5. Usage Scenarios

The Evidence of Identity Standard SHOULD be used by agencies when they design or update any service, regardless of that service’s delivery channel(s).

The full suite of authentication standards is intended to be used by agencies when they:

• design new or expanded services for online delivery
• migrate existing offline services to online channels
• refresh the technology underlying existing online services.

Agencies designing new or expanded services for online delivery SHOULD use the authentication standards to evaluate the identity-related risks inherent in their services and to implement appropriate evidence of identity business processes and authentication keys.

Agencies migrating offline services for online delivery SHOULD use the authentication standards to evaluate the identity-related risks inherent in their services. This evaluation will enable agencies to review the appropriateness of existing evidence of identity business processes, to amend them as required and to implement appropriate authentication keys.

Agencies refreshing existing online services SHOULD use the authentication standards to evaluate the identity-related risks inherent in their services. This evaluation will enable agencies to review existing evidence of identity business processes and authentication keys to determine their appropriateness. These processes and keys SHOULD be amended as required.

NOTE –

(1) This Guide does not provide guidance for any of the change management processes associated with the usage scenarios outlined in this section.

(2) Agencies should note that they need to ensure there is adequate business continuity planning (BCP) for their online services.