On this page

Purpose

Step 1 is about reviewing your current state ID verification processes. 

This discovery process will help you to determine:

  • the appropriateness of Digital ID verification for your agency's services and systems
  • whether Digital ID verification is currently in use within your agency  
  • how Digital ID verification can enhance operations, service delivery and compliance
  • identify opportunities for better compliance, efficiency, and risk management
  • feasibility insights that can assist you to develop an effective ICT investment business case.

Action 1: Is Digital ID appropriate for your organisation?

Please answer the following questions with either Yes or No:

  • does your agency currently require users to verify their ID to access any systems, platforms or services?  
  • do you verify personal or business details before granting access to services or systems?  
  • do authorised individuals need to act on behalf of their organisation to access your systems or services?
  • does your agency copy, store or archive ID documents as part of its current ID verification processes?  
  • does your agency have obligations to reduce the amount of personal data it collects and stores?

If you answered YES to any or all the above questions, complete the following assessment with as much detail as possible.  

If you answered NO to all the above questions, Digital ID verification may not be suitable for your agency's needs at this time. 

An attribute is a piece of information associated with a person. For example, a person’s:

  • name
  • address
  • date of birth. 

Some attributes are restricted from being disclosed to relying parties, except in certain circumstances. Restricted attributes are attributes protected by additional privacy protections in the Digital ID Act. A restricted attribute is information such as:  

  • identity document numbers such as a driver's licence or passport number
  • tax file numbers (TFN)
  • Medicare numbers
  • health information
  • the unique identifier of a particular version of a document or credential (e.g. the card number for a particular version of a driver license).  

Restricted attributes need to be specifically requested through the approval process with the Digital ID Regulator. An individual’s Digital ID provider or attribute service provider can only provide restricted attributes to you if they are authorised to do so under their accreditation conditions. 

For more information on restricted attributes and accreditation please contact: DigitalIDRegulator@accc.gov.au  

On this page

Action 2: Mapping current verification processes

Write down your answers to the questions in the following sections in as much detail as possible. The answers to these questions will help with future steps.

Scope and coverage  

These questions seek to help you understand the scope of ID verification processes in place across your organisation. This will help you to assess the potential coverage of where Digital ID adoption be used for identity verification.

In your agency:

  • what services or systems require ID verification (e.g. onboarding, access control or service delivery)?  
  • is the approach consistent across systems, channels and business units?  
  • are legacy systems or manual processes causing delays, errors or inefficiencies?  

Compliance and governance  

These questions seek to help you assess how your organisation undertakes ID verification against existing policy. This will evaluate regulatory alignment and audit readiness to adopt Digital ID.  

In your organisation:

  • do current ID processes meet internal policies and external regulatory requirements (e.g. data minimisation and data retention policies)?
  • is it easy to audit, trace and demonstrate compliance for privacy and data security?  
  • is there an opportunity to no longer collect information that you don’t need for compliance (e.g. document numbers and expiry dates)?  

Process and experience  

These questions seek to understand how ID verification is currently performed and its impact.

Within your organisation:

  • are ID checks performed manually (e.g. visual inspection or email-based validation) rather than through automated systems?  
  • what data types are verified (e.g. name, address, date of birth or biometrics)?  
  • how long does verification take and what is the user experience like?  

Performance and impact  

These questions measure operational reliability and service outcomes for current state ID verification practices.

 In your organisation:

  • are verification failures common and what are the root causes of these failures?  
  • are fallback options available and how effective are they?  
  • what is the impact on service delivery, support teams and customer satisfaction?  

Action 3: Is Digital ID adoption feasible for your organisation?

This section will use the findings from the self-assessment to help determine if Digital ID is a viable enabling option for your agency’s needs.  

Digital ID adds value if:

  • ID verification needs are widespread, inconsistent or reliant on outdated systems  
  • compliance is complex, fragmented or difficult to monitor  
  • processes are slow, inconsistent or burdensome for operations or uses  
  • current systems cause service disruptions, delays or require heavy support.  

Outcome

With this self-assessment you should be able to determine if Digital ID meets and improves your service delivery needs. The information collected from the feasibility assessment may be useful when creating an ICT business case.

Getting support

You can speak with your agency’s IT and security areas for help to answer the questions in Step 1.

To provide feedback on this step, please contact us

The Department of Finance acknowledges the Traditional Owners and Custodians throughout Australia and their continuing connection to land, water and community.