UCP checklist: Step-by-step validation for AI-generated eCommerce stores

AI-generated storefronts introduce new operational risks and validation requirements that traditional eCommerce checklists do not cover. The UCP checklist provides a focused set of validations specifically designed for AI-driven commerce experiences, and the first paragraph names the UCP checklist as an operational baseline for teams responsible for product quality, compliance and time-to-market. Third-party observers and engineering leads will find the approach below practical, actionable and aligned with modern product delivery practices.

Why a specific validation for AI-generated eCommerce stores matters

AI agents and generative models change the shape of product data, personalization and customer interactions. Traditional QA looks at page rendering, basic checkout flows and analytic tags; AI-driven stores introduce model outputs, agent orchestration, dynamic catalog generation and identity-based personalization that require different signals and ownership. Stakeholders need a validation framework that separates discovery, fidelity and security risks while remaining executable by cross-functional teams.

A focused UCP checklist clarifies ownership across product, engineering and security and reduces friction during onboarding and audits. Teams responsible for scaling commerce must ensure that product-market fit remains visible and that automated agents do not introduce pricing errors, incorrect product claims or regulatory exposure. This section establishes why the checklist exists and why it is necessary for modern stores powered by AI.

Practical outcomes from a disciplined validation program include fewer customer complaints, measurable conversion uplifts from corrected personalization, and lower incident resolution time because failures are detected earlier. The UCP checklist was designed with those outcomes in mind, and it complements standard eCommerce QA by adding model, agent and data lineage checks. Cross-functional teams can adopt the checklist to reduce time-to-launch while preserving quality and trust.

Large platform teams and bootstrapped startups alike benefit from a single, structured validation that maps directly to engineering artifacts, product acceptance criteria and security gates. This reduces rework and clarifies the minimum evidence required to sign off on AI-driven features. It also creates a baseline for automation, observability and post-launch audits.

The UCP checklist framework: Discovery, Fidelity, Security

The UCP checklist organizes validation tasks into three pillars that address critical failure domains for AI stores: Discovery, Fidelity, and Security. Each pillar focuses on distinct risk types and provides a repeatable set of checks that can be executed manually or automated into CI pipelines. The framework emphasizes measurable outputs and clear ownership.

• Discovery: Confirms that product data, taxonomies and user research align with the store’s UX and business objectives.
• Fidelity: Ensures model outputs, personalization logic and pricing reflect the intended product and legal constraints.
• Security: Verifies authentication, payment flows and privacy protections to mitigate fraud and regulatory exposure.

A short list like the one above helps teams prioritize initial audits and build role-based task assignments. It also maps directly to remediation playbooks: discovery failures typically require product or content fixes, fidelity failures need model or integration changes, and security failures trigger incident response. Teams may find it useful to export the checklist as a CSV or PDF to assign tasks during an audit or onboarding review.

The framework scales with store complexity. For simple AI-assisted product tagging, teams can run a compact subset; for agent-driven multi-step purchase flows, a comprehensive pipeline of automated and manual tests will be required. This modularity supports inclusion in continuous validation workflows. For a practical reference aligned with UCP thinking, see modern validation guidance from the UCP Store Check sources UCP Store Check 2026: The Ultimate Validation Guide and UCP Check: AI Store Validation Guide.

Discovery checks: verifying catalog, taxonomy and user intent mapping

Discovery checks focus on the underlying product data and how it is surfaced to customers. A robust discovery validation prevents mismatches between what the model claims and what the catalog actually offers. This reduces returns, chargebacks and poor conversion due to incorrect availability or variants.

• Product data completeness: Ensure every product has the required fields (title, SKU, price, images, stock status, tax class).
• Taxonomy and categorization: Validate category mappings and search facets against expected customer journeys.
• Data lineage and source: Confirm the source of truth for product attributes and the process that updates them.

The list above is a starter for discovery validation. Each item should have an acceptance criterion: for example, “All active SKUs must include at least one image and a non-zero price.” The check should include tolerance thresholds for missing data and an SLA for remediation dependent on business priority.

Discovery also includes verification of derived data—fields generated or enriched by AI such as product descriptions, feature tags, or recommended attributes. Teams must confirm that enrichment jobs run as scheduled, tag confidence scores are stored, and that fallback content exists when model outputs are missing or low-confidence. These safeguards prevent empty product pages and misrepresentations.

