Standing Committee on Government Operations and Estimates: 2025–26 Supplementary Estimates (C)
Opening statement
Scott Jones
President
Shared Services Canada
Ottawa, Ontario
March 12, 2026
Introduction
Thank you very much, Mr. Chair.
I would like to begin by acknowledging that we are gathered on the traditional, unceded territory of the Algonquin Anishinaabeg People.
Thank you for the opportunity to appear before you today to discuss Shared Services Canada’s requests in Supplementary Estimates (C).
I am joined today by SSC’s Chief Financial Officer, Scott Davis.
SSC’s role
Shared Services Canada is responsible for modernizing and operating the Government of Canada’s core IT infrastructure and is the department principally responsible for delivering the Government’s agenda for digital transformation, efficiency and the deployment of AI tools and automation throughout the GC.
We deliver enterprise digital services that support departments in carrying out their mandates, while reducing duplication, strengthening cyber security and driving efficiency across government.
Modern, secure digital infrastructure is foundational to service delivery, national security and public trust.
SSC delivers this foundation through shared, government-wide connectivity, hosting, digital and cyber security services that are managed at enterprise scale.
Budget 2025
Budget 2025 reinforced three clear priorities for the public sector: fiscal discipline, digital modernization and better services for Canadians.
Shared Services Canada plays a direct role in advancing all three.
Our ongoing work to modernize GC systems improves performance and reliability, while we continue to reduce costs by providing a government-wide enterprise approach to digital services. Examples of this include SSC’s Enterprise Platform Service as a single, secure and cost-effective solution for enterprise applications, rather than departments creating and managing their own costly and siloed hosting environments.
The department is also launching its Enterprise Desktop Service (EDS) initiative, which will unify and modernize desktop delivery across the GC, by providing a consistent, secure and accessible digital toolkit for public servants, and move away from the current fragmented model where each department manages its own engineering, assets and support.
We also support the government’s commitment to digital sovereignty by protecting government data, securing critical infrastructure and maintaining control over key digital assets.
These priorities are reflected in SSC’s ongoing procurement to establish sovereign Canadian cloud capabilities for the GC, which prioritize Canadian-owned and controlled cloud service providers, in light of increasing geopolitical risks.
We contribute to the government’s Buy Canadian objectives by fostering Canadian innovation and strengthening domestic digital capacity.
2025–26 Supplementary Estimates (C)
The funding before the Committee supports two core outcomes: strengthening cyber security across government and meeting increased demand for secure digital services—particularly in support of national defence priorities.
For the 2025–26 Supplementary Estimates (C), Shared Services Canada is seeking a net increase of $11.4 million, bringing its funding from $2,687 million to $2,699 million.
This includes:
- $13.3 million in new funding to support an enterprise Security Information and Event Management solution, as well as $200,000 in associated Employee Benefit Plan adjustments
- $2.1 million in net decreases related to transfers with other organizations
In addition, Shared Services Canada is seeking an increase of $25 million in vote‑netted revenue authority. This reflects increased service volumes to support the Department of National Defence’s operational and modernization requirements.
The associated revenue will fully offset costs, resulting in no net impact on funding.
What this funding enables
SSC works closely with the Treasury Board of Canada Secretariat (TBS) and the Communications Security Establishment to protect government networks and infrastructure.
Each year, we block approximately 6.5 trillion cyber threats—an average of 18 billion a day—to ensure government systems remain operational and secure.
The Security Information and Event Management solution will significantly strengthen our defences by automating and accelerating security monitoring across government.
This will improve our ability to predict, detect and respond to cyber threats, helping to ensure that critical government services—whether related to benefits delivery, defence operations, or secure communications—remain available, trusted and resilient for Canadians.
Conclusion
Shared Services Canada remains focused on delivering secure, reliable digital foundations that enable government to serve Canadians effectively.
The funding requested in these Estimates will allow us to strengthen cyber defences, support growing service demand and continue advancing the government’s digital transformation agenda—while maintaining strong financial stewardship and accountability to Parliament.
Thank you, Mr. Chair. I look forward to answering your questions.
Shared Services Canada 2025-26 Supplementary Estimates (C) overview
Shared Services Canada (SSC) is seeking a net increase of $11.4 million through the Supplementary Estimates (C), increasing its available funding from $2,687.2 million to $2,698.6 million.
| New funding | Amount (in millions) |
|---|---|
| Security Information and Event Management (SIEM) solution | $13.3 |
| Transfers | |
| From other organizations | |
| From Public Services and Procurement Canada (PSPC) for reimbursement related to reduced accommodation requirements as a result of data centre consolidations | $0.9 |
| From Agriculture and Agri-Food Canada (AAFC) for additional Microsoft 365 (M365) E5 licences | $0.04 |
| To other organizations | |
| To Public Services and Procurement Canada (PSPC) for the Presidency of the 2025 G7 Summit in Canada (Budget 2024) | ($3.0) |
| Total transfers | ($2.1) |
| Other adjustments | |
| Statutory appropriations | |
| Employee Benefit Plan (EBP) | $0.2 |
| Total | $11.4 |
| Increase in VNR Capital Authority due to rising service volumes driven by activities to support the Department of National Defence’s (DND) operational and modernization priorities |
$25.0 ($25.0) |
|---|
New funding: $13.3M increase
(A) Security Information and Event Management (SIEM) solution
$13,255,834
Purpose of funding
The funding of $13.3M will support the procurement of a new enterprise SIEM solution, which will automate cyber threat detection and response across Government of Canada networks, as announced in the Fall Economic Statement 2022.
