What kind of security do we need for this conversion?  In fact, where are the security people? 

Including security personnel upfront in any conversion project can sure save some time and heartache later.  It is important to include security for the following:

1. Source system access – You must be able to profile the source the data, check for quality issues, and attach any ETL or conversion programs to the source system.
2. New platform (target) security for the data – Databases need the right security groups to be set up.  Also, consider the directory security on the server itself.
3. User interface security – Who are the people that will require access to this application? In the project plan there is probably a task that refers to end user setup and security.  Consider adding to that deliverable a list of business users who will use this application.  Revisit this list as implementation gets closer and closer.

One other point to consider is training.  It needs to be understood where and how people get trained on the new application.  Are you going to set up FAKE training user identifiers?  What server will be used?  Production? Test? A training server?  All of these would require the software installed, data interfaced, and users set up.

One point I would make here, is to consider the whole solution, not just part of it for security and training.  Address security in the training document, the infrastructure documents, and any user interface documents.