Finally, discovery checks should include simple user-intent alignment tests: sample search queries should return appropriate items, category filters should behave predictably, and promotional labels must map to correct offers. Such checks are often manual initially, but they are prime candidates for automation as part of the UCP checklist execution.

Fidelity checks: ensuring model outputs and personalization are accurate

Fidelity checks test whether the AI-generated content and personalization align with the brand, pricing rules and legal constraints. Model hallucinations, incorrect price adjustments, or mismatched recommendations can cause direct revenue loss and regulatory risk. Fidelity validation reduces these outcomes by enforcing deterministic checks and content review gates.

• Content accuracy: Validate product descriptions and claims against authoritative data sources.
• Pricing and promotions: Check that dynamic pricing engines and AI recommendations respect price floors, margin rules and promotion blackouts.
• Personalization consistency: Ensure personalization outputs match user segments and do not expose sensitive inference.

A fidelity checklist feature might include sample-based audits where model outputs for a stratified sample of SKUs are compared against expected values. Confidence thresholds should be defined; outputs below the threshold must route to human review or fall back to default content. This hybrid human+AI validation reduces the chance that incorrect model outputs reach customers.

Fidelity also includes the behavior of agent-driven interactions. If conversational agents recommend products or make offers, their response templates must be validated for correctness, linkage to product pages, and safe fallbacks. Automated smoke tests that simulate buyer journeys can detect obvious errors such as mismatched product links or incorrect shipping times before they affect customers.

Practical fidelity checks often uncover systemic issues in training data, labeling practices or integration layers. Teams should capture root causes and feed corrective actions into model retraining and pipeline improvements to avoid recurrence.

Security and privacy checks: protecting customers and the business

Security for AI-generated stores extends beyond classic web security to include model access controls, data-minimization during inference and secure agent orchestration. A UCP checklist must therefore include checks that validate authentication flows, authorization boundaries, encryption in transit and at rest, and safe handling of personal data used for personalization.

• Authentication and session management: Confirm secure token issuance, expiry policies and session revocation controls.
• Payment and PCI considerations: Validate that payment flows remain within PCI scope and that sensitive data never reaches model APIs.
• Data minimization and consent: Ensure only consented data is used for personalization and that PII is masked during logging and model calls.

Any failing security check should escalate to the security owner with clear remediation timelines and an expectation of immediate mitigation for critical exposures. Security test outputs should be reproducible artifacts that feed into ticketing systems and post-mortem records. Integration of security checks into CI/CD helps catch regressions early.

Security validation must include threat assessments for AI-specific risks such as prompt injection, model poisoning, and lateral data access through orchestration services. Static and dynamic tests can be combined: static analysis of code and configuration, plus runtime fuzzing and adversarial prompt tests against agent interfaces.

Compliance audits often require traceable evidence. The UCP checklist promotes artifact collection—logs, policy documents, and test results—that auditors can review to confirm controls are in place and operational.

Infrastructure and observability checks: logging, monitoring and alarms

Observability validates that failure signals are captured, routed and actionable. AI-driven stores introduce additional failure modes: degraded model performance, increased latency in agent orchestration, and errors translating to customer-facing content. Infrastructure checks ensure visibility into those signals and predetermined remediation workflows.

• Centralized logging and tracing: Confirm that request traces include model call IDs, agent intent labels and relevant user context.
• Error classification and alerting: Define alerts for high-severity errors like failed checkouts, model timeouts or high rates of fallback messages.
• Runbook and incident response linkage: Ensure each critical alert maps to a runbook with a clear owner and SLA.

A reliable observability posture gives teams early notice of issues that affect conversion or revenue. For example, a sudden rise in fallback recommendations might indicate an upstream catalog ingestion failure; properly instrumented logs and metrics enable rapid diagnosis.

Observability also supports A/B experiments and rollback decisions by providing near-real-time impact metrics. Teams should track conversion, abort rates, and revenue per visit alongside model-specific telemetry. Putting these metrics into dashboards with alert thresholds reduces mean time to detect and mean time to resolve.

Teams should adopt lightweight, reproducible templates for runbooks and ensure incident retrospectives feed into refinement of the UCP checklist and validation scripts. This closes the operational loop from detection to prevention.

API, agent and orchestration tests: validating endpoints and agent behavior

APIs and agent orchestrations are the glue of AI-generated commerce. These components must be validated for contract compliance, latency, error handling and safe fallbacks. The UCP checklist includes both manual contract checks and automated integration tests that exercise typical and edge-case flows.

• Endpoint contract validation: Confirm schemas, response codes and field-level contracts for catalog, cart and model endpoints.
• Latency and reliability: Validate SLA observance for model calls and agent responses under expected load.
• Safe fallbacks and error messages: Ensure user-facing fallbacks are informative and do not leak internal data.

A small list of representative automated checks can be introduced early. Examples include a Postman collection that tests product endpoint contracts, a script that verifies model response schema and a CI task that runs simulated conversational flows. These assets decrease manual validation time and make releases safer.

Integration tests should include negative testing and adversarial scenarios. For agent orchestration, simulate malformed prompts, chain-of-thought failures and timeouts to confirm that systems degrade to a known-safe state. This reduces risk of exposing incorrect or harmful outputs to customers.

Finally, keep a versioned record of API contracts and agent behavior expectations in a repository that teams can audit. Changes to contracts should require sign-off from product, security and platform owners, ensuring cross-functional alignment.

Automated validation assets: scripts, Postman collections and CI snippets

Automation reduces friction and ensures repeatable validation. The UCP checklist recommends a small package of deliverables that teams can adopt immediately and extend over time. Each asset should be version-controlled and executed in CI pipelines or scheduled validation jobs.

• Postman/Insomnia collection for contract and response validation.
• Simple Node/Python scripts for model output sampling and schema checks.
• CI job templates to run tests on PRs and nightly pipelines.

A Postman collection might include requests that hit product, recommendation and model endpoints with pre-defined assertions for response codes, JSON schema compliance, and content checks. The collection can be exported and shared as an operational artifact for onboarding. Similarly, short scripts that request a stratified sample of SKUs and validate generated descriptions can detect regression in models or data drift.

CI integration is straightforward: run these assets as part of pre-release pipelines, and fail builds when critical checks break. For example, a test that validates that no product page returns a missing price should be blocking. Non-critical checks can be configured to run in nightly pipelines with ticket generation for failures.

Teams should maintain these assets in a dedicated validation repository and use issue templates for remediation. Versioned artifacts create a traceable record for audits and help new engineers understand system expectations.

Example automation snippet and test template

A short, generic test pattern demonstrates how to validate model outputs programmatically without exposing production secrets. The snippet below is a template concept and should be adapted to organization-specific SDKs and security constraints.

• Use API keys stored in CI secrets
• Query a small sample of SKUs
• Validate response schema and content confidence score thresholds

A pseudo-code approach helps teams translate the idea into concrete implementations within their stack. For instance, a Node script could fetch a list of products, call the model enrichment endpoint, and assert that each response includes a confidence field above a defined threshold or routes the item to manual review.

The template can be extended to test conversational agents: record sample prompts, execute orchestration flows, and assert that responses include product links, correct SKU references, and do not contain policy violations. Building these tests into pull request checks prevents regressions and increases release confidence.

Teams should treat the automation assets as living artifacts. As models and agents evolve, update tests and thresholds to match new behavior patterns and operational objectives.

Remediation playbook and prioritization: owners, SLAs and triage steps

Validation without remediation is cosmetic. The UCP checklist explicitly ties each check to a remediation playbook that contains the triage path, designated owner, required artifacts and remediation SLA. This clarity reduces debates about responsibility and speeds recovery.

• Triage levels: Define severity categories (Critical, High, Medium, Low) with associated SLAs.
• Ownership model: Assign primary and secondary owners for each check (product lead, engineer, security).
• Required artifacts: Specify logs, request traces and test outputs necessary to investigate.

A remediation playbook should include clear next steps for common failure modes: for a pricing mismatch, mark a high-severity ticket assigned to pricing engineering with a 4-hour SLA; for a missing image, assign to content ops with a 24-hour SLA. These deterministic paths reduce ambiguity and accelerate fixes.

Playbooks should also specify hot paths for escalation and rollback. For instance, if AI-generated recommendations cause a measurable drop in conversion within two hours, the playbook should define circuit breakers: disable recommendation calls, roll back feature flags, and notify stakeholders. Testing these playbook steps through tabletop exercises provides confidence in execution.

Finally, track remediation timelines and root causes to refine prioritization. Data from past incidents helps align SLAs with business impact and reduces over-investment in low-value checks.

Role-based task lists: developers, security, operations and product

Operationalizing the UCP checklist requires role-specific task lists that map tests to responsibilities. Clear lists reduce handoff friction and allow parallel execution during audits and onboarding. The lists below provide a starting point for common roles.

• Developers: implement API contract tests, maintain automation assets, and triage integration errors.
• Security: run adversarial prompt tests, validate tokenization, confirm PCI scope and encryption.
• Operations/DevOps: configure observability, ensure CI validation runs, and manage deployment rollbacks.
• Product/UX: validate content fidelity, approve fallback messages, prioritize fixes based on business impact.

Each role-based list should include explicit acceptance criteria and ownership for failing checks. For example, if a content accuracy check fails, the product owns the content review while engineering implements the data fix. Clear assignment avoids the “not my job” trap.

Role-based lists must be part of onboarding documentation and runbooks. New team members should be able to pick up the checklist, understand which tests are their responsibility, and find the right runbooks for remediation.

A properly implemented role model reduces time-to-resolution and ensures that security and product quality concerns receive the appropriate attention.

Prioritizing checks for fast time-to-market: minimum viable validation

Not every store needs the full validation suite before first launch. Prioritization should be risk-driven and aligned with business goals. The UCP checklist recommends a minimum viable validation set for early releases and an expansion path as features scale.

• Minimum viable validation: critical payment path, product data completeness, primary agent fallback.
• Next tier (post-launch): expanded contract tests, personalization sanity checks and observability dashboards.
• Continuous improvement: nightly validations, model sampling and scheduled audits.

Adopting a risk-based approach prevents unnecessary delays while preserving essential safeguards. Early launches can use feature flags to limit exposure of AI-driven features to small user segments while validation runs and confidence increase.

Prioritization should use explicit criteria such as revenue impact, regulatory exposure, and user trust. Checks that affect checkout and payment must be prioritized higher than cosmetic description quality, although the latter still affects conversion and deserves scheduled remediation.

A pragmatic roadmap and expansion plan ensure that validation keeps pace with product complexity without creating bottlenecks to market.

Illustrative remediation scenarios and expected outcomes (hypothetical examples)

Illustrative remediation scenarios help teams anticipate complexity and scale the UCP checklist. These are hypothetical examples intended to show how the checklist maps to operational outcomes rather than real case studies.

• Scenario: AI-generated descriptions misstate shipping times. Remediation: disable enrichment pipeline for shipping fields, route descriptions to manual review, update model training data; expected outcome: shipping-related complaints drop within 48 hours.
• Scenario: Dynamic pricing agent violates margin rules for promotional SKUs. Remediation: update pricing engine guardrails, add contract tests for price floors, enforce pre-deploy checks; expected outcome: margin violations eliminated and monitoring triggers alerts.
• Scenario: Prompt injection exposes internal API keys via an agent response. Remediation: rotate keys, implement input sanitization and context filtering for agents, add adversarial tests to CI; expected outcome: risk mitigated and post-incident audit documented.

These scenarios illustrate how the checklist supports both quick mitigations and systemic fixes. Teams should model remediation timelines conservatively and capture post-mortem learnings as artifacts for future audits.

Integrating the UCP checklist into the product lifecycle and governance

Embedding the UCP checklist into the product lifecycle ensures validations occur consistently from discovery through launch and post-launch. Governance is lightweight but explicit: each release must declare UCP status and any outstanding mitigations.

• Release gating: include a UCP sign-off artifact in release checklists indicating pass/fail status and open mitigations.
• Feature flags and staged rollouts: use flags to limit exposure until validation reaches acceptable thresholds.
• Audit trails: archive test results, remediation tickets and runbook executions for compliance.

Governance should balance speed and safety. A pragmatic approach uses risk-based gating, where low-impact features can proceed with scheduled post-launch checks while high-impact features require blocking validation. This reduces launch friction while maintaining accountability.

Operationally, governance is supported by a release dashboard that surfaces UCP check status per feature and links directly to artifacts and runbooks. That dashboard becomes the single source of truth for audit reviewers and product owners.

Metrics and KPIs: measuring the checklist’s business impact

Validation is valuable when it improves measurable outcomes. The UCP checklist recommends tracking a small set of KPIs that tie validation to business impact and operational health.

• Conversion rate and revenue per visit: measure before/after fixes for fidelity-related issues.
• Incident frequency and mean time to resolve (MTTR): track security and availability improvements.
• False-positive and fallback rates: monitor model degradation and the quality of personalization.

These KPIs should be instrumented and visible in business dashboards. Correlate model health metrics (confidence scores, fallback frequency) with business metrics to prioritize technical debt and model retraining.

Regular reporting on these KPIs helps justify validation investment and makes the case for automation. For example, a decrease in checkout errors after implementing a contract test provides evidence of ROI and supports broader adoption of automated UCP checks.

Tools, templates and operational assets to adopt now

Practical adoption is accelerated when teams have ready-to-use assets. The UCP checklist encourages a starter pack that operational teams can copy and adapt. The list below suggests high-impact assets.

• Checklist PDF and CSV template for audit runs.
• Postman collection and a sample CI job for API and agent tests.
• Role-based task lists and runbook templates for remediation.

These assets are intentionally minimal and built to be extended. Teams can begin with the checklist PDF during manual audits and progressively automate checks into CI as confidence grows. Version control the assets in a validation repository.

For teams seeking hands-on assistance and tailored implementations, discover how our platform can help by providing operational support and adapting UCP validations to specific tech stacks.

Frequently Asked Questions

Why does the UCP checklist feel more complex than traditional QA?

The integration of models and agents introduces nondeterministic outputs, external API dependencies and new data flows. Those elements increase variability and require additional schema, confidence and adversarial checks. The checklist balances complexity by modularizing checks so teams can adopt a minimum viable set and expand over time.

Will an external agency understand my product and users well enough to run the checklist?

Structured discovery, user research and collaborative workshops reduce onboarding risk. Agencies that maintain a discovery phase and provide tangible artifacts—user interviews, sample datasets and a mapped backlog—demonstrate alignment. Evidence-based discovery mitigates the concern that an external partner will miss domain-specific nuance.

Are agency costs higher than hiring internal staff for UCP validation?

Agencies often provide flexible engagement models, milestone-based billing and cross-functional teams that reduce coordination overhead. When measured by time-to-market and risk reduction, agency engagements can yield higher ROI—especially for early-stage teams that lack full-time expertise across product, engineering and security.

How should teams prioritize remediation when multiple checks fail?

Use a risk-driven approach: prioritize items that affect revenue and regulatory exposure first. Map each failure to an SLA and owner and apply circuit breakers for systemic issues like checkout failures or data leaks. Triage frameworks that connect business impact to technical severity produce faster, more effective outcomes.

What automated assets should be implemented first?

Start with the most business-critical checks: API contract tests for checkout paths, schema validations for product data and a small set of model output sampling scripts for high-traffic SKUs. These assets provide immediate protection and are straightforward to integrate into CI.

How can teams prevent model hallucinations from reaching customers?

Implement confidence thresholds, human-in-the-loop review for high-risk outputs, and robust fallback messaging. Regularly sample outputs and align training data with authoritative sources. Adversarial prompt testing in CI can also reduce the risk of hallucinations in agent responses.

Sources

1. UCP Store Check 2026: The Ultimate Validation Guide – Comprehensive technical diagnostic guidance and pillar framework used as a reference for discovery, fidelity and security checks.
2. UCP Check: AI Store Validation Guide – Practical guide with operational templates and implementation guidance that influenced the modular checklist and remediation playbooks.

Practical next steps

Operational teams often benefit from an immediate, low-friction engagement to translate the UCP checklist into executable tasks. For teams seeking tailored support and hands-on implementation from an experienced cross-functional partner, consider a short discovery engagement to map validation requirements to architecture and deployment plans. Book a free 30-minute discovery call with Presta to align the checklist to the store’s priorities and to access starter automation templates.

Governance artifacts and audit readiness

Audit readiness requires more than checks; it needs an evidence trail. The UCP checklist recommends archiving all validation outputs with contextual metadata and owner assignments. These artifacts include test run IDs, request traces for failed calls, remediation tickets and approvals. Properly curated evidence reduces audit friction and shortens response time to compliance queries.

To be audit-ready, document the following artifacts for each checklist run: the checklist version used, timestamped results with pass/fail statuses, remediation owner assignments and final sign-off. These elements create a compliance narrative that auditors can follow without requiring extensive ad hoc explanations.

Auditors expect reproducibility. Include scripts and Postman collections in the evidence so reviewers can rerun tests from source control. This transparency demonstrates operational control and helps build trust with internal and external stakeholders.

Long-term adoption: embedding validation into culture

The UCP checklist is effective when validation becomes part of engineering and product culture. That occurs when teams treat validation as continuous improvement rather than a gate. Practices that support cultural adoption include pairing engineers and product leads on remediation, celebrating metrics improvements, and running periodic tabletop exercises to rehearse playbooks.

Leadership can support adoption by making UCP status visible in executive dashboards and by allocating time each sprint for validation debt. Incentivizing ownership and connecting validation outcomes to business KPIs create durable change and reduce recurrence of preventable failures.

Automation helps culture change by lowering the cost of running checks. As teams automate more of the checklist into CI, validation becomes part of routine engineering workflows rather than a separate audit event.

Common pitfalls and how to avoid them

Several predictable mistakes slow adoption or reduce the checklist’s effectiveness. Recognizing these pitfalls early can save time and resources.

• Treating validation as a one-time project rather than ongoing hygiene. Maintain scheduled runs and CI integration.
• Over-automating without clear thresholds. Define confidence thresholds and human review paths for borderline outputs.
• Missing ownership and escalation paths. Assign primary and secondary owners for each check and define SLAs.

Avoid these issues by keeping the checklist modular, documenting ownership, and investing in automation that produces actionable outputs. Short feedback loops and clear remediation playbooks prevent slow-moving validation debt from accumulating.

Technical debt, scaling and the role of architecture

AI-driven commerce introduces architectural patterns that affect validation: orchestration layers between models, caching strategies for latency-sensitive calls, and separation of concerns for personalization data. Architectural choices influence the UCP checklist scope and the complexity of tests needed.

To reduce technical debt, prefer simple, auditable integrations over opaque chains of serverless functions. Where complexity is necessary, instrument each layer and define contracts. Architecture that aligns with validation goals simplifies both detection and remediation of failures.

When designing for scale, ensure that validation assets run at reasonable cost. Use sampling strategies for model checks and rate-limit heavy integration tests to avoid excessive expense while retaining detection capability.

How Presta’s delivery model maps to validation needs

Presta brings cross-functional teams—product design, engineering and growth strategy—that mirror the roles required to operationalize the UCP checklist. The company’s decade-plus experience delivering digital products helps map validation items to pragmatic solutions: from implementing Postman collections and CI jobs to advising on remediation prioritization and governance.

Product teams paired with Presta’s engineers can translate checklist failures into prioritized backlogs with owner assignments and SLAs, while growth strategists quantify potential revenue impact. The combined capability reduces time-to-fix and helps align technical remediation with business goals.

For teams wanting a hands-on translation of checklist items into working assets and observable improvements, explore our solutions to get assistance with kit-up, automation and governance.

Final validation considerations and continuous improvement

Validation is not a static task, especially for AI-driven stores. Models change, user behavior evolves, and integrations expand. The UCP checklist is intentionally iterative: run, remediate, refine. Continuous improvement requires scheduled audits, updated thresholds and evolving automation.

Operational teams should schedule periodic reviews of their UCP checklist and automation assets. Each review should consider new risk vectors, updated compliance requirements, and lessons from incidents. These updates should be versioned and distributed to all owners to maintain clarity.

Tracking KPI improvements attributable to checklist adoption completes the value loop. When validation reduces incidents, increases conversion, or shortens time-to-market, those results justify continued investment and support broader organizational adoption.

Closing summary and next step with the UCP checklist

The UCP checklist provides a structured, role-oriented path to validate AI-generated eCommerce stores across discovery, fidelity and security domains. Implementation requires a mix of manual audits, automation assets and clear remediation playbooks to deliver measurable business outcomes and resilient customer experiences. Operational teams that embed the checklist into CI, runbooks and governance will reduce risk and accelerate launches while maintaining quality.

For a tailored mapping of the UCP checklist to a specific commerce stack, teams can Request relevant case studies and portfolio examples. Presta stands ready to support validation adoption and to provide implementation templates and operational guidance.