Succeeding with a Strategic Approach
One of the most common mistakes made by companies when rolling out a biometric solution is thinking that biometric controls are a plug-and-play technology. The reality is that biometric solutions are 10% technology and 90% policy and management.
An effective biometric solution rollout must be deployed in the context of an effective methodology. Project planning and requirement definition is imperative to success.
The quality that separates an effective rollout project plan from an ineffective one is attention to detail.
For biometric security controls to work, they must be deployed in a strict, methodical fashion. There are many attributes that need to be taken into consideration. Everything from budget to politics and culture to staff training and support will be affected by the decision to implement biometric controls.
Toward this goal, a successful biometric controls project should employ a strategic approach comprised of three broad phases: design, positioning, and deployment.
The Design Phase. The purpose of this initial phase is to fully define the business drivers for the biometric rollout, enumerate relevant regulatory requirements, and perform a pilot test. A significant portion of project time should be invested within the design phase to ensure the success of the project. During design, the attributes mentioned above should be identified and detailed, with an action plan drafted accordingly.
The design phase may also include performing solution identification and evaluation. In the case that a solution is identified, a pilot must be performed to test the efficacy and adequacy of the solution. During the pilot, key stakeholders should be given an opportunity for hands-on testing to ensure that pre-identified concerns are addressed and to determine if other concerns may exist that were not previously identified.
This phase of work should not only focus on the technical aspects of the given biometrics suite but should also include an evaluation of cultural and social issues relevant within a given environment. A training and awareness program should be chartered to support future phases of the project. The objective of this phase is to thoroughly define the problem space and contributing factors, identify and test a solution, and develop the base framework for training and awareness.
The Positioning Phase. During the positioning phase, legacy systems will need to be updated or bypassed, overall project risks determined, and a training and awareness program should be launched. All decisions should be supported by the risk management process, such as identifying key risks and performing a trade-off analysis to help ensure that the proper degree of risk resiliency will be achieved (or maintained) by deploying the chosen solution.
The primary objective of the positioning phase is to initiate and to complete intermediate changes required supporting the pending full deployment of the solution. This phase provides another opportunity to pull the emergency brake on the project should it be determined that the solution does not meet the needs of the business, or that it makes the organization less risk-resilient.
By the end of this phase, all stakeholders should be comfortable with the solution and the deployment plan. The deployment plan should be evaluated independently to minimize related risks, and the results of the pilot should be integrated into the plan as part of lessons learned.
The Deployment Phase. During the deployment phase, hardware and software are implemented, end-user training and awareness are mainstreamed, and steps are taken to ensure continuing process improvement. Biometric controls should be fully functional by the end of this phase, and the overall risk posture of the enterprise changed favorably. The enterprise should be more resilient to risk than at the onset of the project.
Deployment Requirements. Generally speaking, for a biometric controls' deployment to be successful, it must fulfill the following seven requirements.