ELITE Software Upgrade
Overview And Privacy Impact Assessment Initiative
Name and Description of the Program or Activity of the Government Institution
Elite software upgrade
CSIS Act, R.S.C., 1985, c. C-23
Employee Equity Act, S.C., 1995, c. 44
Financial Administration Act, R.S.C., 1985, c. F-11
Privacy Act, R.S.C., 1985, c. P-21
Personal Information Bank(s) (PIB)
The following existing PIBs apply to the upgrade of the Elite software and the personal information collected as a result:
- EX Talent Management (PSU 934)
- Employee Management Performance Program (PSE 912)
- Training and Development (PSE 905)
Short Description of the Project, Initiative or Change
In 2012, the Canadian Security Intelligence Service (CSIS) acquired a software that served as the Service’s platform for employee learning and development. In the past 6 years, the software has become outdated while the Service’s business processes have expanded. In order to modernize the existing software and meet business needs, CSIS will obtain the most recent version of this software. By doing so, CSIS will not only continue managing employee learning and development but will also deliver an enhanced performance management system.
The performance module of the latest software contains new features that will enable the organization to centralize, streamline and automate the performance review cycle. The software
has the capability to increase employee engagement through more relevant, timely and continual performance feedback. It comes with goal-setting capabilities that clearly align employee goals to the larger corporate objectives and creates employee development plans in which ongoing progress can be documented. An enhanced performance management system will ensure that the Service is gathering consistent and accurate data with respect to achieving employee objectives and strategic goals and will also bring value to decision-making processes.
Risk Area Identification And Categorization
Overall Risk Assessment
The Service has demonstrated due diligence in assessing privacy risks and has ensured that mitigation strategies are well established and enforced by:
- Ensuring that robust auditing capabilities and loggin functions are embedded in the software which identifies employee usage;
- Limiting access to those with a need-to-know;
- Enforcing internal policies regarding the need-to-know principle;
- Enforcing the retention and disposition policy; and
- Limiting the viewing availability to 10 years.
CSIS is committed to safeguarding personal information collected and continuously reviews its policies and procedures to ensure compliance with Federal Legislation.
Report a problem or mistake on this page
- Date modified: