DAOD 6002-0, Information Technology


1. Introduction

Date of Issue: 2012-04-18

Date of Last Modification: 2022-09-28

Application: This DAOD is a directive that applies to employees of the Department of National Defence (DND employees) and an order that applies to officers and non-commissioned members of the Canadian Armed Forces (CAF members).

Approval Authority: Assistant Deputy Minister (Information Management)/ Chief Information Officer (ADM(IM)/CIO)

Enquiries: Director Defence Information Management Planning (DDIMP)

2. Definitions

cyber security (cybersécurité)

The body of technologies, processes, practices and response and mitigation measures designed to protect electronic information and information infrastructure from mischief, unauthorized use, or disruption. (Policy on Service and Digital, Treasury Board)

information technology (technologie de l’information)

Involves both technology infrastructure and information technology applications. Technology infrastructure includes any equipment or system that is used in the automatic acquisition, storage, manipulation, management, movement, control, display, switching, interchange, transmission or reception of data or information. Information technology applications include all matters concerned with the design, development, installation and implementation of information systems and applications to meet business requirements. (Defence Terminology Bank record number 3161)

information technology system (système de technologie de l'information)

An assembly of computer hardware, software or firmware, either stand-alone or interconnected, that is used to process or transmit data, or to control mechanical or other devices. (Defence Terminology Bank record number 48262)

operational authority (autorité opérationnelle)

Authority assigned to a person to define requirements and operating principles, set standards and accept risk within their area of responsibility.

Note ─ The term “operational authority” may also be used to refer to a DND employee or CAF member who is assigned operational authority. (Defence Terminology Bank record number 43435 to be amended)

operational technology (technologie opérationnelle)

Hardware and software that detects or causes a change through the direct monitoring and/or control of physical devices, processes and events in the enterprise. (Defence Terminology Bank record number 695774)

platform technology (technologie de plate-forme)

Hardware and software on ships, aircraft, vehicles, weapon systems and equipment that monitors and/or controls data, power, command and control, surveillance, fire control, navigation, propulsion, maintenance, training and other fundamental functions of the system. (Defence Terminology Bank record number 695775)

security authority (autorité de sécurité)

Authority assigned to a person to identify risk, to provide advice and security standards for endorsement by the operational authority and technical authority, and monitor compliance within their area of responsibility.

Note ─ The term “security authority” may also be used to refer to a DND employee or CAF member who is assigned security authority. (Defence Terminology Bank record number 43436 to be amended)

senior designated official (cadre supérieur désigné)

A person responsible for assisting the deputy head in fulfilling their function-specific policy requirements. (Policy on the Planning and Management of Investments, Treasury Board)

service (service)

Provision of a specific final output that addresses one or more needs of an intended recipient and contributes to the achievement of an outcome. (Policy on Service and Digital, Treasury Board)

technical authority (autorité technique)

Authority assigned to a person to set specifications and standards, manage configurations, provide advice and monitor compliance within their area of responsibility.

Note ─ The term “technical authority” may also be used to refer to a DND employee or CAF member who is assigned technical authority. (Defence Terminology Bank record number 43437 to be amended)

3. Policy Direction

Context

3.1 DAOD 1000-6, Policy Framework for Information and Information Technology Management, assigns functional authority for information technology (IT) management to ADM(IM)/CIO. In support of the Vice Chief of Defence Staff Project Approval Directive, the ADM(IM)/CIO acts, in accordance with the Treasury Board (TB) Policy on the Planning and Management of Investments and the Directive on the Management of Projects and Programmes, as the senior designated official (SDO) for the planning and management of DND and CAF IT projects and programmes.

Note For additional information on the management of IT projects, see DAOD 6002-10, Management of Information Technology Projects.

3.2 The ADM(IM)/CIO also acts as the Defence Official for Cyber Security (DOCS) for the DND and the CAF in accordance with TB Policy on Service and Digital.

3.3 In accordance with the TB Directive on Service and Digital, ADM(IM) in the role of CIO is responsible for approving the IT component of DND and CAF strategies, plans, initiatives, projects, procurements and spending authority requests.

3.4 IT is a strategic asset that enables DND business continuity and the success of CAF operations.

3.5 The effective management of IT requires that the information system design authority (ISDA), the chief technology security architect (CTSA), and operational, technical and security authorities clearly understand their roles and scope of authority when participating in the decision-making process.

3.6 The boundaries between IT, operational technology (OT) and platform technology (PT) can be difficult to define due to continuous advancements in technologies and many defence capabilities being enabled by technologies that span the boundaries between IT, OT and PT.

3.7 For the purposes of the DAOD 6002 series, IT supports OT and PT to ensure their integration and interoperability with technology infrastructure and applications, and includes any DND and CAF technology other than:

  1. OT that is installed as additional equipment on a platform; and
  2. PT that is built-in to a platform as a component of the platform.

3.8 This DAOD should be read in conjunction with the DND and CAF IM and IT Policy Framework, DAOD 6002 series and other relevant policies, directives, instructions, standards and guidelines.

Policy Statement

3.9 The DND and the CAF are committed to:

  1. setting direction, establishing clear authorities and using a collaborative approach for the integrated planning, management, delivery and support of IT; and
  2. supporting a digitally enabled CAF that is strategically relevant, operationally responsive and tactically decisive.

Requirements

3.10 The DND and the CAF must:

  1. ensure that IT is managed as a strategic asset and in accordance with Government of Canada (GC) strategies and priorities, and the mandate of the DND and the CAF;
  2. use consistent definitions of IT roles, functions and services;
  3. issue direction and communicate clear expectations with respect to IT;
  4. keep pace with technological changes;
  5. ensure interoperability with allies;
  6. address by design the applicable requirements for accessibility, diversity and inclusion, official languages, protection of information and the environment when procuring or developing IT;
  7. provide clear, concise and timely direction for the integrated planning, management, delivery and support of IT;
  8. establish direction that builds on and is in alignment with GC direction on IT; and
  9. ensure that DND business and CAF operations are digitally enabled.

4. Consequences

General

4.1 Should clarification of the policy statement, requirements or authorities set out in this DAOD be required, DND employees and CAF members may seek direction through their channel of communication or chain of command, as appropriate. The anticipated results set out in the policy statement may not be achieved by the DND and the CAF if the requirements specified in this DAOD are not properly implemented. Not achieving the anticipated results could affect the ability of the DND and the CAF to ensure that the CAF is prepared to undertake missions for the protection of Canada and Canadians and the maintenance of international peace and stability.

5. Authorities

Authority Table

5.1 The following table identifies the authorities associated with this DAOD:

The ... has the authority to ...
ADM(IM)/CIO
  • issue policies, directives, instructions, standards and guidelines to ensure the effective, efficient and strategic planning, management, delivery and support of IT in the DND and the CAF;
  • act as the SDO for the planning and management of IT projects and programmes;
  • act as the DOCS for the DND and the CAF;
  • set direction to ensure that DND and CAF IT planning, management, delivery and support is client-centric by design;
  • approve the IT portion of the annual forward-looking three-year DND and CAF plan for the integrated management of service, information, data, IT and cyber security;
  • oversee compliance of IT direction with:
    • DND business and CAF operational requirements; and
    • privacy and protection of personal information requirements;
  • approve the IT component of DND and CAF strategies, plans, initiatives and projects;
  • oversee IT procurements, expenditure requests and reports;
  • oversee the planning, development and management of IT capabilities to ensure:
    • their integration in DND and CAF IT systems; and
    • their interoperability with the GC, DND, CAF and allies; and
  • establish the roles and responsibilities for each area of IT in accordance with the DND and CF IM and IT Policy Framework.
level one advisors and commanders of commands or formations
  • oversee compliance of their organizations with this DAOD and applicable IT policies, directives, instructions, standards and guidelines; and
  • issue amplifying IT policies, directives, instructions, standards and guidelines, other than DAOD, to meet their business and operational requirements.
Associate ADM(IM)
  • act as the ISDA for the DND and the CAF.
Director Information Management Engineering and Integration
  • act as the CTSA.
operational authority
  • for in-service IT systems:
    • define the business requirements, operating principles and concept of operations;
    • set the operational requirements and capabilities; and
    • accept security risk specific to an IT system that is within their area of responsibility.
technical authority
  • advise the operational authority and security authority on all technical matters for IT system capabilities;
  • set technical specifications for the configuration of IT systems;
  • set standard operating procedures for IT systems; and
  • oversee compliance of IT systems to their approved configuration and concept of operations.
security authority
  • advise the operational authority and technical authority on all IT security matters for IT system capabilities.

6. References

Acts, Regulations, Central Agency Policies and Policy DAOD

Other References

Page details

Date modified: