Opening remarks: Standing Committee on Public Accounts—March 30, 2023
Document navigation for "Standing Committee on Public Accounts: March 30, 2023"
By: Paul Thompson, Deputy Minister
Public Services and Procurement Canada
Standing Committee on Public Accounts
Cybersecurity of personal information in the cloud
March 30, 2023
(Word count: 647)
Thank you, Mr. Chair.
I am pleased to be here to meet with you and the members of the committee to discuss how Public Services and Procurement Canada (PSPC) is responding to the audit of cybersecurity of personal information in the cloud.
With me today is Catherine Poulin, Assistant Deputy Minister of our Departmental Oversight Branch.
Mr. Chair, as the Government of Canada’s purchaser of goods and services, my department is committed to ensuring that our procurement processes meet the needs of our client departments and agencies.
We appreciate the importance of cybersecurity in all facets of the Government of Canada’s work, and the government continues to invest in enhancing cybersecurity capabilities. Budget 2023 proposes 25 million dollars for PSPC to work with National Defence and others to establish a cybersecurity certification program for defence procurements, in order to further protect Canada's defence supply chain.
Looking beyond Canada’s defence supply chain, we know that using cloud computing for software applications and databases has the potential to not only improve how we and other federal organizations provide services to Canadians, but also to reduce the cost and maintenance of physical servers and applications.
As the government pursues its digital strategy of using cloud computing, it is clear that the departments involved will need to work closely together to manage security risks in the cloud.
With cybersecurity threats and attacks continuing to increase in frequency and severity, my department welcomed the audit of the protection of personal information in cloud computing.
PSPC plays a supporting role in 2 key areas.
First, as central purchaser for the Government of Canada, PSPC procures cloud services on behalf of departments and agencies, and has established a supply arrangement with pre-qualified cloud service providers to help streamline the process. PSPC is also responsible for assessing the physical security controls of cloud service providers and their personnel.
In cases where departments procure cloud services directly through our supply arrangement, or through other procurements, we are committed to providing advice and guidance to those departments to help ensure cloud guardrails are implemented to prevent cybersecurity breaches.
Mr. Chair, while the security of information is an important Government of Canada priority, we at PSPC are also strongly committed to doing our part on another priority, which is promoting environmental responsibility and sustainable development.
The Auditor General’s report rightly pointed out that our contracting processes did not require potential cloud service providers to demonstrate their environmental performance or ask them to explain how their services would reduce Canada’s greenhouse gas emissions. In addition, even when providers offered that information, there has been no mechanism in place to confirm if it was accurate.
The report recommended that PSPC, in conjunction with Shared Services Canada, include environmental criteria when procuring cloud services. Doing so will contribute to supporting sustainability in procurement practices and help Canada achieve its net-zero carbon emissions goals.
Mr. Chair, our 2 departments agree with that recommendation, and we have committed to taking action by working with our colleagues from Shared Services Canada to address the recommendation.
This includes:
- requiring suppliers to provide information on their commitments to achieve net-zero emissions
- developing clauses in cloud computing service contracts to include greenhouse gas reduction targets
- revising the standard contract terms for the procurement of cloud services and establishing environmental criteria to include in our requests for proposals
We are also working on incorporating environmental criteria into our existing cloud procurement vehicles.
To conclude, Mr. Chair, I would like to express my thanks to the Auditor General for her report. I believe her recommendations will help guide improvements in our practices around cloud computing services.
Through continued collaboration with our partners, Public Services and Procurement Canada will be better positioned to meet our climate change obligations and ensure the security of information of Canadians in the cloud.
Thank you. I look forward to your questions.
Document navigation for "Standing Committee on Public Accounts: March 30, 2023"
Page details
- Date modified: