Develop Policy Documents

The Methodology

Now that the group of users involved in the pilot is much larger than the POC group, official policy documents need to be created based on the feedback and experiences of the POC group . Some of the policy documents include:

• Dealing with a mixed environment ” With the increase in scope for the pilot, there will be a larger number of users involved. With this larger installed base, there are now issues of piloting in a mixed environment. This means that documents need to be created to explain how to work in a mixed environment.

• Support responsibilities ” The support infrastructure needs to be able to handle a larger installed user base. It is no longer feasible to have the IT support stakeholders themselves providing support. A support group needs to be created using the normal support structure of the company. Members of the IT support group should already be familiar with the biometric system from their POC involvement. By involving them in the POC and making them stakeholders, a successful support groundwork has been laid.

• Pilot selection criteria ” Since the POC group was smaller, it was easier to decide who should be a part of the POC. With the larger scale of the pilot, it will no longer be feasible to know each participant. Thus, pilot user selection criteria need to be created which should include technological requirements, business function requirements, user's availability for the pilot timeframe requirements, and lastly, the willingness to accept possibly unstable software on the user's desktop. Most users want to have the latest and greatest software, so there will be no end of volunteers for the project. The project team needs to set a maximum number of users. This number of users is chosen so that there is a large enough sampling of users to be representative of the user population, yet small enough that the new IT support infrastructure can scale up to meet the support demand.

• Brochures and documents for pilot users ” While it is very unlikely that any end-user ever reads documentation, a good tri-fold brochure is likely to be referenced occasionally. This brochure should list the support numbers to call, the manager of the project, the goals of the project, how the user interacts with the new hardware and software, and how long the pilot is going to last. More detailed documentation can be created and given to the users when they have completed their training. These documents should be in reference format and should cover the most frequently asked questions and the most common tasks .

• Guidelines for dealing with remote and laptop users ” With the need to provide flexible work arrangements and the need for employees to travel, policy documents must cover remote and laptop users. The pilot must be representative of the entire user population. Thus, at some point during the pilot, the remote and laptop users' needs should be addressed. Perhaps the project team will decide that remote and laptop users are outside the scope of the project. If that is the case, the policy documents should state this.

• Security policies ” With the implementation of any new security offering, current policies and procedures may need updating, or new ones may need to be created. These changes could be caused by the new methodologies being used or features that the biometric system offers. For example, one security policy may state that after three authentication attempts, the user account must be locked. With a biometric system, this may not be feasible. A user may take more than three attempts to verify while becoming habituated, or the biometric itself may have a high failure-to-verify rate. In addition, an old policy may have been put into place to prevent brute-force attacks on passwords. Biometrics, on the other hand, are not susceptible to brute-force attacks like passwords. Thus, such a policy will need to be updated.