synthetic datasets, Parallel live traffic, No production data allowed, Other
      • What training and certification requirements should operators meet before the pilot launches? Options: One-day training, Hands-on certification, Refresher every quarter, Shadowing experienced operator, Other
      • What are the top three signals during a pilot that would make you pause or stop the test?
      • Who will own day-to-day pilot execution and who will be the escalation contact for technical issues?

      The Decision Room: Budgets, Timelines, and Politics

      • What governance processes and approvals are required to move from pilot to procurement to enterprise rollout?
      • Where does the budget for this program come from, and how flexible is it if unplanned migration costs arise? Options: Central IT budget, Program-specific funding, One-time capital, Grants/federal funding, Unclear/contingent
      • Which internal or external stakeholders are likely to be the biggest supporters, and who tends to be the most skeptical?
      • What political or community sensitivities should we be mindful of when designing biometric collection and public messaging? Options: Privacy advocates, Civil rights groups, Local elected officials, Media scrutiny, None/low sensitivity
      • How fast do you realistically need vendor proposals, and what procurement vehicle (RFP, cooperative contract, sole source) will you use? Options: RFP, Cooperative contract, Sole source, GSA schedule, Other

      Next Steps Together: A Focused Commitment

      • Based on our conversation, what would a sensible first milestone look like in the next 30–60 days? Options: Data inventory completed, Pilot site selected, Proof-of-concept run, Contractual terms drafted, Other
      • What additional information or assurances do you need from a vendor to feel comfortable advancing to a pilot? Options: Detailed security docs, Technical integration plan, Fixed-cost pilot, Operator training plan, Reference site visits, Other
      • Who should be our single point of contact for scheduling technical workshops and who signs technical acceptance at the end of a pilot?
      • On a scale from 1–5, how ready is your agency to commit resources to a pilot within the next quarter? Options: 1 - Not ready, 2 - Slightly ready, 3 - Moderately ready, 4 - Mostly ready, 5 - Fully ready
      • What lingering concerns, if any, would you like us to address before we draft a pilot statement of work?
    2. Deployment Enablement

      Schedule site design, hardware provisioning, training, and pilot execution with clear owners, timelines, and escalation paths.

    3. Validation & Interoperability Testing

      Verify biometric accuracy, deduplication rates, legacy database integration, and security tests against acceptance criteria before scale.

      Validation Questions

      Why Are We Here, Really?

      • In one sentence, what immediate event or deadline brought this identity modernization project to the top of your list? Options: Real ID compliance deadline, Fraud spike / synthetic identity discovery, Legislative or policy mandate for online services, Operational backlog causing service failure, Budget window or funding opportunity, Other
      • Who will be the ultimate decision-maker on whether to proceed with a pilot or procurement, and who influences that decision most? Options: Agency CIO, Program Director, Identity Division Chief, Contracting Officer, Chief Legal Counsel, Operations Director, Privacy Officer, Other
      • What is your target timeline for a pilot sign‑off and for a first small rollout? Be specific about months or quarters. Options: Next 3 months, 3–6 months, 6–12 months, 12+ months, Unsure / Dependent on approvals
      • Which non-negotiable constraints are driving this timeline (pick all that apply)? Options: Regulatory deadline (Real ID or similar), Budget cycle/fiscal year, Procurement timelines, Public communications or elections, Existing vendor contract end date, Other
      • How do you feel about the current urgency—confident we can meet it, cautiously optimistic, or worried about missing it? Tell us why. Options: Confident, Cautiously optimistic, Worried, Unsure

      What’s Breaking Under the Surface?

      • If you had to name the one part of your identity lifecycle you’re most embarrassed to show a peer, what would it be and why?
      • How often do those failure modes occur (e.g., false rejections, duplicate enrollments, operator errors)? Options: Daily, Weekly, Monthly, Quarterly, Rarely, Unknown / not measured
      • Where do these failures hit hardest—customer wait times, legal exposure, program integrity, public trust, or operational cost? Options: Customer wait times, Legal/regulatory exposure, Program fraud risk, Public trust and complaints, Operational cost and overtime, Other
      • Can you share a recent concrete example or story where the current system failed or nearly failed (what happened and what was the fallout)?
      • How long has this particular pain point been tolerated before someone raised it as a priority? Options: Less than 6 months, 6–12 months, 1–3 years, 3+ years, Always been this way

      Who Holds the Keys — and the Pain?

      • Who actually approves vendor selection — and where does the invisible resistance (political, cultural, technical) usually come from in your agency?
      • Which teams will need to be actively engaged during discovery and pilot (pick all that apply)? Options: Identity/Enrollment ops, IT/Infrastructure, Procurement, Legal / Contracts, Privacy / CIVIL RIGHTS, Data Governance, Security / ISSO, Field operations / site managers, Public affairs / Communications, Other
      • Which team has the final sign‑off for security certifications, and are there specific attestations they require? Options: Security Team (ISSO), Compliance / Audit, Third‑party assessor, No formal sign‑off process, Other
      • What procurement or contracting model do you prefer or must follow (GSA schedule, RFP, IDIQ, sole source, other)? Options: RFP / competitive, GSA schedule, IDIQ / blanket purchase, Sole source, Pilot-to-procure, Unsure
      • Thinking about stakeholders’ emotions: who is most excited, who is skeptical, and what are each group’s core fears?

