Changes to the Policy on Service and Digital policy instruments – amendments to the Directive on Service and Digital and four new standards

From: Chief Information Officer of the Government of Canada

To: Deputy Heads and Departmental Chief Information Officers

Subject: Changes to the Policy on Service and Digital policy instruments – amendments to the Directive on Service and Digital and four new standards

Message:

Colleagues,

In the context of the Office of the Chief Information Officer’s (OCIO) continuous effort to support digital transformation, I am pleased to announce amendments to the Treasury Board (TB) Directive on Service and Digital, as well as the creation of 4 new standards:

• Standard on Enterprise Information Technology (IT) Service Usage Restrictions
• Standard on Enterprise IT Service Common Configurations
• Standard on At-Risk Information Technology
• Standard on Systems that Manage Information and Data

The revisions to the Policy on Service and Digital are part of our ongoing effort to further integrate, update and simplify digital policies. These changes aim to:

• improve transparency and visibility for enterprise services
• enhance management of IT across the enterprise
• improve cyber security
• better integrate departmental plans and central enterprise direction
• bring forward quick retirement of legacy and at-risk technologies
• better support how the Government of Canada manages, integrates and shares information and data

To support implementation of the new standards, departments will have 2 years from the effective date, to transition existing systems or to put in place a transition plan that would seek to modernize or retire legacy systems. Some of the security-based requirements for which enterprise solutions are available will be implemented on a faster timeline to mitigate cyber vulnerabilities. Further details will be provided shortly under separate cover.

As OCIO continues its effort to review and update the Service and Digital policy suite to drive digital transformation, the forthcoming Digital Ambition for the Government of Canada will drive the prioritization of digital policies and strategies. This action-oriented approach will focus on addressing the challenges of digital modernization and the inherent risks of our aging IT systems, with long-term benefits to all Canadians and users, including GC employees. More information will be shared on this shortly.

I encourage you to share these updates with designated officials and colleagues across your organization. My team will continue working with departments and agencies to support the implementation of the Policy on Service and Digital.

Should you have any questions, please send your email to: ServiceDigital-ServicesNumerique@tbs-sct.gc.ca. For a list of changes to policy instruments, please see the attachment.

Catherine Luelo
Chief Information Officer of Canada
Treasury Board of Canada Secretariat

List of changes to policy instruments:

• Directive on Service and Digital amendments
• Standard on Enterprise IT Service Usage Restrictions new
• Standard on Enterprise IT Service Common Configurations new
• Standard on At-Risk Information Technology new
• Standard on Systems that Manage Information and Data new
• 14 new IT configurations to support the implementation of the new standards:
  • Application hosting considerations and restrictions
  • Endpoint Management Configuration Requirements
  • Email Management Services Configuration Requirements
  • Account Management Configuration Requirements
  • Remote Access Configuration Requirements
  • Portable Data Storage Requirements
  • Printer Configuration Requirements
  • Websites and Services Management Configuration Requirements
  • GC Cloud Guardrails
  • Microsoft 365 Guardrails
  • Domain Name System (DNS) Services Management Configuration Requirements
  • System Management Configuration Requirements
  • Deprecated Government of Canada technologies
  • Patch Management Guidance

In addition to these changes, OCIO is further streamlining policy instruments to provide flexibility and efficiency for policy maintenance, including:

• rescission of both the Mandatory Procedures for Enterprise Architecture Assessment and the Mandatory Procedures on Application Programming Interfaces, following the amendments to the Directive on Service and Digital linking to relevant content on Canada.ca as the Government of Canada Enterprise Architecture Framework and Government of Canada Standards on Application Programming Interfaces (API)
• rescission of the Standard for Electronic Documents and Records Management Solutions
• rescission of the Standard on Email Management
• rescission of the following ITPINs following the integration of their requirements as configurations under the Standard on Enterprise Information Technology Service Common Configurations and the Standard on At-Risk Information Technology:
  • Direction on Migration to Blackberry Messenger Enterprise
  • Disposition of Windows Server 2003 Software
  • Direction on Windows 10 Desktop Operating System Migration and Configuration
  • Disposition of Windows Server 2008 Software
  • Direction for Discontinued Use of Unsupported Microsoft Desktop Operating Systems on Government of Canada Networks
  • Disposition of Government of Canada Windows XP Devices
  • Direction for Discontinued Use of Microsoft Office 2010 Software
  • Direction for Microsoft Internet Explorer Browser Version Utilization
  • Implementing HTTPS for Secure Web Connections
  • Secure use of portable data storage devices within the Government of Canada