Streamline Identity Management Playbook

Edit this page

Step 3 - Improve Back-end Collection Processes


Back-end processes are used to obtain identity data to determine where processes can be enhanced and improved. Per OMB Circular A-123, management is responsible for establishing and maintaining internal controls to achieve the objectives of effective and efficient operations, reliable financial reporting, and compliance with applicable laws and regulations. This responsibility is also held by ICAM implementers, who are accountable for improving the effectiveness, quality, and productivity of federal programs and operations. The goals of OMB Circular A-123 closely align with the effort to improve the processes within an agency that collect identity data.

Checklist

 Conduct internal information gathering with business owners to identify all of the processes within the core business areas that involve collection of identity. Use specific criteria to define what constitutes a core business process. Take steps to ensure successful engagement and participation of relevant process owners. Take steps to ensure the availability of process and related data element information gathered.

 Examine these processes and document the collection methods and types of identity information that is collected. Identity inefficiencies. Determine which process steps provide value and which do not. Take note of process frequency. Inventory the data sources. Understand how long both the entire process and each step/section takes. Perform quality checks to determine accuracy and completeness of information.

 Use information from the data analysis to identify and prioritize improvement opportunities for inclusion in an implementation plan. Isolate redundancies in process steps, forms, and data elements. Identify paper-based collection methods that can be automated. Identify manual data entry points.

 Provide implementation plan to business process owners and provide recommendations on how to streamline, automate, and enhance identity data collection. Integrate similar, redundant processes. Minimize duplicative information collection. Replace paper-based collection processes with electronic methods, as appropriate. Automate manual processes, as appropriate.

 Business process owners put the implementation plan into action. Implement relevant metrics for digital identity processes. Establish training needs. Make updates to relevant process documentation, etc.

 Develop methods for continuously monitoring and measuring success of the process improvement effort. Conduct surveys to trach end-user satisfaction. Conduct surveys to support staff productivity and satisfaction. Capture process efficiency, data quality, and cost savings. Establish governance and reporting requirements. Create a process control board. Review audit logs and workflow of sensitive information flows.

Benefits

 Increased levels of process efficiency. The need to manually collect and manage data significantly decreases, allowing agencies to focus on core business functions.

 Cost savings. Reducing the number of hours spent collecting, managing, and reconciling identity data, along with fewer required systems and processes to store and maintain data, will lead to lower costs.

 Enhanced security and privacy. Integrating digital identity creation processes results in fewer collection points, reducing opportunities for data leakage and/or theft through automated access control to identity data. Furthermore, eliminating paper-based collection methods also reduces additional security and space requirements associated with storing and securing paper files.

 Enhanced compliance with Federal regulations and guidance. The tight integration of the digital identity creation processes and elimination of paper-based collection methods helps agencies comply with the Government Paperwork Elimination Act (GPEA).


Privacy Tip

Electronic security methods (e.g., encryption, role-based access control, etc.), when deployed as part of an agency’s overall security program, can be more efficient, more reliable, and less expensive than traditional methods (e.g., locked rooms, filing cabinets, etc.) for protecting sensitive data. However, an agency should consult with its Privacy Offer to ensure these electronic methods adhere to privacy laws, directives, and policies.