ARCHIVED - Management Response and Action Plan (MRAP) - Audit of Information Management
October 2010
|
Recommendations
|
Planned Management Actions
|
Deliverables
|
Expected Completion Date
|
Accountability
|
|---|---|---|---|---|
| 1a) It is recommended that the Chief Information Officer, Corporate Services Branch, update information management (IM) policies, guidelines and directives to reflect current roles and responsibilities for managing information in the Department. | IM Awareness, Learning, Engagement Strengthen IM awareness, IM learning, and management and employee engagement to respond to the Treasury Board of Canada Secretariat (TBS) Policy on Information Management, the Library and Archives Canada (LAC) Roles and Responsibilities document, the new Record Keeping Directive (July 2009) and more recently the recommendations in this audit. Activities undertaken/planned include:
|
IM Awareness program made available, revised to include updated IM policies, guidelines and directives. |
September 2011 |
Chief Information Officer (CIO), Corporate Services Branch (CSB), Information Management Services Directorate (IMSD) in collaboration with Branch ADMs and other Executives |
| Branch ADMs to conduct Branch Executive Committee IM Awareness sessions. | Branch Executive Committee IM Awareness sessions delivered | September 2011 | Branch ADMs and other Executives | |
| 1b) It is recommended that all Branches apply information management principles, standards, and practices as expected in Treasury Board and departmental frameworks, policies, directives, and guidelines in the performance of duties, and for documenting activities and decisions. | Health Canada IM STRATEGY Develop a Departmental IM Strategy to support the redefinition of IM as a key internal service through three pillars: awareness / communications, learning / training and engagement/commitment. |
Departmental IM Strategy developed and approved. |
September 2011 |
CIO,CSB, (Lead) in collaboration with Branch ADMs and other Executives |
| Branches will work with CSB to develop and implement Branch specific IM action plans utilizing common elements from the HC IM Strategy and adding specific IM branch requirements. | Branch IM Action Plans developed and implemented. | September 2012 | Branch ADMs and other Executives | |
| 1c) It is recommended that the Chief Information Officer, Corporate Services Branch, conduct annual assessments on the effectiveness of Branch information management practices and report annually to the Senior Management Board- Policy (SMB-Policy). | Over time, CSB is evolving towards an integrated enterprise approach to managing departmental information holdings, allowing it to conduct annual assessments of the effectiveness of IM practices in all Branches | Annual assessment report of the effectiveness of Branch IM practices. | October 2011 | CIO,CSB (lead) in collaboration with Branch ADMs and Other Executives |
| 2a) It is recommended that the Chief Information Officer, Corporate Services Branch, in collaboration with all Branches, develop a three year plan to fund and implement an Enterprise Content Management Solution (ECMS) across the Department. | Health Canada ECMS Business Case Prepare a Business Cost Case which will include a three-five year funding and implementation strategy for the implementation of an Enterprise Content Management Solution (ECMS) and Change Management Framework. |
Business Cost Case presented to Executive Management Committee for approval. |
September 2011 |
CIO,CSB (lead) in collaboration with Branch ADMs and Other Executives |
| 2b) It is recommended that all Branches use the Department's Enterprise Content Management Solution (ECMS) once it becomes available. | Contingent on Executive Committee approval of the multi-year business case and approved funding:
|
ECMS multi-year Implementation plan fully implemented. | March 2013 | CIO,CSB (lead) in collaboration with Branch ADMs and Other Executives |
| 3a) It is recommended that the Chief Information Officer, Corporate Services Branch, monitor compliance to the current departmental classification standard for managing information. | Monitor compliance to the departmental classification standard, by examining on an ongoing basis the use of the departmental classification structure within the various IM systems and file directories used across Health Canada. | To be Included in the branch assessment reports (see 1c). | (see 1c - above) | (see 1c - above) |
| 3b) It is recommended that all Branches, implement the Department's current classification standard for managing information as identified in the Directive on the Management and Storage of Information on Health Canada's Network Servers. | Branches will ensure that branch employees are aware of and utilize the department's current classification standard (AXS V2) to classify/organize information in all media and document management solutions unless Business dictates otherwise. | Branches utilize the Department's current classification standard to classify/organize information in all media. | September 2011 | Branches ADMs and other Executives |
| 4a) It is recommended that the Chief Information Officer, Corporate Services Branch, coordinate the development and approval of the Records Disposition Authorities with all Branches. | Coordinate the development and approval of the Records Disposition Authorities (RDA) for all Branches by:
|
RDA for Branches developed and approved and implemented for all Branches. | December 2014 | CIO,CSB, in collaboration with Branch ADMs and Other Executives |
| 4b) It is recommended that all Branches, implement the Records Disposition Authorities in accordance with Health Canada's Disposition Directive. |
|
Branch approved Records Disposition Authorities (RDA) implemented including information regularly gathered to report to CSB (for progress tracking and MAF). |
December 2014 |
Branches ADMs and other Executives |
| 5a) It is recommended that the Assistant Deputy Minister, Corporate Services Branch, continue to support all Branches by developing a Health Canada Privacy Management Framework (PMF) that outlines responsibilities, accountabilities and processes for handling and monitoring personal information in their respective Branches. | Privacy Awareness ATIP to develop a Privacy Strategy that will focus on increasing Health Canada's capacity to promote and protect personal information based on four themes:
|
Senior manager assigned as a dedicated resource for development of a privacy management strategy. The Privacy Strategy developed for Executive Management approval, incorporating: Corporate risk identified and mitigation strategies in place Accountabilities in place and understood |
October 2010 February 2011 |
ADM, CSB, ATIP ADM, CSB, ATIP |
| The aforementioned themes will be used to strengthen Health Canada's cultural change management and overall capacity to manage and monitor personal information, with a focus on the branches with the highest amount of personal information holdings (FNIHB, RAPB, HECSB, PACCB & CSB). | 100% of all employees involved in managing personal information to have access to privacy training. Privacy awareness communications for all HC staff, encouraging better understanding of their responsibilities regarding safeguarding of personal information. Privacy tools in place - such as a Privacy Impact Assessment (PIA), Privacy Breach processes and monitoring. |
June/July 2011 November 2010 February 2011 |
ADM, CSB, ATIP ADM, CSB, ATIP ADM, CSB, ATIP |
|
| The ATIP will implement a broad awareness campaign while targeting training for specific areas where information is highly sensitive. | Privacy Blitz Information Week, Privacy Day and privacy training. | November 2010 | ADM, CSB, ATIP | |
| New Privacy policies and directives are communicated, on a timely basis, to the members of the IM and Privacy Forums within the Department. | Messages and privacy training that focus on strengthening accountability and safeguarding personal information. Web-based Privacy training tools. |
November 2010 March 2011 |
ADM, CSB, ATIP ADM, CSB, ATIP |
|
5b) It is recommended that all Branches, employ appropriate measures as defined in the Directive on Privacy Practices by ensuring that:
|
Branches will review work positions that require access to personal information for valid authority in order to limit access and use of personal information. | Access to personal information limited to identified positions | September 2011 | Branch ADMs and other Executives |
| Development of Disclosure Parameter documents with select Programs, allowing for more efficient and regular monitoring/reporting of disclosures. | Parameter documents established with 3 programs | September 2011 | ADM, CSB, ATIP | |
| Development of Privacy Breach guidelines. | Approved Privacy Breach Guidelines | February 2011 | ADM,CSB,ATIP and Branch ADMs and other Executives | |
| Build a data base and catalogue personal information that is being stored in Health Canada. Monitoring and reporting on compliance on a quarterly basis. |
Integrated development of IM tools to track and eventually monitor compliance when it comes to both the number of individuals receiving training, the information being held and, present KPIs. Benchmark report on compliance. |
April 2011 April 2011 |
ADM,CSB,ATIP ADM, CSB, ATIP |
|
| 6a) It is recommended that all Branches identify and report the collections of personal information to the Corporate Services Branch, as required under the Treasury Board's Directive on Privacy Practices. In addition, Branches shall identify a senior official from their respective Branches to coordinate this activity with the Corporate Services Branch. Lastly, the Assistant Deputy Minister, Corporate Services Branch, should ensure that all personal information is registered in accordance with the Privacy Act. |
As part of the Privacy Strategy:
|
Online personal information inventory (used to integrate annual reporting requirements and Info Source obligations into single process) Branch Privacy Champions (DG level) identified in all Branches to lead development of a privacy culture in their branches. |
October 2010 (first iteration) January 2011 |
ADM,CSB,ATIP Branch ADMs and other Executives |
| CSB will work with Branches to ensure that all personal information provided is registered with TBS by confirming with Branches both their inputted information and its status with respect to the Info Source process. | Personal information provided is registered with TBS for Info Source purposes within TBS deadlines. | July 2011 | ADM,CSB,ATIP |
Page details
- Date modified: