stakeholder review plan
Raw Data
This file contains raw search retrieval results or agent logs. The content below shows the original markdown source.
---
layout: raw-data.njk
title: "stakeholder review plan"
---
# Stage 13: Stakeholder Review Plan
## Stakeholder Testing and Validation Strategy
**Date**: 2025-11-20
**Project**: New Zealand Identification Standards Review and Restructuring
**Status**: Document ready for stakeholder review
**Purpose**: Plan comprehensive stakeholder testing and validation activities
---
## Executive Summary
The consolidated Identification Standards document has passed comprehensive verification (Stage 12) and is ready for stakeholder review. This plan identifies three critical review streams, defines focus areas, and provides recommended methodologies for effective validation.
**Three Review Streams**:
1. **Usability Testing** (Adele) - User experience and navigation
2. **Conformance/Terminology Validation** (Joanne) - Technical accuracy and consistency
3. **Technical Review** (Subject Matter Experts) - Standards correctness and implementation guidance
**Readiness**: ✅ All verification complete, document approved for review
---
## Review Stream 1: Usability Testing (Adele)
### Objectives
Validate that the new structure effectively supports user workflows and improves findability compared to the previous 30-document structure.
### Status: ✅ READY FOR TESTING
**Foundation for Testing**:
- User-centered design principles applied throughout
- Workflow-based organization (understand → assess → implement → demonstrate)
- Role-based entry points (4 user types)
- Clear navigation aids (66 cross-references, section numbering)
- Agent 12D confirmed excellent usability baseline
### Focus Areas
#### 1. Role-Based Entry Points (Section 1.4)
**Test**: Do users successfully find appropriate starting points?
**Participants**: Representative users from each role:
- **Implementers/Developers**: Building systems for conformance
- **Assessors/Auditors**: Evaluating conformance
- **Policy Makers/Executives**: Understanding strategic implications
- **Technical Architects**: Designing conforming systems
**Tasks**:
- "You're a developer building a new authentication system. Where would you start?"
- "You're an auditor assessing a credential provider. Where would you begin?"
- "You're an executive deciding whether to pursue conformance. What section helps you?"
- "You're an architect designing a federated identity service. What do you need first?"
**Success Criteria**:
- Users identify correct entry point within 2 minutes
- Users feel confident about where to start
- Entry point descriptions are clear and relevant
**Expected Outcomes**:
- Validation of role descriptions
- Possible refinement of pathway descriptions
- Identification of missing role types
#### 2. Navigation Effectiveness
**Test**: Can users find specific information efficiently?
**Tasks**:
- "Find the risk assessment methodology" (Section 2)
- "Find conformance checklists for Federation Assurance" (Section 8.3)
- "Find biometric privacy requirements" (Section 6.4)
- "Find the definition of 'credential provider'" (Section 9.1)
- "Find which NCSC standards apply to information assurance" (Section 5.4)
**Methods**:
- **Task completion time**: How long to find target information?
- **Navigation path analysis**: What route did users take?
- **Success rate**: Did users find correct information?
- **Confidence rating**: How confident are users they found the right content?
**Success Criteria**:
- 80%+ success rate on findability tasks
- Average task completion time <3 minutes
- Users express high confidence in found information
**Expected Outcomes**:
- Validation that section structure supports findability
- Identification of navigation bottlenecks
- Possible need for additional cross-references
#### 3. Workflow Clarity
**Test**: Does the document support natural workflow progression?
**Scenario**: "You're implementing Federation Assurance for a new credential provider service. Walk through how you'd use this document from start to finish."
**Observation Points**:
- Do users follow the intended workflow (Section 1 → 2 → 3 → 4 → 8)?
- Do users understand relationships between sections?
- Do cross-references help or confuse?
- Do users skip necessary steps?
**Success Criteria**:
- Users follow logical progression through sections
- Users understand dependencies (e.g., risk assessment before level selection)
- Users can explain why each section is relevant to their task
**Expected Outcomes**:
- Validation of workflow organization
- Identification of missing workflow guidance
- Possible need for more explicit "next steps" indicators
#### 4. Standards-Guidance Integration (Sections 4-7)
**Test**: Is the distinction between normative and advisory content clear?
**Tasks**:
- "Look at FA1.01. What's the requirement vs the guidance?"
- "Can you tell which parts you MUST follow vs which parts are advice?"
- "Find an example of how to implement IA2.01"
**Success Criteria**:
- Users correctly identify normative (MUST) vs advisory (guidance) content
- Users understand visual distinction (control headings vs guidance headings)
- Users can locate and understand implementation guidance
**Expected Outcomes**:
- Validation of visual distinction pattern
- Possible refinement of heading styles
- Identification of any confusing integration points
#### 5. Conformance Preparation Guidance (Section 8.1)
**Test**: Does Section 8.1 help users prepare effectively?
**Tasks**:
- "You're considering pursuing conformance. What do you need to know before starting?"
- "What team do you need to assemble?"
- "How do you decide between self-assessment, qualified assessment, and audited assessment?"
**Success Criteria**:
- Users find threshold considerations helpful
- Users understand team requirements
- Users can make informed decisions about conformance approach
**Expected Outcomes**:
- Validation of preparation guidance completeness
- Possible identification of missing considerations
- Refinement of team role descriptions
#### 6. Overall User Satisfaction
**Measure**: User perception of improvement vs previous structure
**Questions**:
- "How does this compare to the previous 30-document structure?"
- "What's easier now?"
- "What's still difficult?"
- "What's missing?"
- "Would you recommend this structure to colleagues?"
**Success Criteria**:
- 80%+ of users rate new structure as "significantly better" or "better"
- Users identify specific improvements (navigation, findability, workflow)
- Users express confidence in using the document
**Expected Outcomes**:
- Validation of transformation benefits
- Identification of remaining pain points
- Ideas for future improvements
### Testing Methodology
**Recommended Approach**: Task-based usability testing with think-aloud protocol
**Process**:
1. **Participant recruitment**: 2-3 users per role type (8-12 total participants)
2. **Session structure** (60 minutes per participant):
- Introduction and consent (5 minutes)
- Role-specific tasks (30 minutes)
- General navigation tasks (15 minutes)
- Satisfaction questions (10 minutes)
3. **Observation**: Record navigation paths, time, success/failure, comments
4. **Analysis**: Identify patterns across participants, prioritize issues
**Deliverable**: Usability testing report with findings, recommendations, and priority rankings
### Expected Timeline
- **Participant recruitment**: 1 week
- **Testing sessions**: 2 weeks (accommodate participant schedules)
- **Analysis and reporting**: 1 week
- **Total**: 4 weeks
---
## Review Stream 2: Conformance/Terminology Validation (Joanne)
### Objectives
Validate technical accuracy, terminology consistency, and conformance process completeness to ensure standards maintain authority and practical usability for assessment.
### Status: ✅ READY FOR VALIDATION
**Foundation for Validation**:
- Agent 12A verified 94/109 controls word-for-word (15 BA controls pending)
- All reference numbers confirmed unchanged (109/109)
- All normative language preserved (174 MUST/SHOULD/MAY instances)
- Agent 12C confirmed 100% feedback implementation
### Focus Areas
#### 1. Core Standards Text Integrity
**Review**: Verify no unintended changes to normative text
**Method**: Sample verification comparing consolidated document vs official DocRef standards
**Sample Size Recommendation**: 20% of controls (22 controls) plus all controls flagged by Agent 12A
**Controls to Verify**:
- Random sample: 5 FA, 3 IA, 8 AA, 4 BA (total: 20 controls)
- Plus: All 15 BA controls (pending final verification from Stage 10)
- **Total**: 35 controls for verification
**Verification Process**:
1. Open official standard on DocRef
2. Open consolidated document Section 4-7
3. Compare control statement word-for-word
4. Verify reference number unchanged
5. Verify "Additional information" unchanged
6. Check normative language (MUST/SHOULD/MAY) preserved
**Verification Evidence Available**: Agent 12A report provides detailed verification of 94 controls
**Success Criteria**:
- 100% of verified controls match official standards exactly
- All reference numbers unchanged
- All normative language preserved
**Expected Outcomes**:
- Confirmation of standards integrity
- Identification of any unintended changes (unlikely based on verification)
- Completion of BA control verification
#### 2. Control Numbering and Cross-References
**Review**: Verify all 109 control IDs are correct and all cross-references are accurate
**Method**: Systematic check of control numbering and cross-reference validity
**Controls to Check**:
- **FA**: FA1.01-FA13.02 (42 controls) - verify sequential numbering
- **IA**: IA1.01-IA5.02 (14 controls) - verify sequential numbering
- **AA**: AA1.01-AA10.02 (38 controls) - verify sequential numbering
- **BA**: BA1.01-BA5.03 (15 controls) - verify sequential numbering
**Cross-References to Check**:
- Internal references between controls (e.g., "See FA1.01" in other controls)
- References from guidance to controls
- References in Section 8 checklists to controls
- References from Section 1-3 to Sections 4-7
**Agent 12D Verification**: Confirmed 66 cross-references are functional and contextually relevant
**Success Criteria**:
- All 109 control IDs correct and sequential
- All cross-references point to correct locations
- No broken references or incorrect control IDs
**Expected Outcomes**:
- Confirmation of numbering accuracy
- Identification of any cross-reference errors (unlikely)
- Validation of checklist alignment with controls
#### 3. Terminology Authority and Consistency
**Review**: Validate terminology usage is consistent and authoritative throughout document
**Method**: Review Section 9.1 terminology and check usage consistency in Sections 1-8
**Key Terms to Verify**:
- Credential Provider / Credential Service Provider
- Facilitation Provider
- Relying Party
- Credential / Identity Credential
- Authenticator / Authentication Factor
- Binding / Identity Binding
- Federation / Federated Identity
- Assurance Level (LoIA/LoBA/LoAA/LoFA)
**Consistency Checks**:
1. Is the term defined in Section 9.1?
2. Is the definition authoritative (from standards or industry standard)?
3. Is the term used consistently throughout Sections 1-8?
4. Are there any undefined terms that should be in Section 9.1?
5. Are there any inconsistent usages (e.g., "credential provider" vs "CP")?
**Success Criteria**:
- All key terms defined in Section 9.1
- Consistent usage throughout document
- No conflicting definitions
- Clear distinction between similar terms
**Expected Outcomes**:
- Validation of terminology authority
- Identification of missing definitions
- Standardization of any inconsistent usages
- Possible additions to Section 9.1
#### 4. Conformance Process Accuracy
**Review**: Validate conformance assessment process in Section 8 is correct and complete
**Method**: Compare Section 8 guidance against official conformance requirements and practical assessment experience
**Topics to Validate**:
- **Section 8.1**: Preparation guidance complete and accurate?
- **Section 8.2**: Assessment types correctly described?
- **Section 8.3**: Checklists comprehensive (all controls covered)?
- **Section 8.3.5**: Evidence codes accurate (AUDIT codes)?
- **Section 8.4**: Evidence requirements correct?
**Specific Checks**:
1. **Checklist Completeness**:
- FA Credential: All FA1-FA5 controls? (Agent 12A verified: 19 controls)
- FA Facilitation: All FA6-FA13 controls? (Agent 12A verified: 23 controls)
- IA/BA: All IA + BA controls? (Agent 12A verified: 29 controls)
- AA: All AA controls? (Should be 38 controls)
2. **Evidence Code Accuracy**:
- Are AUDIT codes correct (AUDIT1.1, 1.2, 1.4, 3.2, 4.1, 4.2, etc.)?
- Do codes match official conformance framework?
- Are code descriptions accurate?
3. **Assessment Type Descriptions**:
- Self-assessment: Correct description and when appropriate?
- Qualified assessment: Correct description and requirements?
- Audited assessment: Correct description and requirements?
**Stage 10 Remediation Verification**: Agent confirmed FA and IA/BA checklists cover 100% of controls
**Success Criteria**:
- All checklists include all controls (no omissions)
- Evidence codes match official framework
- Assessment type descriptions accurate
- Process guidance practical and complete
**Expected Outcomes**:
- Validation of conformance process accuracy
- Identification of any checklist gaps
- Refinement of evidence code descriptions
- Possible enhancement of assessment guidance
#### 5. Technical Accuracy of Implementation Guidance
**Review**: Validate implementation guidance aligns with standards intent and technical requirements
**Method**: Review guidance sections in Sections 4-7 for technical correctness
**Sample Review Approach**: Select 10-15 guidance sections covering diverse topics
**Guidance Sections to Review**:
- **FA1.01**: Risk assessment guidance - technically sound?
- **FA3.01**: Credential content guidance - complete and accurate?
- **IA2.01**: Information accuracy verification - correct methods?
- **IA4.01**: Information retention - correct requirements?
- **AA5.03**: Authenticator protection - security best practices correct?
- **AA9.04**: Biometric standards - correct biometric guidance?
- **BA3.02**: Binding evidence capture - correct ceremony requirements?
**Validation Questions**:
1. Does guidance correctly interpret the control requirement?
2. Are technical recommendations sound?
3. Are examples realistic and accurate?
4. Is guidance complete (covers all aspects of control)?
5. Does guidance conflict with control statement?
**Success Criteria**:
- All reviewed guidance technically accurate
- No contradictions between controls and guidance
- Examples realistic and correct
- Recommendations align with industry best practices
**Expected Outcomes**:
- Validation of guidance technical correctness
- Identification of any technical errors
- Refinement of examples or recommendations
- Possible addition of missing guidance points
#### 6. External Content Integration
**Review**: Validate NCSC and Privacy Code integrations are accurate and appropriate
**NCSC Integration (Section 5.4)**:
- Are NCSC standards correctly cited?
- Are mappings to IA controls accurate?
- Are descriptions of NCSC standards correct?
- Is the relationship between NCSC and IA standards correctly explained?
**Biometric Privacy Code Integration (Section 6.4)**:
- Are all 13 Privacy Code rules correctly summarized?
- Are mappings to AA controls accurate?
- Is legal compliance date correct (3 November 2025)?
- Is Privacy Commissioner guidance correctly referenced?
- Is compliance checklist comprehensive?
**External Citations**:
- ISO/NIST standards (Section 9) - correctly cited and described?
- Other referenced standards - accurate references?
**Success Criteria**:
- NCSC standards correctly cited and mapped
- Privacy Code rules accurately summarized
- All external references correct
- Legal compliance requirements accurate
**Expected Outcomes**:
- Validation of external content accuracy
- Identification of any citation errors
- Refinement of mappings or descriptions
- Confirmation of legal compliance information
### Validation Methodology
**Recommended Approach**: Systematic review with sampling and verification checklist
**Process**:
1. **Standards Integrity Review** (8 hours):
- Verify 35 controls against official DocRef standards
- Check all 109 control IDs
- Validate normative language preservation
2. **Terminology Review** (4 hours):
- Review Section 9.1 definitions
- Spot-check usage in 3-4 sections
- Identify inconsistencies
3. **Conformance Process Review** (6 hours):
- Review Section 8 guidance
- Verify checklist completeness
- Validate evidence codes
4. **Technical Guidance Review** (6 hours):
- Review 10-15 guidance sections
- Check technical recommendations
- Validate examples
5. **External Content Review** (4 hours):
- Review NCSC integration
- Review Privacy Code integration
- Check external citations
**Total Effort**: ~28 hours over 1-2 weeks
**Deliverable**: Conformance validation report with findings, any corrections needed, and approval recommendation
### Expected Timeline
- **Initial review**: 1 week (can be split across days)
- **Follow-up verification** (if issues found): 3-5 days
- **Report preparation**: 2-3 days
- **Total**: 2-3 weeks
---
## Review Stream 3: Technical Review (Subject Matter Experts)
### Objectives
Validate technical correctness of all standards, implementation guidance, and recommendations through expert domain review.
### Status: ✅ READY FOR TECHNICAL REVIEW
**Foundation for Review**:
- Agent 12A: Standards integrity verified (94/109 controls)
- Agent 12D: Technical accuracy confirmed
- All normative language preserved exactly
- Implementation guidance transformed to active voice maintaining technical correctness
### Focus Areas by Domain
#### 1. Federation Assurance (FA) - Federation and Credential Lifecycle Experts
**Review Section**: Section 4 (935 lines)
**Expert Profile**: Federation protocols, credential issuance, identity lifecycle management
**Review Focus**:
- **Objectives 1-5** (Credential Establishment): Credential creation, issuance, and lifecycle
- Risk assessment requirements (FA1.01)
- Credential content and format (FA3.01-FA3.02)
- Credential activation and delivery (FA4.01-FA4.02)
- Suspension and revocation (FA5.01-FA5.10)
- **Objectives 6-13** (Facilitation Mechanisms): Federation protocols and technical infrastructure
- Privacy federation (FA6.01-FA6.04)
- Federated attributes (FA7.01-FA7.05)
- Authentication statements (FA8.01-FA8.05)
- Relying party integration (FA10.01-FA10.04)
- Facilitation systems (FA11.01-FA11.05)
**Validation Questions**:
1. Do control requirements reflect current federation best practices?
2. Is implementation guidance technically sound for federation protocols (SAML, OpenID Connect)?
3. Are credential lifecycle recommendations correct?
4. Do examples reflect realistic federation scenarios?
5. Are there any missing technical considerations?
**Expected Outcomes**:
- Validation of federation protocol guidance
- Refinement of technical recommendations
- Possible addition of protocol-specific examples
- Identification of emerging practices to consider
#### 2. Information Assurance (IA) - Information Security and Data Management Experts
**Review Section**: Section 5 (531 lines, includes NCSC integration)
**Expert Profile**: Information security, data quality, NCSC standards
**Review Focus**:
- **Objective 1** (Risk Management): Information risk assessment
- **Objective 2** (Accuracy): Information verification and validation
- **Objective 3** (Security): Information protection and encryption
- **Objective 4** (Retention): Information lifecycle and disposal
- **Objective 5** (Recovery): Business continuity and disaster recovery
- **Section 5.4** (NCSC Integration): Cybersecurity standards mapping
**Validation Questions**:
1. Do information security controls align with current best practices?
2. Are NCSC standard mappings accurate and complete?
3. Is encryption guidance current (TLS versions, algorithms)?
4. Are retention requirements appropriate?
5. Is recovery guidance comprehensive?
6. Should additional NCSC standards be referenced?
**Expected Outcomes**:
- Validation of information security guidance
- Confirmation of NCSC mappings
- Possible updates to encryption recommendations
- Refinement of recovery planning guidance
#### 3. Authentication Assurance (AA) - Authentication and Biometric Experts
**Review Section**: Section 6 (1,232 lines, includes Privacy Code integration)
**Expert Profile**: Authentication methods, cryptography, biometrics, privacy law
**Review Focus**:
- **Objectives 1-3** (Authenticator Types): Authenticator classification and requirements
- **Objectives 4-7** (Authenticator Lifecycle): Issuance, binding, renewal, revocation
- **Objectives 8-10** (Authenticator Management): Protection, verification, strength
- **Section 6.4** (Biometric Privacy): Privacy Code compliance
**Validation Questions**:
1. Do authenticator classifications reflect current technology (passkeys, FIDO2)?
2. Are cryptographic requirements current (key lengths, algorithms)?
3. Is biometric guidance technically accurate?
4. Are Privacy Code requirements correctly interpreted?
5. Do multi-factor authentication recommendations align with best practices?
6. Are authenticator strength calculations correct?
**Expected Outcomes**:
- Validation of authenticator guidance
- Confirmation of Privacy Code interpretation
- Possible updates for emerging authentication methods
- Refinement of biometric privacy guidance
#### 4. Binding Assurance (BA) - Identity Proofing and Verification Experts
**Review Section**: Section 7 (591 lines)
**Expert Profile**: Identity proofing, document verification, biometric binding
**Review Focus**:
- **Objective 1** (Binding Risk): Binding risk assessment
- **Objective 2** (Binding Methods): Identity proofing techniques
- **Objective 3** (Binding Evidence): Evidence capture and documentation
- **Objective 4** (Binding Strength): Strength assessment
- **Objective 5** (Binding Retention): Evidence retention and disposal
**Validation Questions**:
1. Do identity proofing methods reflect current best practices?
2. Are document verification requirements appropriate?
3. Is biometric binding guidance correct?
4. Are binding strength assessments technically sound?
5. Are evidence retention requirements appropriate?
**Expected Outcomes**:
- Validation of identity proofing guidance
- Confirmation of binding strength calculations
- Possible refinement of evidence requirements
- Updates for emerging proofing technologies
#### 5. Risk Assessment - Counter-Fraud and Risk Management Experts
**Review Section**: Section 2 (563 lines)
**Expert Profile**: Fraud prevention, risk assessment, ISO 31000
**Review Focus**:
- 8-step risk assessment process
- Threat actor analysis and motivations
- Counter-fraud technique selection
- Risk-to-assurance mapping
- Likelihood and impact assessment
**Validation Questions**:
1. Is ISO 31000 methodology correctly applied?
2. Are threat actor motivations realistic and comprehensive?
3. Are counter-fraud techniques appropriate and current?
4. Is risk-to-assurance mapping sound?
5. Are examples realistic for government services?
**Expected Outcomes**:
- Validation of risk methodology
- Refinement of threat actor analysis
- Possible addition of emerging fraud techniques
- Updates to risk-to-assurance mapping
#### 6. Assurance Level Framework - Identity Standards Experts
**Review Section**: Section 3 (411 lines)
**Expert Profile**: NIST 800-63 framework, assurance level design
**Review Focus**:
- LoIA, LoBA, LoAA, LoFA definitions
- Level progressions (1→2→3→4)
- Decision criteria for level selection
- Risk-to-level mapping
**Validation Questions**:
1. Do assurance levels align with international standards (NIST 800-63)?
2. Are level progressions appropriate?
3. Are decision criteria clear and practical?
4. Is risk-to-level mapping sound?
**Expected Outcomes**:
- Validation of assurance level framework
- Confirmation of international alignment
- Possible refinement of decision criteria
- Updates to mapping guidance
### Technical Review Methodology
**Recommended Approach**: Distributed expert review with structured feedback
**Process**:
1. **Expert Recruitment** (1 week):
- Identify 1-2 experts per domain (6 domains)
- Brief experts on review scope and focus areas
- Provide review templates and questions
2. **Individual Reviews** (2-3 weeks):
- Each expert reviews assigned section independently
- Experts use structured review template
- Experts identify technical issues, inaccuracies, or improvements
3. **Consolidated Review Meeting** (1 session, 2-3 hours):
- All experts discuss findings
- Identify common themes
- Prioritize issues
- Reach consensus on recommendations
4. **Report Preparation** (1 week):
- Consolidate expert feedback
- Prioritize recommendations (critical/important/nice-to-have)
- Prepare implementation plan for recommendations
**Total Effort**: ~40 expert hours distributed across 6 experts
**Deliverable**: Technical review report with expert findings, prioritized recommendations, and implementation plan
### Expected Timeline
- **Expert recruitment**: 1 week
- **Individual reviews**: 2-3 weeks (accommodate expert schedules)
- **Consolidated meeting**: 1 day
- **Report preparation**: 1 week
- **Total**: 5-6 weeks
---
## Review Coordination and Sequencing
### Recommended Sequence
#### Option 1: Sequential (Lower Risk, Slower)
**Week 1-3**: Joanne's conformance/terminology validation
- Validates technical accuracy first
- Identifies any corrections needed before usability testing
- Confirms standards integrity
**Week 4-9**: Technical SME review (parallel with usability testing)
- Validates implementation guidance correctness
- Can incorporate Joanne's feedback
- Proceeds in parallel with usability for efficiency
**Week 4-7**: Adele's usability testing (parallel with technical review)
- Tests with validated, technically correct content
- Identifies navigation and presentation improvements
- Can reference technical validation results
**Benefits**:
- Technical issues corrected before usability testing
- Lower risk of testing with incorrect content
- Clear dependencies
**Drawbacks**:
- Longer overall timeline (9 weeks)
- Usability feedback might require technical re-review
#### Option 2: Parallel (Higher Risk, Faster)
**Week 1-4**: All three reviews proceed simultaneously
- Joanne: Conformance validation
- Technical SMEs: Domain reviews
- Adele: Usability testing
**Week 5-6**: Consolidate all feedback and implement changes
**Benefits**:
- Faster completion (6 weeks)
- All perspectives gathered simultaneously
- Efficient use of stakeholder time
**Drawbacks**:
- Risk of conflicting feedback
- Possible need to re-test if technical changes affect usability
- More coordination complexity
#### Recommended Approach: **Hybrid (Balanced)**
**Week 1-2**: Joanne's conformance validation (priority: standards integrity)
- Focus on critical constraint verification
- Identify any standards text issues
**Week 3-8**: Parallel Technical + Usability reviews
- Technical SMEs and Adele proceed in parallel
- Minor technical corrections won't affect usability findings
- Both reviews reference Joanne's validation
**Week 9-10**: Consolidate feedback and implement changes
**Benefits**:
- Standards integrity confirmed first (critical constraint)
- Efficient parallel review after validation
- Manageable timeline (10 weeks)
**Timeline**: 10 weeks total
---
## Feedback Consolidation Process
### After All Reviews Complete
**Step 1: Organize Feedback by Type** (2-3 days)
**Categories**:
1. **Critical Issues** (must fix before deployment):
- Standards text errors
- Technical inaccuracies
- Broken references
- Legal compliance errors
2. **Important Improvements** (should fix before deployment):
- Usability problems affecting findability
- Missing technical guidance
- Terminology inconsistencies
- Navigation improvements
3. **Nice-to-Have Enhancements** (could implement post-deployment):
- Additional examples
- Enhanced explanations
- Visual improvements
- Future feature ideas
**Step 2: Prioritize Within Categories** (1-2 days)
Use criteria:
- **Impact**: How many users affected? How severely?
- **Effort**: How complex to implement?
- **Dependencies**: What depends on this change?
- **Urgency**: Blocks deployment? Affects compliance?
**Step 3: Develop Implementation Plan** (2-3 days)
For each prioritized item:
- **What to change**: Specific sections, content, structure
- **How to change**: Detailed implementation approach
- **Who implements**: Assign responsibility
- **Estimated effort**: Time required
- **Verification needed**: How to confirm change is correct
**Step 4: Implement Changes** (1-4 weeks, depending on scope)
**Process**:
1. Make changes to consolidated document
2. Verify changes don't affect other sections
3. Update verification reports if needed
4. Document all changes in change log
**Step 5: Re-Verification** (3-5 days)
**Focus**: Verify changes didn't introduce new issues
**Check**:
- Standards text still intact (if any changes near controls)
- Cross-references still correct
- Formatting consistent
- New content follows style guide
**Step 6: Final Approval** (1 week)
**Process**:
1. Circulate updated document to reviewers
2. Confirm all feedback addressed
3. Obtain final approval from Tom and stakeholders
4. Mark document as approved for deployment
---
## Review Deliverables
### From Usability Testing (Adele)
**Report Contents**:
1. Executive summary of findings
2. Participant demographics and roles
3. Task success rates and completion times
4. Navigation path analysis
5. Key findings by focus area
6. Prioritized recommendations
7. Quotes and observations from participants
8. Appendices: Task descriptions, raw data
**Expected Size**: 15-25 pages
### From Conformance Validation (Joanne)
**Report Contents**:
1. Executive summary of validation
2. Standards integrity verification results (35 controls)
3. Control numbering and cross-reference check results
4. Terminology consistency findings
5. Conformance process accuracy validation
6. Technical guidance review findings
7. External content validation results
8. List of issues found (if any) with recommendations
9. Approval status and conditions
**Expected Size**: 20-30 pages
### From Technical Review (SMEs)
**Report Contents**:
1. Executive summary of technical review
2. Findings by domain (FA, IA, AA, BA, Risk, LoA)
3. Technical accuracy validation
4. Implementation guidance assessment
5. Examples and recommendations review
6. Emerging practices and standards to consider
7. Prioritized recommendations by criticality
8. Consensus recommendations from expert panel
9. Appendices: Individual expert reports
**Expected Size**: 25-40 pages
---
## Success Criteria for Stakeholder Review
### Usability Testing Success
- ✅ 80%+ success rate on findability tasks
- ✅ Users express high confidence in navigation
- ✅ Role-based entry points validated by users
- ✅ 80%+ users rate structure as "better" or "significantly better"
- ✅ No critical usability blockers identified
### Conformance Validation Success
- ✅ 100% of verified controls match official standards
- ✅ All control numbering correct
- ✅ Terminology usage consistent
- ✅ Conformance process accurate and complete
- ✅ Technical guidance aligns with standards
- ✅ Joanne approves document for deployment
### Technical Review Success
- ✅ All technical content validated by domain experts
- ✅ No critical technical errors identified
- ✅ Implementation guidance technically sound
- ✅ Examples realistic and accurate
- ✅ Recommendations align with best practices
- ✅ Expert consensus on document quality
---
## Post-Review Next Steps
### If All Reviews Pass
**Proceed to Deployment**:
1. Address any minor/nice-to-have recommendations
2. Finalize documentation package
3. Prepare deployment communications
4. Plan transition from old to new structure
5. Deploy new consolidated standards
### If Issues Found
**Remediation Process**:
1. Prioritize issues (critical/important/nice-to-have)
2. Implement critical fixes immediately
3. Plan important improvements
4. Schedule nice-to-have enhancements
5. Re-verify affected sections
6. Return to stakeholders for approval of changes
### Ongoing Monitoring
**Post-Deployment**:
1. Collect user feedback on new structure
2. Monitor usage patterns
3. Identify areas for improvement
4. Plan periodic reviews
5. Update as standards evolve
---
## Stakeholder Contact and Coordination
### Key Stakeholders
**Adele** (Usability Testing):
- Role: User experience and navigation validation
- Deliverable: Usability testing report
- Timeline: 4 weeks
**Joanne** (Conformance Validation):
- Role: Technical accuracy and conformance process validation
- Deliverable: Conformance validation report
- Timeline: 2-3 weeks
**Technical SMEs** (Domain Reviews):
- Roles: Federation, Information Security, Authentication, Binding, Risk, LoA experts
- Deliverable: Technical review report
- Timeline: 5-6 weeks
**Tom Barraclough** (Project Lead):
- Role: Overall approval and coordination
- Reviews: All stakeholder reports and final document
- Final approval authority
**GCDO Office**:
- Role: Project coordination and deployment planning
- Reviews: Final documentation package
- Supports: Stakeholder engagement and communication
### Coordination Meetings
**Recommended Schedule**:
**Kickoff Meeting** (Week 1):
- All stakeholders
- Review plan and timelines
- Clarify roles and deliverables
- Address questions
**Mid-Point Check-In** (Week 5):
- Tom + all reviewers
- Progress update
- Early findings discussion
- Address any blockers
**Final Review Meeting** (Week 10):
- All stakeholders
- Present consolidated feedback
- Discuss prioritization
- Agree on implementation plan
---
## Conclusion
The consolidated Identification Standards are ready for comprehensive stakeholder review across three critical dimensions: usability, conformance/terminology, and technical accuracy. This plan provides structured approach for effective validation while managing timeline, coordination, and feedback consolidation.
**Key Success Factors**:
1. Clear focus areas for each review stream
2. Appropriate methodology for each review type
3. Manageable timelines with coordination
4. Structured feedback consolidation process
5. Clear success criteria for each review
**Recommended Approach**: Hybrid sequencing (Joanne first, then parallel Technical + Usability)
**Expected Timeline**: 10 weeks to complete all reviews and consolidate feedback
**Next Steps**: Initiate stakeholder engagement and schedule kickoff meeting
---
**Document Prepared**: 2025-11-20
**Stage 13 Task**: Stakeholder Review Plan
**Status**: COMPLETE