      Show Me the Data We Can't Ignore

      • If your legacy data could speak, would it warn us that it’s messy, siloed, incomplete, or actually surprisingly ready? Options: Messy and inconsistent, Siloed across agencies, Mostly clean but missing fields, Surprisingly ready, Unknown / undocumented
      • Which data sources must be deduplicated or reconciled in any migration or integration (select all that apply)? Options: Central enrollment DB, Branch/local office records, Legacy SQL/Oracle instances, Paper records scanned to CSV, Third‑party background checks, Other agency registries (voter, benefits), No centralized list / unsure
      • Estimate the size and shape of the data migration we should plan for (number of records, average documents per record, and any unusual formats).
      • Which of the following describes your current technical interfaces or integration patterns? Options: Real‑time REST APIs, SOAP services, Batch ETL jobs, Manual file exchange (CSV/Excel), Direct DB connections, No stable integration layer
      • What data quality metrics do you currently track (e.g., duplicate rate, missing fields, FTEs spent on manual adjudication)? Please include current values if available.

      How Do You Measure Success (and Failure)?

      • What single KPI would make you declare the pilot a success? (Pick one that would make leadership sleep better.) Options: Biometric False Rejection Rate (FRR), Deduplication rate reduction, Average enrollment time, Reduction in manual adjudication hours, Successful integration with legacy DBs, Other
      • Set realistic acceptance thresholds for the pilot for these metrics: facial FRR, dedupe detection rate, enrollment throughput (applicants/hour). If unknown, select 'Need help establishing.' Options: FRR < 1%, FRR 1–3%, FRR > 3%, Dedupe detection > 95%, Dedupe detection 85–95%, Throughput > 15 applicants/hour/site, Need help establishing
      • What tolerance do you have for manual adjudication during pilot (percentage of enrollments requiring human review) and how many trained adjudicators are available? Options: <1% manual review, 1–5%, 5–15%, >15%, Unknown / need to staff
      • How will you measure equity across demographic groups during pilot, and which demographics are highest priority to protect? Options: Age, Gender, Race/ethnicity, Disability status, Geography / rural vs urban, Language, Other
      • If the pilot misses a KPI but shows strong potential in others, what tradeoffs are you willing to accept to continue development? Options: Extend pilot timeline, Add operator training, Increase manual review temporarily, Require product fixes before rollout, Stop the project, Unsure

      Equity, Trust, and the Public's Gut Check

      • Imagine a community group publicly questions your use of biometrics—what single argument would make you seriously reconsider or pause?
      • Have you experienced formal complaints, FOIA requests, or legal challenges related to identity collection or biometric use in the last three years? Options: Yes—legal challenge, Yes—public complaints, Yes—FOIA/privacy inquiry, No, Unsure
      • Which safeguards do you require to demonstrate fairness and protect privacy during a pilot (pick all that apply)? Options: Transparent accuracy reporting by demographic, Independent bias testing, On‑site human adjudication with auditing, Data minimization and retention limits, Public communications plan, Consent workflows
      • How comfortable are you publishing pilot accuracy and fairness results publicly, and what would make you comfortable? Options: Fully comfortable, Comfortable with redaction, Only with legal review, Not comfortable
      • What internal or external stakeholders must be consulted before any public messaging about biometrics or pilot outcomes (e.g., Civil Rights office, unions, community groups)? Options: Civil Rights / Equity office, Unions / employee reps, Legal Counsel, Public Affairs, Local elected officials, Community advisory groups, Other

      Integration Math: What Has to Fit Together

      • What would stop this project cold if systems can’t exchange data seamlessly—missing a single API, incompatible identifiers, or something else?
      • List the primary external systems we must interoperate with during pilot (select all that apply). Options: State DMV legacy DB, Central civil registry, Border security database, Benefits eligibility system, Third‑party background checks, Credential printing system, No external integrations required
      • Which authentication and transport standards does your environment require for integrations (select all that apply)? Options: OAuth 2.0 / OpenID Connect, Mutual TLS, SAML, VPN / IP allowlist, SFTP / secure file transfer, Encrypted batch exports, None specified / TBD
      • Do you have a staging environment and sample production‑like data we can use for interoperability tests? If not, what are the barriers? Options: Yes—full staging with scrubbed data, Limited staging with subset, No staging available, Staging available but no scrubbed data, Other
      • How many concurrent sites and what peak daily volume must integrations support during rollout planning? Options: Single pilot site, 2–5 sites, 6–25 sites, 25+ sites, Unsure / need help estimating

      What Would Success Look Like — and What’s the Exit Plan?

      • If you could freeze a successful future state in 12 months, what three concrete things would be true about your identity program?
      • How important is vendor portability and exit/portability terms to you when evaluating solutions? Options: Critical — must be able to switch without rebuild, Important — prefer portability, Nice to have, Not a priority
      • Which contractual protections matter most to you (select up to three)? Options: Data portability and exports, Clear exit/transition plan, Performance SLAs with penalties, IP / algorithm transparency, Independent audits, Price or scope guarantees
      • What ongoing operational model do you envision after rollout—fully internal, vendor‑managed, hybrid, or a managed service with local operators? Options: Fully internal, Vendor‑managed (SaaS), Hybrid (vendor + govt ops), Managed service with subcontractors, Unsure / want options
      • What would you need from us this month to feel confident moving to a pilot (design doc, proof of concept, cost estimate, security package, stakeholder intro)? Options: Design / architecture doc, Proof of concept with sample data, Detailed cost estimate, Security and compliance package, Workshop with stakeholders, All of the above, Other
  8. Success

    Review pilot and rollout outcomes against KPIs, capture lessons learned, and maintain a shared issues and enhancement tracker for continuous improvement.

    Success Reviews

    • Pilot Outcomes Diagnostic (Solution Experience)
    • Rollout Acceptance & Scale Decision
    • Lessons Learned & Continuous Improvement Workshop
    • Issues & Enhancements Triage (Recurring)
    • Executive Summary & Strategic Decision

    Issues & Enhancements

    • Keep the issues/enhancements tracker current and prioritized for engineering and ops work.
    • Draft and circulate formal acceptance memo reflecting decision and any conditions for sign-off.
    • Update project plan with phased rollout dates, owners, and gating KPIs.
    • Legal/Procurement to prepare any required change orders or SLA amendments.
    • Communications owner to prepare internal/external messaging for the rollout decision.
    • Workshop Framing & Desired Outputs
    • Produce a prioritized improvement backlog with measurable acceptance criteria for each item.
    • Identify root causes for recurring failures and agree on corrective actions (technical, operational, training).
    • Capture operator and equity feedback and encode required mitigations into the backlog.
    • Assign owners and timelines so improvements are actionable and traceable.
    • Populate the shared issues/enhancements tracker with prioritized backlog items and acceptance tests.
    • Ops to schedule targeted operator retraining sessions and share materials within 10 business days.
    • Engineering to estimate effort and provide timeline estimates for top 5 technical fixes.
    • Equity lead to propose demographic bias mitigation experiments and measurement plan.
    • Review Open Critical Issues
    • Introductions & Meeting Objectives
    • Commit critical fixes to the next available sprint with owners and clear acceptance criteria.
    • Ensure timely stakeholder communications for high-impact items.
    • Update tracker statuses and assign SLO-driven ETAs for all open critical issues.
    • Engineering lead to add committed fixes to sprint board and notify QA of acceptance tests.
    • Communications lead to send weekly status digest to executive and operational stakeholders.
    • Concise Executive Summary
    • Secure executive decision on whether to scale, conditionally scale, or extend the pilot.
    • Obtain approval for required funding and procurement actions tied to the chosen option.
    • Agree on executive communications and oversight cadence for the next phase.
    • Prepare executive decision memo and circulate to signing authorities.
    • If approved, allocate budget and instruct procurement to execute amendments/change orders.
    • Publish executive-facing status summary and schedule oversight checkpoints for the rollout phase.
    • Establish a single, agreed one-sentence current state describing what is breaking and who is affected.
    • Quantify the operational and compliance consequences of KPI shortfalls in concrete terms (hours, $/case, complaint risk).
    • Validate which aspects of the future state the platform proved and which require remediation, with stakeholder confirmation.
    • Produce an agreed list of prioritized remediation items and data artifacts required for root-cause analysis.
    • Customer to deliver anonymized pilot datasets and logs for flagged scenarios within 3 business days.
    • Platform engineering to run targeted diagnostics on top 3 failure modes and deliver findings in 5 business days.
    • Schedule technical deep-dive session with ops and vendor engineers to resolve top-priority items.
    • Update shared KPI dashboard with final, validated numbers and mark items needing remediation.
    • Executive Recap of Pilot Findings
    • Reach a documented acceptance decision (full acceptance, conditional acceptance, or remediation required).
    • Agree a phased rollout plan with timelines, owners, and go/no-go gates tied to KPIs.
    • Identify contractual or funding actions required before scale and assign owners to complete them.
    • Acceptance Criteria Mapping
    • Timeline Walkthrough of Pilot Events
    • One-sentence Current State
    • New Issues & Customer Escalations
    • ROI & Operational Impact
    • Options & Recommended Path
    • KPI Dashboard Walkthrough
    • Facilitated Root-Cause Analysis
    • Risk & Mitigation Review for Scale
    • Prioritization & Sprint Commitments
    • Quick Wins & Operational Adjustments
    • Operator & Field Feedback
    • Phased Rollout Plan & Timeline
    • Consequence Quantification
    • Funding & Procurement Implications
    • Scenario Proofs (Diagnosis -> Proof)
    • Equity, Bias & Public Feedback Review
    • Status Communications & Stakeholder Updates
    • Commercial/Contractual Implications
    • Decision & Endorsement
First-Party AI

1-2 minutes please — Your AI agent is working

First-Party AI™ can make mistakes. Always check important information.