stage 9 content retrieval plan
Raw Data
This file contains raw search retrieval results or agent logs. The content below shows the original markdown source.
---
layout: raw-data.njk
title: "stage 9 content retrieval plan"
---
# Stage 9: Content Retrieval Plan
## Date and Agent
- Date: 2025-11-20
- Agent: Stage 9 - Content Retrieval Planning
## Objective
Create a detailed, systematic plan for retrieving all content needed from the MCP server to populate the restructured 9-section consolidated identification standards document. This plan will guide 4 parallel agents in Stage 10 to execute systematic content retrieval while preserving all DocRef citations and tracking source URIs for link management.
---
## Executive Summary
This plan addresses the approved 9-section structure from Phase 1, incorporating Tom's critical guidance on:
1. **Core standards text cannot be modified** - only structure/presentation improved
2. **Link tracking challenge** - intra-document links need careful management since docrefIDs haven't been assigned yet
3. **Single auto-generated TOC** - structure headings for optimal DocRef system TOC generation
4. **Conformance focus** - Section 8 includes practical preparation requirements, not just assessment process
The retrieval will be executed by **4 parallel agents** (10A, 10B, 10C, 10D), each handling 2-3 sections with clear, non-overlapping assignments. Each agent will preserve all DocRef citations, track source URIs meticulously, and save retrieved content in structured RetrievalResults/ folders.
---
## Approved Structure Reference
### The 9-Section Consolidated Document
**Section 1**: Understanding Conformance with Identification Standards
**Section 2**: Assessing Your Identification Risk
**Section 3**: Selecting Your Assurance Levels
**Section 4**: Federation Assurance Standard & Implementation
**Section 5**: Information Assurance Standard & Implementation (+ NCSC cybersecurity)
**Section 6**: Authentication Assurance Standard & Implementation (+ Biometric Privacy)
**Section 7**: Binding Assurance Standard & Implementation
**Section 8**: Demonstrating Conformance (with practical preparation requirements)
**Section 9**: Reference Materials (terminology, templates, authenticator types, EIVA mention)
---
## Link Tracking System Design
### The Critical Challenge
**Tom's Guidance**: "When it comes to cross-linking, these will need to be achieved through DocRef links back to the document, where the block IDs docrefIDs have not yet been assigned, so we need a simple method of being confident about which links go where (if the links are intra-document links as opposed to inter-document links back to existing standards documentation)."
### Link Types Classification
#### Type 1: Inter-Document Links (SAFE - No Special Handling Needed)
Links from new consolidated document BACK to existing DocRef documents:
- Links to existing standards documents on DocRef
- Links to DISTF Act/Rules
- Links to Privacy Act
- **Format**: `[Text](/nz/identification-management/document-path/)` or full URL
- **Example**: `[Information Assurance Standard](/nz/identification-management/information-assurance-standard/)`
- **Tracking**: Preserve existing DocRef URLs from MCP server results
#### Type 2: Intra-Document Links (REQUIRES TRACKING)
Links WITHIN the new consolidated document (not yet assigned docrefIDs):
- Cross-references between sections (e.g., Section 1 → Section 8)
- References to controls in other standards (e.g., Section 4 FA1.01 → Section 5 IA3.02)
- Navigation to terminology definitions
- **Challenge**: Target docrefIDs don't exist yet
- **Solution**: Use heading-based anchor system with tracking
### Proposed Tracking Solution
#### Heading-Based Anchor System
**Convention**: All section headings become anchors using standard markdown convention:
```markdown
## Heading Text Here
→ becomes anchor: #heading-text-here
(lowercase, hyphens for spaces, no punctuation)
```
**Examples**:
- `## Objective 1 — Credential risk is understood` → `#objective-1-credential-risk-is-understood`
- `#### FA1.01 Control` → `#fa1-01-control`
- `### Selecting Your Assurance Levels` → `#selecting-your-assurance-levels`
#### Anchor Reference Tracking File
**Location**: `RetrievalResults/00_anchor_reference_map.md`
**Purpose**: Central registry of all headings and their anchor links for retrieval agents to reference
**Format**:
```markdown
# Anchor Reference Map
## Section 1: Understanding Conformance with Identification Standards
- #understanding-conformance-with-identification-standards (H2)
- #who-needs-to-conform-with-these-standards (H3)
- #benefits-of-conformance (H3)
- #how-the-conformance-process-works (H3)
- #your-conformance-journey-map (H3)
## Section 2: Assessing Your Identification Risk
...
## Section 4: Federation Assurance Standard
- #federation-assurance-standard-implementation (H2)
- #objective-1-credential-risk-is-understood (H3)
- #fa1-01-control (H4)
- #fa1-01-guidance-risk-assessment (H4)
...
```
#### Source URI Tracking in Retrieved Content
**Every retrieved content file must include header**:
```markdown
# Retrieved Content Metadata
**Source Document**: nz/identification-management/federation-assurance-standard/2025/en/
**Source URI**: nz/identification-management/federation-assurance-standard/2025/en/#part1-obj1-fa1-01
**Source URL**: https://docref.digital.govt.nz/nz/identification-management/federation-assurance-standard/2025/en/#part1-obj1-fa1-01
**Query Used**: semantic_search("federation credential risk assessment")
**Retrieval Date**: 2025-11-20
**Destination Section**: Section 4 - Federation Assurance Standard
**Destination Anchor**: #fa1-01-control
---
[Retrieved content with preserved DocRef citations follows]
```
#### Link Tracking Strategy for Retrieval Agents
**Step 1**: Retrieve content with MCP server (preserves existing DocRef citations)
**Step 2**: Save to RetrievalResults with full metadata header
**Step 3**: Note any cross-references in content that will become intra-document links
**Step 4**: Update anchor reference map with new headings discovered
**Step 5**: In Stage 11 (writing), replace placeholder references with heading-based anchors
**Example**:
```markdown
# Original content from MCP server:
"See [Information Assurance Standard](/nz/identification-management/information-assurance-standard/) for information quality controls."
# In retrieval results, note:
**Cross-Reference Note**: This link to IA standard will become intra-document link in consolidated version. Target section: Section 5. Suggested anchor: #information-assurance-standard
# In Stage 11 writing:
"See [Information Assurance Standard](#information-assurance-standard-implementation) for information quality controls."
```
### Inter vs. Intra-Document Link Decision Matrix
| Original Link Target | Link Type | Handling in New Document |
|---------------------|-----------|-------------------------|
| Existing IA standard document | Inter-document | Keep original DocRef link OR convert to anchor |
| Existing FA standard document | Inter-document | Keep original DocRef link OR convert to anchor |
| DISTF Act/Rules | Inter-document | Keep original DocRef link (external) |
| Privacy Act | Inter-document | Keep original DocRef link (external) |
| Control within same integrated section | Intra-document | Use heading-based anchor |
| Section 1 → Section 8 | Intra-document | Use heading-based anchor |
| Terminology definition | Intra-document | Use heading-based anchor to Section 9 |
### Critical Decision: Core Standards Links
**Question**: When Section 1 references "Authentication Assurance Standard", should it link to:
- **Option A**: Original DocRef document (inter-document link)
- **Option B**: Section 6 of new consolidated document (intra-document anchor)
**Recommendation**: **Option B - Intra-document anchors**
- **Rationale**: New consolidated document IS the primary resource, not a supplement
- Users should navigate within single document, not jump to fragmented originals
- Inter-document links should only be for external authorities (DISTF, Privacy Act)
- **Implementation**: Convert all standard-to-standard links to intra-document anchors
**Exception**: DocRef citations for traceability remain unchanged (always inter-document)
---
## Database Overview
### Collection Statistics
- **Total Nodes**: 9,374 DocumentNode entities
- **Total Documents**: 30 documents
- **Embeddings Coverage**: 79.5% (7,454 nodes with 768-dim vectors)
- **Relationships**: 9,090 CHILD_OF + 74,485 SEMANTIC_SIMILARITY
- **Virtual Nodes**: 229 (created for missing parents)
### Key Documents by Node Count
| Document | Nodes | Relevance |
|----------|-------|-----------|
| Privacy Act | 3,611 | Reference only (Section 9) |
| DISTF Act | 935 | Reference context (Section 1) |
| Federation Assurance Standard | 431 | Core - Section 4 |
| Implementing Federation Standard | 438 | Guidance - Section 4 |
| Identification Terminology | 383 | Reference - Section 9 |
| DISTF Rules 2024 | 348 | Reference context (Section 1) |
| Authentication Assurance Standard | 328 | Core - Section 6 |
| Implementing Authentication Standard | 280 | Guidance - Section 6 |
| DISTF Regulations | 242 | Reference context (Section 1) |
| Assessing Identification Risk | 225 | Primary - Section 2 |
| Implementing Information Standard | 214 | Guidance - Section 5 |
| Counter-Fraud Techniques | 212 | Supplementary - Section 2 |
| Conforming with Standards | 205 | Primary - Sections 1, 8 |
| Authenticator Types | 204 | Reference - Section 9 |
| Derived Information | 177 | Reference - Section 9 |
| Information Assurance Standard | 169 | Core - Section 5 |
| Binding Assurance Standard | 161 | Core - Section 7 |
| Implementing Binding Standard | 158 | Guidance - Section 7 |
| Authority to Act | 154 | Reference - Section 9 |
| Using Documents as Evidence | 125 | Guidance - Section 7 |
| Levels of Assurance | 90 | Primary - Section 3 |
| About Identification Management | 60 | Context - Section 1 |
| Overview of Standards | 51 | Context - Section 1 |
| Training and Clinics | 45 | Reference - Section 8 |
| Guidance (navigation page) | 32 | Skip (navigation only) |
| Standards (navigation page) | 26 | Skip (navigation only) |
| Superseded Standards | 20 | Reference - Section 9 |
| Contact Team | 12 | Skip (contact info) |
| Digital Identity Programme | 6 | Reference - Section 1 |
### Content Categories Distribution
| Category | Count | Primary Use |
|----------|-------|-------------|
| text | 3,384 | Main content paragraphs |
| structural | 1,065 | Section containers |
| metadata | 669 | Document info |
| list | 611 | Enumerated requirements |
| virtual | 229 | Skip (structural only) |
| example | 178 | Implementation examples |
| definition | 107 | Terminology (Section 9) |
| table | 106 | Data presentation |
| figure | 48 | Diagrams |
| heading | 37 | Section titles |
| root | 12 | Document roots |
---
## Section-by-Section Retrieval Plans
### Section 1: Understanding Conformance with Identification Standards
#### Content Scope
Introduction establishing relevance, DISTF context, benefits, conformance process overview, user journey.
#### Source Documents
**Primary**:
- `nz/identification-management/conforming-with-the-identification-standards/2025/en/` (205 nodes)
- `nz/identification-management/overview-of-the-identification-standards/2024/en/` (51 nodes)
- `nz/identification-management/about-identification-management/2022/en/` (60 nodes)
**Supplementary**:
- `nz/distf/14/en/` (935 nodes - DISTF Act, selective retrieval for context)
- `nz/dia-distfr/2/en/` (348 nodes - DISTF Rules, selective retrieval)
- `nz/identification-management/digital-identity-programme/2024/en/` (6 nodes)
#### Retrieval Queries
**Query 1**: Full conformance document
```json
{
"tool": "search_by_document",
"params": {
"document_uri": "nz/identification-management/conforming-with-the-identification-standards/2025/en/",
"limit": 100
}
}
```
**Query 2**: Overview and introduction content
```json
{
"tool": "search_by_document",
"params": {
"document_uri": "nz/identification-management/overview-of-the-identification-standards/2024/en/",
"limit": 100
}
}
```
**Query 3**: Conceptual background
```json
{
"tool": "search_by_document",
"params": {
"document_uri": "nz/identification-management/about-identification-management/2022/en/",
"limit": 100
}
}
```
**Query 4**: DISTF mandatory context
```json
{
"tool": "semantic_search",
"params": {
"query": "DISTF mandatory requirements who must conform identification standards",
"limit": 20,
"min_score": 0.75
}
}
```
**Query 5**: Benefits and rationale
```json
{
"tool": "semantic_search",
"params": {
"query": "benefits of conformance with identification standards risk reduction interoperability",
"limit": 15,
"min_score": 0.7
}
}
```
**Query 6**: Conformance process overview
```json
{
"tool": "semantic_search",
"params": {
"query": "conformance assessment process stages timeline how to demonstrate conformance",
"limit": 20,
"min_score": 0.75
}
}
```
#### Expected Content Coverage
- **70%** from existing sources (conforming document, overview)
- **30%** new framing/organization (active voice conversion, workflow introduction)
#### Special Requirements
- **DISTF emphasis**: Per Tom's guidance, acknowledge DISTF as primary use case but don't "self-defeating distance"
- **Active voice conversion**: "Conforming with Standards" document has passive voice patterns
- **User journey framing**: NEW content introducing workflow approach
#### Assigned To
**Agent 10A**: Foundation Sections (1-3)
#### Priority
**HIGH** - Entry point establishes entire document approach
---
### Section 2: Assessing Your Identification Risk
#### Content Scope
Risk assessment methodology, threat scenarios, counter-fraud considerations, practical tools.
#### Source Documents
**Primary**:
- `nz/identification-management/assessing-identification-risk/2025/en/` (225 nodes)
- `nz/identification-management/counter-fraud-techniques/2023/en/` (212 nodes)
**Cross-Reference**:
- Links to Section 3 (mapping risk to assurance levels)
#### Retrieval Queries
**Query 1**: Full risk assessment document
```json
{
"tool": "search_by_document",
"params": {
"document_uri": "nz/identification-management/assessing-identification-risk/2025/en/",
"limit": 100
}
}
```
**Query 2**: Full counter-fraud document
```json
{
"tool": "search_by_document",
"params": {
"document_uri": "nz/identification-management/counter-fraud-techniques/2023/en/",
"limit": 100
}
}
```
**Query 3**: Threat modeling and attack vectors
```json
{
"tool": "semantic_search",
"params": {
"query": "identification threats attack vectors fraud patterns risk scenarios",
"limit": 20,
"min_score": 0.75
}
}
```
**Query 4**: Risk assessment methodology
```json
{
"tool": "semantic_search",
"params": {
"query": "risk assessment process methodology step by step scoring framework",
"limit": 15,
"min_score": 0.75
}
}
```
**Query 5**: Detection and prevention
```json
{
"tool": "semantic_search",
"params": {
"query": "fraud detection prevention response protocols countermeasures",
"limit": 15,
"min_score": 0.7
}
}
```
#### Expected Content Coverage
- **85%** from existing sources (risk assessment + counter-fraud documents)
- **15%** reorganization and active voice conversion
#### Special Requirements
- **Active voice conversion**: Both documents have passive voice patterns identified in Phase 1
- **Consolidation**: Integrate counter-fraud as subsection rather than separate document
- **Tom's annotations**: Address fragmentation concerns noted in Phase 1 analysis
#### Assigned To
**Agent 10A**: Foundation Sections (1-3)
#### Priority
**HIGH** - Critical early-stage user activity
---
### Section 3: Selecting Your Assurance Levels
#### Content Scope
Understanding IA/BA/AA/FA, level selection framework, mapping risk to controls, implementation planning.
#### Source Documents
**Primary**:
- `nz/identification-management/levels-of-assurance/2025/en/` (90 nodes)
- `nz/identification-management/overview-of-the-identification-standards/2024/en/` (relevant sections)
**Cross-Reference**:
- Section 2 (risk assessment outputs)
- Sections 4-7 (standards themselves)
#### Retrieval Queries
**Query 1**: Full levels of assurance document
```json
{
"tool": "search_by_document",
"params": {
"document_uri": "nz/identification-management/levels-of-assurance/2025/en/",
"limit": 100
}
}
```
**Query 2**: Assurance levels framework
```json
{
"tool": "semantic_search",
"params": {
"query": "levels of assurance IA BA AA FA framework how levels interact",
"limit": 20,
"min_score": 0.75
}
}
```
**Query 3**: Risk-to-assurance mapping
```json
{
"tool": "semantic_search",
"params": {
"query": "mapping risk to assurance levels selection criteria decision matrix",
"limit": 15,
"min_score": 0.75
}
}
```
**Query 4**: Implementation planning
```json
{
"tool": "semantic_search",
"params": {
"query": "implementing assurance levels resource requirements timeline phased approach",
"limit": 15,
"min_score": 0.7
}
}
```
**Query 5**: Level combinations
```json
{
"tool": "semantic_search",
"params": {
"query": "minimum viable assurance level combinations which standards apply together",
"limit": 15,
"min_score": 0.75
}
}
```
#### Expected Content Coverage
- **75%** from existing levels of assurance document
- **25%** enhanced decision support tools and clearer risk mapping
#### Special Requirements
- **Decision support**: NEW content helping users select appropriate levels
- **Trade-off guidance**: Balance between assurance and resource requirements
- **Clear framework**: Explain how IA/BA/AA/FA interact (addressed in Phase 1)
#### Assigned To
**Agent 10A**: Foundation Sections (1-3)
#### Priority
**HIGH** - Critical bridge from assessment to standards implementation
---
### Section 4: Federation Assurance Standard & Implementation
#### Content Scope
Integrated presentation of Federation Assurance Standard (normative) + Implementation Guide (guidance), maintaining visual distinction.
#### Source Documents
**Primary (CORE STANDARD - TEXT CANNOT BE MODIFIED)**:
- `nz/identification-management/federation-assurance-standard/2025/en/` (431 nodes)
**Primary (GUIDANCE - ACTIVE VOICE CONVERSION)**:
- `nz/identification-management/implementing-the-federation-assurance-standard/2025/en/` (438 nodes)
#### Retrieval Queries
**Query 1**: Full Federation Assurance Standard
```json
{
"tool": "search_by_document",
"params": {
"document_uri": "nz/identification-management/federation-assurance-standard/2025/en/",
"limit": 100
}
}
```
**Query 2**: Get hierarchical context for all objectives
```json
{
"tool": "get_hierarchical_context",
"params": {
"uri": "nz/identification-management/federation-assurance-standard/2025/en/#part1",
"depth": 3
}
}
```
**Query 3**: Full Implementation Guide
```json
{
"tool": "search_by_document",
"params": {
"document_uri": "nz/identification-management/implementing-the-federation-assurance-standard/2025/en/",
"limit": 100
}
}
```
**Query 4**: Federation use cases and scenarios
```json
{
"tool": "semantic_search",
"params": {
"query": "federation use cases credential provider facilitation provider scenarios",
"limit": 20,
"min_score": 0.75
}
}
```
**Query 5**: Federation conformance checklist
```json
{
"tool": "semantic_search",
"params": {
"query": "federation conformance checklist assessment evidence requirements FA controls",
"limit": 15,
"min_score": 0.7
}
}
```
#### Expected Content Coverage
- **90%** from existing standard + implementation guide
- **10%** structural improvements (integrated presentation)
#### Special Requirements
**CRITICAL CONSTRAINT**: Core standards text CANNOT be modified
- Preserve all control text exactly (FA1.01, FA1.02, etc.)
- Preserve all normative language (MUST/SHOULD/MAY)
- Preserve all in-text reference numbers
- ONLY improve structure and presentation
**Integration Approach**:
- Standard controls in normative format (unchanged text)
- Implementation guidance immediately following each control
- Visual distinction via heading patterns: "#### FA1.01 Control" vs "#### FA1.01 Guidance — implementation"
- Examples in blockquotes (per style guide)
**Active Voice Conversion**: Apply ONLY to implementation guidance, NOT to standard controls
#### Assigned To
**Agent 10B**: Federation & Information Standards (4-5)
#### Priority
**CRITICAL** - Core standard with complex integration requirements
---
### Section 5: Information Assurance Standard & Implementation
#### Content Scope
Integrated Information Assurance Standard + Implementation Guide + **NEW 1-page NCSC cybersecurity cross-references**.
#### Source Documents
**Primary (CORE STANDARD - TEXT CANNOT BE MODIFIED)**:
- `nz/identification-management/information-assurance-standard/2024/en/` (169 nodes)
**Primary (GUIDANCE - ACTIVE VOICE CONVERSION)**:
- `nz/identification-management/implementing-the-information-assurance-standard/2024/en/` (214 nodes)
**External (NEW CONTENT)**:
- `/Users/tombarraclough/projects/official/IdentificationStandards19November2025/OtherMaterialsToEvaluate/10MinimumCybersecurityStandards/*.md` (10 NCSC standards)
#### Retrieval Queries
**Query 1**: Full Information Assurance Standard
```json
{
"tool": "search_by_document",
"params": {
"document_uri": "nz/identification-management/information-assurance-standard/2024/en/",
"limit": 100
}
}
```
**Query 2**: Get hierarchical context for all objectives
```json
{
"tool": "get_hierarchical_context",
"params": {
"uri": "nz/identification-management/information-assurance-standard/2024/en/#part1",
"depth": 3
}
}
```
**Query 3**: Full Implementation Guide
```json
{
"tool": "search_by_document",
"params": {
"document_uri": "nz/identification-management/implementing-the-information-assurance-standard/2024/en/",
"limit": 100
}
}
```
**Query 4**: Information quality and accuracy
```json
{
"tool": "semantic_search",
"params": {
"query": "information quality accuracy entity information data handling IA controls",
"limit": 20,
"min_score": 0.75
}
}
```
**Query 5**: Information conformance checklist
```json
{
"tool": "semantic_search",
"params": {
"query": "information assurance conformance checklist assessment evidence IA controls",
"limit": 15,
"min_score": 0.7
}
}
```
**Query 6**: NCSC standards (manual extraction from files)
```
Read all 10 NCSC standard markdown files from OtherMaterialsToEvaluate/10MinimumCybersecurityStandards/
Focus on:
- Standard 1: Asset Management → IA data handling
- Standard 4: Access Control → IA system controls
- Standard 5: Data Security → IA information protection
- Standard 8: Application Security → IA system integrity
```
#### Expected Content Coverage
- **85%** from existing standard + implementation guide
- **10%** NCSC cybersecurity integration (NEW 1 page)
- **5%** structural improvements
#### Special Requirements
**CRITICAL CONSTRAINT**: Core standards text CANNOT be modified (same as Section 4)
**NEW CONTENT - NCSC Cybersecurity Integration** (1 page):
- Create subsection 5.3: "Cybersecurity Requirements for Identification Systems"
- Map NCSC 10 Minimum Standards to IA controls
- Specific mappings with implementation coordination guidance
- Example scenario showing IA + NCSC integration
- **Source**: OtherMaterialsToEvaluate/10MinimumCybersecurityStandards/
**Integration Pattern**: Same as Section 4 (controls + guidance with visual distinction)
#### Assigned To
**Agent 10B**: Federation & Information Standards (4-5)
#### Priority
**CRITICAL** - Core standard + essential external content addition
---
### Section 6: Authentication Assurance Standard & Implementation
#### Content Scope
Integrated Authentication Assurance Standard + Implementation Guide + Authenticator Selection + **NEW 2-3 page Biometric Privacy Code requirements**.
#### Source Documents
**Primary (CORE STANDARD - TEXT CANNOT BE MODIFIED)**:
- `nz/identification-management/authentication-assurance-standard/2024/en/` (328 nodes)
**Primary (GUIDANCE - ACTIVE VOICE CONVERSION)**:
- `nz/identification-management/implementing-the-authentication-assurance-standard/2024/en/` (280 nodes)
- `nz/identification-management/authenticator-types/2021/en/` (204 nodes)
**External (NEW CONTENT)**:
- `/Users/tombarraclough/projects/official/IdentificationStandards19November2025/OtherMaterialsToEvaluate/PrivacyBiometricsCode/PrivacyCommissionerBioMetricCode.md` (main code)
- `/Users/tombarraclough/projects/official/IdentificationStandards19November2025/OtherMaterialsToEvaluate/PrivacyBiometricsCode/BioMetricsGuidancePrivacyCommissioner/*.md` (detailed guidance on 13 rules)
#### Retrieval Queries
**Query 1**: Full Authentication Assurance Standard
```json
{
"tool": "search_by_document",
"params": {
"document_uri": "nz/identification-management/authentication-assurance-standard/2024/en/",
"limit": 100
}
}
```
**Query 2**: Get hierarchical context for all objectives
```json
{
"tool": "get_hierarchical_context",
"params": {
"uri": "nz/identification-management/authentication-assurance-standard/2024/en/#part1",
"depth": 3
}
}
```
**Query 3**: Full Implementation Guide
```json
{
"tool": "search_by_document",
"params": {
"document_uri": "nz/identification-management/implementing-the-authentication-assurance-standard/2024/en/",
"limit": 100
}
}
```
**Query 4**: Full Authenticator Types document
```json
{
"tool": "search_by_document",
"params": {
"document_uri": "nz/identification-management/authenticator-types/2021/en/",
"limit": 100
}
}
```
**Query 5**: Biometric authentication
```json
{
"tool": "semantic_search",
"params": {
"query": "biometric authentication AA9 AA10 controls fingerprint facial recognition",
"limit": 20,
"min_score": 0.75
}
}
```
**Query 6**: Authentication conformance checklist
```json
{
"tool": "semantic_search",
"params": {
"query": "authentication assurance conformance checklist AA controls assessment evidence",
"limit": 15,
"min_score": 0.7
}
}
```
**Query 7**: Biometric Privacy Code (manual extraction from files)
```
Read main code + all 13 rules guidance from OtherMaterialsToEvaluate/PrivacyBiometricsCode/
Focus on:
- Rule 1: Necessity and proportionality
- Rule 3: Explicit consent requirements
- Rule 6: Biometric template security
- Rule 8: Retention limitations
- Rule 10: Purpose specification
Extract 2-3 pages of practical guidance for authentication implementers
```
#### Expected Content Coverage
- **80%** from existing standard + implementation guide + authenticator types
- **15%** Biometric Privacy Code integration (NEW 2-3 pages)
- **5%** structural improvements
#### Special Requirements
**CRITICAL CONSTRAINT**: Core standards text CANNOT be modified (same as Sections 4-5)
**NEW CONTENT - Biometric Privacy Integration** (2-3 pages):
- Create subsection 6.4: "Privacy Requirements for Biometric Authentication"
- Legal obligations overview (Privacy Code 2025, effective 3 Nov 2025)
- 5 key rules with practical implementation guidance (necessity, consent, template security, retention, purpose)
- Compliance checklist linking AA9/AA10 to privacy rules
- Quick reference card for implementers
- **Source**: OtherMaterialsToEvaluate/PrivacyBiometricsCode/
**Authenticator Selection**: Create subsection 6.3 consolidating authenticator types guidance
**Integration Pattern**: Same as Sections 4-5 (controls + guidance with visual distinction)
#### Assigned To
**Agent 10C**: Authentication & Binding Standards (6-7)
#### Priority
**CRITICAL** - Core standard + essential mandatory privacy content
---
### Section 7: Binding Assurance Standard & Implementation
#### Content Scope
Integrated Binding Assurance Standard + Implementation Guide + Document Verification Techniques.
#### Source Documents
**Primary (CORE STANDARD - TEXT CANNOT BE MODIFIED)**:
- `nz/identification-management/binding-assurance-standard/2024/en/` (161 nodes)
**Primary (GUIDANCE - ACTIVE VOICE CONVERSION)**:
- `nz/identification-management/implementing-the-binding-assurance-standard/2024/en/` (158 nodes)
- `nz/identification-management/using-documents-as-evidence/2021/en/` (125 nodes)
- `nz/identification-management/derived-information/2024/en/` (177 nodes)
#### Retrieval Queries
**Query 1**: Full Binding Assurance Standard
```json
{
"tool": "search_by_document",
"params": {
"document_uri": "nz/identification-management/binding-assurance-standard/2024/en/",
"limit": 100
}
}
```
**Query 2**: Get hierarchical context for all objectives
```json
{
"tool": "get_hierarchical_context",
"params": {
"uri": "nz/identification-management/binding-assurance-standard/2024/en/#part1",
"depth": 3
}
}
```
**Query 3**: Full Implementation Guide
```json
{
"tool": "search_by_document",
"params": {
"document_uri": "nz/identification-management/implementing-the-binding-assurance-standard/2024/en/",
"limit": 100
}
}
```
**Query 4**: Using documents as evidence
```json
{
"tool": "search_by_document",
"params": {
"document_uri": "nz/identification-management/using-documents-as-evidence/2021/en/",
"limit": 100
}
}
```
**Query 5**: Derived information guidance
```json
{
"tool": "search_by_document",
"params": {
"document_uri": "nz/identification-management/derived-information/2024/en/",
"limit": 100
}
}
```
**Query 6**: Document verification techniques
```json
{
"tool": "semantic_search",
"params": {
"query": "document verification techniques fraud indicators physical security features",
"limit": 20,
"min_score": 0.75
}
}
```
**Query 7**: Binding conformance checklist
```json
{
"tool": "semantic_search",
"params": {
"query": "binding assurance conformance checklist BA controls assessment evidence",
"limit": 15,
"min_score": 0.7
}
}
```
#### Expected Content Coverage
- **90%** from existing standard + implementation guide + supporting documents
- **10%** structural improvements and consolidation
#### Special Requirements
**CRITICAL CONSTRAINT**: Core standards text CANNOT be modified (same as Sections 4-6)
**Document Verification**: Create subsection 7.3 consolidating "Using Documents as Evidence" guidance
**Derived Information**: Integrate into guidance sections where relevant
**Integration Pattern**: Same as Sections 4-6 (controls + guidance with visual distinction)
#### Assigned To
**Agent 10C**: Authentication & Binding Standards (6-7)
#### Priority
**CRITICAL** - Core standard with supporting guidance consolidation
---
### Section 8: Demonstrating Conformance
#### Content Scope
**EXPANDED per Tom's guidance**: Assessment process + checklists + evidence requirements + **NEW practical preparation guidance** (threshold considerations, bringing right people together, key topics to think about).
#### Source Documents
**Primary**:
- `nz/identification-management/conforming-with-the-identification-standards/2025/en/` (205 nodes - Parts 3-4)
- Existing Word checklists from `/Users/tombarraclough/projects/official/IdentificationStandards19November2025/ChecklistsAndTablesFromConformingPageIdentificationStandards/`
**Supplementary**:
- `nz/identification-management/training-and-clinics/2024/en/` (45 nodes)
- Tom's annotations on conformance process improvements
#### Retrieval Queries
**Query 1**: Conformance assessment sections
```json
{
"tool": "semantic_search",
"params": {
"query": "conformance assessment process methodology who can assess evidence requirements",
"limit": 25,
"min_score": 0.75
}
}
```
**Query 2**: Preparing for assessment
```json
{
"tool": "semantic_search",
"params": {
"query": "preparing for conformance assessment documentation self-assessment evidence collection",
"limit": 20,
"min_score": 0.75
}
}
```
**Query 3**: Assessment checklists
```json
{
"tool": "semantic_search",
"params": {
"query": "conformance checklist assessment criteria requirements verification",
"limit": 20,
"min_score": 0.7
}
}
```
**Query 4**: Maintaining conformance
```json
{
"tool": "semantic_search",
"params": {
"query": "maintaining conformance ongoing obligations change management renewal",
"limit": 15,
"min_score": 0.7
}
}
```
**Query 5**: Training and support
```json
{
"tool": "search_by_document",
"params": {
"document_uri": "nz/identification-management/training-and-clinics/2024/en/",
"limit": 50
}
}
```
**Query 6**: Manual checklist retrieval
```
Read all Word checklist markdown files from ChecklistsAndTablesFromConformingPageIdentificationStandards/
Convert to markdown table format per style guide
```
#### Expected Content Coverage
- **70%** from existing conformance document + checklists
- **30%** NEW practical preparation guidance (per Tom's emphasis)
#### Special Requirements
**CRITICAL - Tom's Emphasis**: "Focus also on the practical requirements facing people demonstrating conformance before they start - for example, threshold considerations, bringing the right people together, thinking about key topics, etc."
**NEW CONTENT NEEDED** (Subsection 8.1: "Preparing for Conformance Assessment"):
- **Threshold considerations**: Understanding when conformance is required, scoping boundaries
- **Team assembly**: Who needs to be involved (technical, legal, privacy, business leads)
- **Key topics to address**: Risk assessment completion, level selection, control mapping, evidence gathering
- **Resource planning**: Time, budget, expertise requirements
- **Common preparation pitfalls**: What to avoid before starting assessment
**Checklist Integration**:
- Consolidate Word checklists into master conformance checklist
- Create control-by-control assessment tracking
- Link to specific sections for each control
- Remediation planning template
**Active Voice Conversion**: Extensive - conformance document has many passive patterns
#### Assigned To
**Agent 10D**: Conformance & Reference (8-9)
#### Priority
**CRITICAL** - Primary user goal + substantial new content needed
---
### Section 9: Reference Materials
#### Content Scope
Terminology, templates, authenticator types, legal context (EIVA brief mention), version history.
#### Source Documents
**Primary**:
- `nz/identification-management/identification-terminology/2025/en/` (383 nodes)
- `nz/identification-management/authenticator-types/2021/en/` (204 nodes - if not fully integrated in Section 6)
- `nz/identification-management/superseded-standards/2021/en/` (20 nodes)
- `nz/identification-management/authority-to-act-for-another-entity/2024/en/` (154 nodes)
- `nz/identification-management/resource-material-evidence-of-identity-standard/2021/en/` (32 nodes)
**External (EIVA mention)**:
- NO integration of EIVA content (per Phase 1 decision)
- 1 paragraph only explaining separate framework
#### Retrieval Queries
**Query 1**: Full terminology document
```json
{
"tool": "search_by_document",
"params": {
"document_uri": "nz/identification-management/identification-terminology/2025/en/",
"limit": 100
}
}
```
**Query 2**: Superseded standards
```json
{
"tool": "search_by_document",
"params": {
"document_uri": "nz/identification-management/superseded-standards/2021/en/",
"limit": 50
}
}
```
**Query 3**: Authority to act guidance
```json
{
"tool": "search_by_document",
"params": {
"document_uri": "nz/identification-management/authority-to-act-for-another-entity/2024/en/",
"limit": 100
}
}
```
**Query 4**: Templates and tools
```json
{
"tool": "semantic_search",
"params": {
"query": "templates checklists tools risk assessment conformance evidence",
"limit": 20,
"min_score": 0.7
}
}
```
**Query 5**: Authenticator types (if needed)
```json
{
"tool": "search_by_document",
"params": {
"document_uri": "nz/identification-management/authenticator-types/2021/en/",
"limit": 100
}
}
```
**Query 6**: EIVA context (semantic search only for context)
```json
{
"tool": "semantic_search",
"params": {
"query": "EIVA Electronic Identity Verification Act Service relationship to standards",
"limit": 10,
"min_score": 0.7
}
}
```
#### Expected Content Coverage
- **95%** from existing reference materials
- **5%** new organization and EIVA brief mention
#### Special Requirements
**EIVA Brief Mention** (1 paragraph in subsection 9.3):
```
"The Electronic Identity Verification Act 2012 (EIVA) establishes the EIVA Service as one specific government implementation of electronic identity verification. These identification standards are technology and implementation neutral, applying broadly to identification management regardless of whether organizations use the EIVA Service, other verification services, or manual processes."
```
**Terminology Tables**: Preserve complex table format from terminology document (per style guide)
**Templates**: Consolidate references to checklists and templates used in earlier sections
**Version History**: Include superseded standards for historical context
#### Assigned To
**Agent 10D**: Conformance & Reference (8-9)
#### Priority
**MEDIUM** - Supporting material, but terminology is frequently referenced
---
## External Content Integration Plan
### Biometric Privacy Code (Section 6)
**Location**: `/Users/tombarraclough/projects/official/IdentificationStandards19November2025/OtherMaterialsToEvaluate/PrivacyBiometricsCode/`
**Files to Retrieve**:
1. `PrivacyCommissionerBioMetricCode.md` (main code document)
2. `BioMetricsGuidancePrivacyCommissioner/www.privacy.org.nz_resources-and-learning_a-z-topics_biometrics_rule-1_.md` (Rule 1: Necessity & Proportionality)
3. `BioMetricsGuidancePrivacyCommissioner/www.privacy.org.nz_resources-and-learning_a-z-topics_biometrics_rule-3_.md` (Rule 3: Consent)
4. `BioMetricsGuidancePrivacyCommissioner/www.privacy.org.nz_resources-and-learning_a-z-topics_biometrics_rule-6_.md` (Rule 6: Template Security)
5. `BioMetricsGuidancePrivacyCommissioner/www.privacy.org.nz_resources-and-learning_a-z-topics_biometrics_rule-8_.md` (Rule 8: Retention)
6. `BioMetricsGuidancePrivacyCommissioner/www.privacy.org.nz_resources-and-learning_a-z-topics_biometrics_rule-10_.md` (Rule 10: Purpose Specification)
**Extraction Approach**:
- Read each file using Read tool
- Extract key requirements and practical guidance (2-3 pages total)
- Focus on implementer-relevant content (not legal analysis)
- Create compliance checklist linking to AA9/AA10 controls
- Format per markdown style guide
- **NO DocRef citations** (external source - cite Privacy Commissioner website instead)
**Integration Point**: Subsection 6.4 "Privacy Requirements for Biometric Authentication"
**Assigned To**: Agent 10C
### NCSC Cybersecurity Standards (Section 5)
**Location**: `/Users/tombarraclough/projects/official/IdentificationStandards19November2025/OtherMaterialsToEvaluate/10MinimumCybersecurityStandards/`
**Files to Retrieve** (focus on 4 most relevant):
1. `www.ncsc.govt.nz_protect-your-organisation_assets-and-their-importance_.md` (Standard 1: Asset Management)
2. `www.ncsc.govt.nz_protect-your-organisation_least-privilege_.md` (Standard 4: Access Control)
3. `www.ncsc.govt.nz_protect-your-organisation_data-recovery_.md` (Standard 5: Data Security)
4. `www.ncsc.govt.nz_protect-your-organisation_secure-configuration-of-software_.md` (Standard 8: Application Security)
**Extraction Approach**:
- Read each of 4 files using Read tool
- Create mapping table: NCSC Standard → IA Control
- Provide brief explanation of each mapping
- Example scenario showing IA + NCSC integration
- 1 page total
- **NO DocRef citations** (external source - cite NCSC website instead)
**Integration Point**: Subsection 5.3 "Cybersecurity Requirements for Identification Systems"
**Assigned To**: Agent 10B
---
## RetrievalResults Folder Structure
### Directory Tree
```
RetrievalResults/
├── 00_anchor_reference_map.md # Central anchor tracking
├── 00_retrieval_master_log.md # Overall progress tracking
│
├── 01_understanding_conformance/
│ ├── 01_conforming_document_full.md
│ ├── 02_overview_standards.md
│ ├── 03_about_id_management.md
│ ├── 04_distf_context.md
│ ├── 05_benefits_rationale.md
│ └── 06_conformance_process.md
│
├── 02_risk_assessment/
│ ├── 01_risk_assessment_document_full.md
│ ├── 02_counter_fraud_document_full.md
│ ├── 03_threat_scenarios.md
│ ├── 04_risk_methodology.md
│ └── 05_detection_prevention.md
│
├── 03_assurance_levels/
│ ├── 01_levels_of_assurance_full.md
│ ├── 02_level_framework.md
│ ├── 03_risk_to_assurance_mapping.md
│ ├── 04_implementation_planning.md
│ └── 05_level_combinations.md
│
├── 04_federation_standard/
│ ├── 01_federation_standard_full.md
│ ├── 02_federation_implementation_full.md
│ ├── 03_federation_hierarchical_context.md
│ ├── 04_federation_use_cases.md
│ └── 05_federation_checklist.md
│
├── 05_information_standard/
│ ├── 01_information_standard_full.md
│ ├── 02_information_implementation_full.md
│ ├── 03_information_hierarchical_context.md
│ ├── 04_information_quality.md
│ ├── 05_information_checklist.md
│ └── 06_ncsc_cybersecurity_integration.md # NEW external content
│
├── 06_authentication_standard/
│ ├── 01_authentication_standard_full.md
│ ├── 02_authentication_implementation_full.md
│ ├── 03_authentication_hierarchical_context.md
│ ├── 04_authenticator_types_full.md
│ ├── 05_biometric_controls.md
│ ├── 06_authentication_checklist.md
│ └── 07_biometric_privacy_code.md # NEW external content (2-3 pages)
│
├── 07_binding_standard/
│ ├── 01_binding_standard_full.md
│ ├── 02_binding_implementation_full.md
│ ├── 03_binding_hierarchical_context.md
│ ├── 04_using_documents_evidence_full.md
│ ├── 05_derived_information_full.md
│ ├── 06_document_verification.md
│ └── 07_binding_checklist.md
│
├── 08_demonstrating_conformance/
│ ├── 01_conformance_assessment_process.md
│ ├── 02_preparing_for_assessment.md # NEW content (practical preparation)
│ ├── 03_assessment_methodology.md
│ ├── 04_checklists_from_word_docs.md # Converted from Word checklists
│ ├── 05_maintaining_conformance.md
│ └── 06_training_support.md
│
└── 09_reference_materials/
├── 01_terminology_full.md
├── 02_superseded_standards.md
├── 03_authority_to_act_full.md
├── 04_templates_tools.md
├── 05_authenticator_types_reference.md # If not fully in Section 6
└── 06_eiva_context.md # Brief mention only
```
### File Naming Conventions
**Pattern**: `{sequence_number}_{descriptive_name}.md`
**Sequence Numbers**:
- `01_` - Full document retrievals
- `02_` - Supplementary document retrievals
- `03_` - Specific query retrievals
- `04_` - Cross-cutting queries
- `05_` - Checklist/template retrievals
- `06_` - External content
- `07_` - Additional retrievals as needed
**Descriptive Names**:
- Use underscores for spaces
- Keep to 30 characters or less
- Clearly indicate content type
- Examples: `risk_assessment_document_full.md`, `federation_use_cases.md`, `biometric_privacy_code.md`
### Metadata Header Template
**Every retrieved content file MUST include this header**:
```markdown
# Retrieved Content Metadata
**Source Document**: [document URI from n.document property]
**Source URI(s)**: [specific node URI(s) from query results]
**Source URL(s)**: [full DocRef URL(s) for citation]
**Query Tool**: [semantic_search | search_by_document | get_hierarchical_context | find_semantic_neighbors]
**Query Parameters**: [JSON of parameters used]
**Query Results**: [number of nodes retrieved]
**Retrieval Date**: [YYYY-MM-DD]
**Retrieved By**: [Agent 10A | 10B | 10C | 10D]
**Destination Section**: [Section N - Section Name]
**Destination Subsections**: [List of subsections this content will populate]
**Content Type**: [standard | guidance | example | checklist | reference | external]
**Active Voice Conversion Needed**: [YES | NO | N/A]
**Cross-Reference Notes**: [Any intra-document links to track]
---
[Retrieved content with preserved DocRef citations follows]
```
### Metadata Tracking Requirements
**Each retrieval file must track**:
1. **Source provenance**: Which document(s) and node(s)
2. **Query method**: Tool and parameters used
3. **DocRef citations**: Preserved exactly from MCP results
4. **Destination**: Where content will be used in new document
5. **Processing needs**: Active voice conversion, link updates, etc.
6. **Cross-references**: Any links that will become intra-document
### Retrieval Master Log
**Location**: `RetrievalResults/00_retrieval_master_log.md`
**Purpose**: Track overall retrieval progress across all 4 agents
**Format**:
```markdown
# Retrieval Master Log
## Agent 10A: Foundation Sections (1-3)
**Status**: [Not Started | In Progress | Complete]
**Sections**: 1, 2, 3
**Files Retrieved**: 0 / 16
**Last Updated**: [timestamp]
### Section 1: Understanding Conformance
- [ ] 01_conforming_document_full.md
- [ ] 02_overview_standards.md
- [ ] 03_about_id_management.md
- [ ] 04_distf_context.md
- [ ] 05_benefits_rationale.md
- [ ] 06_conformance_process.md
### Section 2: Assessing Risk
...
## Agent 10B: Federation & Information Standards (4-5)
...
## Agent 10C: Authentication & Binding Standards (6-7)
...
## Agent 10D: Conformance & Reference (8-9)
...
## Content Gaps Identified
[List any content gaps discovered during retrieval]
## Cross-Reference Notes
[Track any significant cross-reference patterns discovered]
```
---
## Agent Assignments and Coordination
### Agent 10A: Foundation Sections (1-3)
**Sections**: 1, 2, 3
**Total Estimated Files**: 16 files
**Estimated Content Volume**: ~650 nodes
**Complexity**: Medium (active voice conversion, DISTF context synthesis)
#### Priority Sequence
1. **Section 2 first** (Risk Assessment) - most self-contained
2. **Section 3 second** (Assurance Levels) - builds on risk
3. **Section 1 last** (Understanding Conformance) - requires context from other sections
#### Retrieval Order
1. Section 2: Risk assessment document + counter-fraud (queries 1-5)
2. Section 3: Levels of assurance + mapping (queries 1-5)
3. Section 1: Conformance + overview + DISTF context (queries 1-6)
#### Special Instructions
- **DISTF emphasis**: Retrieve DISTF Act/Rules context but keep focused (1-2 pages max)
- **Active voice**: Mark ALL guidance content for active voice conversion
- **Cross-references**: Note links to Section 8 (conformance) and Sections 4-7 (standards)
#### Coordination
- **Dependencies**: None (can start immediately)
- **Outputs used by**: All other agents (foundational framing)
---
### Agent 10B: Federation & Information Standards (4-5)
**Sections**: 4, 5
**Total Estimated Files**: 11 files
**Estimated Content Volume**: ~1,650 nodes + external NCSC content
**Complexity**: HIGH (core standards integration, NCSC external content)
#### Priority Sequence
1. **Section 5 first** (Information Assurance) - smaller, NCSC integration clearer
2. **Section 4 second** (Federation) - more complex, larger volume
#### Retrieval Order
1. Section 5: IA standard + implementation guide + NCSC (queries 1-6)
2. Section 4: FA standard + implementation guide (queries 1-5)
#### Special Instructions
- **CRITICAL**: Core standards text CANNOT be modified - use `get_hierarchical_context` to preserve structure
- **NCSC integration**: Read 4 NCSC markdown files from OtherMaterialsToEvaluate, create 1-page mapping
- **Visual distinction**: Clearly mark "Control" vs "Guidance" sections in metadata
- **Active voice**: ONLY for guidance sections, NOT controls
#### Coordination
- **Dependencies**: Should reference Agent 10A's Section 3 (assurance levels) for context
- **Outputs used by**: Agent 10D (Section 8 conformance checklists reference these controls)
---
### Agent 10C: Authentication & Binding Standards (6-7)
**Sections**: 6, 7
**Total Estimated Files**: 14 files
**Estimated Content Volume**: ~1,200 nodes + external Privacy Code content
**Complexity**: HIGH (core standards integration, Privacy Code 2-3 pages)
#### Priority Sequence
1. **Section 7 first** (Binding) - smaller, no external content
2. **Section 6 second** (Authentication) - larger, Privacy Code integration
#### Retrieval Order
1. Section 7: BA standard + implementation + documents evidence + derived info (queries 1-7)
2. Section 6: AA standard + implementation + authenticator types + Privacy Code (queries 1-7)
#### Special Instructions
- **CRITICAL**: Core standards text CANNOT be modified - use `get_hierarchical_context` to preserve structure
- **Privacy Code integration**: Read main code + 5 key rules from OtherMaterialsToEvaluate, extract 2-3 pages
- **Focus on Rules**: 1 (necessity), 3 (consent), 6 (template security), 8 (retention), 10 (purpose)
- **Create compliance checklist**: Link Privacy rules to AA9/AA10 controls
- **Visual distinction**: Mark "Control" vs "Guidance" vs "Privacy Requirements"
#### Coordination
- **Dependencies**: Should reference Agent 10A's Section 3 (assurance levels) for context
- **Outputs used by**: Agent 10D (Section 8 conformance checklists reference these controls)
---
### Agent 10D: Conformance & Reference (8-9)
**Sections**: 8, 9
**Total Estimated Files**: 12 files
**Estimated Content Volume**: ~850 nodes
**Complexity**: HIGH (substantial new content creation for Section 8, terminology tables)
#### Priority Sequence
1. **Section 9 first** (Reference Materials) - mostly retrieval, less synthesis
2. **Section 8 second** (Demonstrating Conformance) - requires understanding all standards from other agents
#### Retrieval Order
1. Section 9: Terminology + superseded + authority + templates (queries 1-6)
2. Section 8: Conformance assessment + preparation + checklists + Word docs (queries 1-6 + manual)
#### Special Instructions
- **CRITICAL - Section 8 new content**: Create subsection 8.1 "Preparing for Conformance Assessment"
- Threshold considerations
- Team assembly guidance
- Key topics to address
- Resource planning
- Common pitfalls
- **Checklist consolidation**: Read Word docs from ChecklistsAndTablesFromConformingPageIdentificationStandards/
- **Convert to markdown**: Follow style guide table format
- **Master checklist**: Integrate with control-specific checklists from Sections 4-7
- **EIVA brief mention**: 1 paragraph only in Section 9.3
- **Terminology tables**: Preserve complex format from terminology document
#### Coordination
- **Dependencies**: MUST wait for Agents 10B and 10C to complete (needs control listings for checklists)
- **Outputs used by**: Stage 11 writing agents (reference material for entire document)
---
## Parallel Execution Strategy
### Phase 1: Independent Retrieval (Day 1-2)
- **Agent 10A**: Starts immediately on Sections 1-3
- **Agent 10B**: Starts immediately on Sections 4-5
- **Agent 10C**: Starts immediately on Sections 6-7
- **Agent 10D**: Starts immediately on Section 9 only
### Phase 2: Dependent Retrieval (Day 3)
- **Agent 10D**: Completes Section 8 after Agents 10B and 10C finish
- Uses control listings from Sections 4-7 for checklist integration
- References all standards for comprehensive conformance guidance
### Coordination Checkpoints
1. **After Agent 10A completes**: Other agents review Section 3 (assurance levels) for context
2. **After Agents 10B/10C complete**: Agent 10D reviews control listings for checklist integration
3. **After all agents complete**: Update anchor reference map with all discovered headings
---
## Content Gap Analysis
### Sections Requiring Synthesis
**Section 1 (Agent 10A)**:
- **Gap**: User journey framing (not in existing documents)
- **Approach**: Synthesize from conformance overview + workflow understanding
- **Estimated new content**: 1-2 pages
**Section 8 (Agent 10D)**:
- **Gap**: Practical preparation guidance (per Tom's emphasis)
- **Approach**: Create new content addressing threshold, team, topics, resources, pitfalls
- **Estimated new content**: 2-3 pages
- **Importance**: HIGH - Tom specifically requested this
### Sections Requiring External Content
**Section 5 (Agent 10B)**:
- **External**: NCSC 10 Minimum Cybersecurity Standards
- **Location**: OtherMaterialsToEvaluate/10MinimumCybersecurityStandards/
- **Extraction**: 1 page from 4 key standards
- **Importance**: IMPORTANT - Fills identified gap from Phase 1
**Section 6 (Agent 10C)**:
- **External**: Biometric Privacy Code 2025
- **Location**: OtherMaterialsToEvaluate/PrivacyBiometricsCode/
- **Extraction**: 2-3 pages from main code + 5 key rules
- **Importance**: CRITICAL - Mandatory law effective 3 Nov 2025
### Sections Requiring Original Writing
**Section 1**:
- Introduction paragraph
- User journey overview
- Workflow transition text
**Section 8**:
- Practical preparation guidance (subsection 8.1)
- Master checklist integration narrative
- Transition/navigation text
**All Sections**:
- Section introductions
- Transition paragraphs between subsections
- Navigation aids ("See also..." boxes)
---
## Success Criteria for Stage 10
### Retrieval Completeness
- [ ] All 9 sections have source content retrieved
- [ ] All external content (NCSC, Privacy Code) retrieved and extracted
- [ ] All Word checklists converted to markdown
- [ ] No major content gaps remain unidentified
### Citation Preservation
- [ ] DocRef citations preserved in all MCP server results
- [ ] Source URLs tracked in all retrieval file metadata
- [ ] External content citations point to Privacy Commissioner and NCSC websites
### Link Tracking
- [ ] Anchor reference map created and populated
- [ ] Source URIs tracked for all retrieved content
- [ ] Cross-reference notes captured in metadata
- [ ] Inter vs. intra-document links classified
### Metadata Completeness
- [ ] All retrieval files include full metadata header
- [ ] Retrieval master log maintained and updated
- [ ] Active voice conversion needs flagged
- [ ] Content types identified (standard | guidance | example | checklist)
### Agent Coordination
- [ ] Agent 10A completes Sections 1-3
- [ ] Agent 10B completes Sections 4-5 (including NCSC integration)
- [ ] Agent 10C completes Sections 6-7 (including Privacy Code integration)
- [ ] Agent 10D completes Sections 8-9 (including practical preparation)
- [ ] All agents update shared anchor reference map
- [ ] No duplicate retrieval efforts
### External Content Integration
- [ ] 4 NCSC standards read and 1-page mapping created
- [ ] Privacy Code main document + 5 key rules read and 2-3 pages extracted
- [ ] All Word checklists from ChecklistsAndTablesFromConformingPageIdentificationStandards/ read and converted
- [ ] External citations properly formatted
### Quality Checks
- [ ] No retrieval files missing metadata headers
- [ ] No broken or incomplete queries
- [ ] All retrieved content has clear destination section
- [ ] Content type and processing needs identified for all files
---
## Next Steps for Stage 11 (Content Writing)
Once Stage 10 retrieval is complete:
### Preparation for Writing
1. **Review anchor reference map**: Understand all available anchors for intra-document linking
2. **Review retrieval master log**: Identify any gaps or synthesis needs
3. **Review metadata headers**: Understand content types and processing needs
4. **Consult style guide**: Refresh on markdown conventions (Stage 8 output)
### Writing Approach
1. **Use retrieved content as foundation**: Don't start from scratch
2. **Preserve DocRef citations**: Copy from retrieval results into new document
3. **Apply active voice**: Convert guidance sections marked for active voice
4. **Create intra-document links**: Use heading-based anchors from reference map
5. **Integrate visual distinction**: Follow style guide patterns for standards vs. guidance
6. **Add transitions**: Write section introductions and navigation text
7. **Synthesize new content**: Write practical preparation, user journey, integration narratives
### Stage 11 Agent Assignments (Proposed)
- **Agent 11A**: Write Sections 1-3 (foundation)
- **Agent 11B**: Write Sections 4-5 (Federation + Information standards)
- **Agent 11C**: Write Sections 6-7 (Authentication + Binding standards)
- **Agent 11D**: Write Sections 8-9 (Conformance + Reference)
**Parallelization**: All 4 agents can work simultaneously using retrieval results
---
## Appendix A: Query Tool Reference
### Tool Selection Guide
| Retrieval Need | Recommended Tool | Parameters |
|---------------|------------------|------------|
| Full document retrieval | search_by_document | document_uri, limit=100 |
| Conceptual topic search | semantic_search | query, limit=15-20, min_score=0.7-0.75 |
| Maintain document structure | get_hierarchical_context | uri, depth=2-3 |
| Find related content | find_semantic_neighbors | uri, k=10, min_score=0.7 |
| Complex custom queries | run_cypher_query | query with LIMIT |
### MCP Server Performance
**Fastest to Slowest**:
1. find_semantic_neighbors (graph traversal, no API calls)
2. search_by_document (simple filter + sort)
3. get_hierarchical_context (pattern matching)
4. semantic_search (requires API call for embedding generation)
**Optimization**:
- Prefer `find_semantic_neighbors` when you have a node URI from previous query
- Use `search_by_document` for comprehensive document coverage
- Use `get_hierarchical_context` for maintaining structure in core standards
- Use `semantic_search` for conceptual queries across documents
---
## Appendix B: Active Voice Conversion Patterns
### Common Passive Patterns in Guidance Documents
**Passive** (found in existing guides):
- "Risk assessment should be undertaken..."
- "Consideration needs to be made..."
- "The process will be assessed..."
- "Requirements must be met by..."
- "Documentation is required to..."
**Active** (required for Phase 2):
- "Undertake a risk assessment..."
- "Consider the following factors..."
- "Assess the process against..."
- "Meet the following requirements..."
- "Provide documentation that..."
### When NOT to Convert
**Core Standards Controls**: Leave unchanged (normative text cannot be modified)
- "The RP MUST carry out an assessment..." (KEEP as-is)
- "The CP SHALL establish..." (KEEP as-is)
**Legal Citations**: Keep original phrasing
- "As required by the Privacy Act..." (KEEP as-is)
---
## Appendix C: External Content Citations
### MCP Server Content (Internal)
**Format**: `([DocRef](https://docref.digital.govt.nz/...))`
**Example**: `([DocRef](https://docref.digital.govt.nz/nz/identification-management/federation-assurance-standard/2025/en/#fa1-01))`
**Source**: Preserved from MCP server query results
### NCSC Cybersecurity Standards (External)
**Format**: `[Standard Name](https://www.ncsc.govt.nz/url)`
**Example**: `[NCSC Minimum Standard 5: Data Security](https://www.ncsc.govt.nz/protect-your-organisation/data-recovery/)`
**Source**: OtherMaterialsToEvaluate/10MinimumCybersecurityStandards/
### Biometric Privacy Code (External)
**Format**: `[Privacy Code 2025](https://www.privacy.org.nz/url)`
**Example**: `[Biometrics Code Rule 1](https://www.privacy.org.nz/resources-and-learning/a-z-topics/biometrics/rule-1/)`
**Source**: OtherMaterialsToEvaluate/PrivacyBiometricsCode/
### DISTF Act/Rules (External but DocRef hosted)
**Format**: `([DocRef](https://docref.org/nz/distf/...))`
**Example**: `([DocRef](https://docref.org/nz/distf/14/en/#s18))`
**Source**: MCP server has DISTF documents
---
## Conclusion
This retrieval plan provides comprehensive, actionable guidance for 4 parallel agents to systematically retrieve all content needed for the 9-section consolidated identification standards document.
**Key Success Factors**:
1. **Systematic coverage**: Every section has detailed retrieval plan with specific queries
2. **Link tracking**: Heading-based anchor system with central reference map addresses Tom's concern
3. **Citation preservation**: All DocRef citations tracked meticulously
4. **External content**: Clear plans for NCSC and Privacy Code integration
5. **Parallel execution**: 4 agents work independently with clear coordination checkpoints
6. **Quality metadata**: Every retrieval file includes comprehensive tracking information
**Critical Elements Addressed**:
- ✅ Core standards text preservation (structure only, no text changes)
- ✅ Link tracking for intra vs. inter-document references
- ✅ Single TOC consideration (heading structure planning)
- ✅ Conformance practical preparation (Tom's emphasis)
- ✅ External content integration (NCSC 1 page, Privacy Code 2-3 pages)
- ✅ Active voice conversion flagging
- ✅ DocRef citation preservation
**Ready for Stage 10 Execution**: This plan can be handed to 4 parallel agents to begin systematic content retrieval immediately.
---
**Stage 9 Complete: Content Retrieval Plan Ready for Stage 10 Execution**