This enterprise tool will:
- improve the collection of security event data
- automate detection and response for basic cyber threats
- provide SSC with an overview of all GC networks and systems it manages
Transfers: ($2.1M) decrease
(B) Transfers between Shared Services Canada and other organizations
Transfer of ($2,054,214)
Purpose of funding
The following transfers between SSC and other organizations for various initiatives total a decrease of $2.1M for fiscal year 2025–26:
- Transfer from PSPC of $904,487 for reimbursement related to reduced accommodation requirements as a result of data centre consolidations
- Transfer from AAFC of $41,299 for additional M365 E5 licences
- Transfer to PSPC of ($3,000,000) for the Presidency of the 2025 G7 Summit in Canada (Budget 2024)
Other Adjustments: $0.2M increase
Statutory appropriations
(C) Employee Benefit Plan (EBP)
$231,694
Purpose of funding
The increase to SSC’s statutory appropriations of $0.2M is related to EBP adjustments due to the increase in salary funding for the Security Information and Event Management (SIEM) solution, an item added in the Supplementary Estimates (C).
NIL Impact
(D) Vote Netted Revenue (VNR)
$25,000,000
Purpose of funding
An increase of VNR authority of $25.0M in the Capital Vote is due to rising service volumes driven by activities to support the Department of National Defence’s (DND) operational and modernization priorities.
Artificial intelligence
Issue
Artificial intelligence (AI) is considered a foundational technology, which stands to propel significant social and economic change. Shared Services Canada (SSC) is exploring how to use new technologies like AI to support government work.
Key facts
- N/A
Key messages
- By adopting AI, the Government of Canada (GC) will transform government operations and support a more efficient and effective public service
- SSC is playing a leading role in digital transformation across the GC, facilitating the adoption and scaling of AI across the public service. SSC is:
- developing a sovereign made-in-Canada AI platform that can be deployed across the government in partnership with leading Canadian AI companies, the Department of National Defence and the Communications Security Establishment
- leading a competitive procurement process for generative AI productivity tools for government employees, which includes five Canadian pre-qualified vendors
- enabling access to sovereign AI compute capacity for public and private research, in collaboration with the National Research Council Canada (NRC)
- applying AI and automation across internal operations to automate common IT support requests, reducing call volumes and costs while improving the user experience
If pressed on SSC’s AI initiatives
- SSC is building foundational tools using in-house AI experts, reducing dependency on contractors, lowering costs and keeping knowledge within government
- SSC has fine-tuned large language models on Canadian content to ensure that AI tools reflect Canadian context, values and priorities
- SSC is scaling CANChat, a generative AI tool it developed in-house. This is a safe and secure AI platform for public servants that ensures that GC data remains in Canada, is hosted on government-accredited infrastructure and is not accessible by foreign service providers. The department is working to begin deployment across the GC this spring
- SSC is leading a competitive procurement process for generative AI productivity tools for government employees, which includes five Canadian pre-qualified vendors
- SSC has finalized a government-wide procurement of generative AI tools that integrate with the Microsoft 365 office productivity suite (M365). SSC has established five framework agreements to date, all of which are with Canadian vendors
- SSC is expanding the infrastructure, skills and expertise to support AI adoption, including making commercial AI tools available, creating an AI marketplace for sharing resources and helping to establish a secure and sovereign supercomputing facility for advancing AI research
- SSC operates the AI Centre of Excellence, which supports departments and agencies in applying AI, shares best practices, contributes to policy development and fosters collaboration through peer reviews and working groups
- The GC is committed to ensuring the responsible use of AI, governed by clear values, ethics and rules
If pressed on jobs
- AI is meant to support the work of public servants, not replace them. It can assist with routine and repetitive tasks so employees can focus on work that needs creativity, problem-solving and human judgment. This can increase agility, efficiency and retention by automating routine and time-consuming tasks
If pressed on memoranda of understanding for AI
- The GC recently signed a memorandum of understanding with Cohere Inc. to explore opportunities for deploying AI in internal government operations and to strengthen digital sovereignty through a made-in-Canada digital and AI ecosystem. SSC’s efforts to define requirements for sovereign cloud hosting services furthers this work
Background
To guide the responsible use of AI, the Treasury Board of Canada Secretariat released key resources, including the Directive on Automated Decision-Making, the Guide on the use of generative artificial intelligence and the Algorithmic Impact Assessment tool.
Digital Sovereignty
Issue
Digital sovereignty refers to the Government of Canada’s (GC) ability to exercise autonomy over its digital assets and services, ensuring it can manage and protect its digital systems, data and information regardless of where technologies are developed, hosted, or supported. This protects national security, supports economic competitiveness and enables the GC to operate independently while reducing the risks of foreign interference in the digital age.
It includes:
- Data sovereignty: Ensuring data complies with national laws and remains under the jurisdiction and control of the country
- Operational sovereignty: Retaining control over how digital services are deployed and preventing reliance on, or interference from, foreign entities
- Technological sovereignty: Maintaining the ability to make independent decisions about technology without being overly dependent on monopolistic or foreign‑controlled vendors
Key facts
- Under the Directive on Service and Digital, departments and agencies are expected to prioritize computing facilities in Canada—or on GC premises abroad—for storing or handling sensitive electronic information, such as Protected B, C or classified data. This helps keep important data secure and under Canadian control.
- Under the Policy on Privacy Protection, departments and agencies must protect personal information properly, reduce privacy risks and remain open and accountable, even when it is processed or stored by third-party companies.
- The TBS paper Digital Sovereignty: A Framework to improve digital readiness of the Government of Canada examines the challenges related to jurisdictional complexity, reliance on global suppliers, evolving cyber security risks, and internal capacity. It underscores the need for interoperability across the GC and with trusted international partners. The framework discusses legal issues, supply chain, and technical controls that reinforce Canada’s authority over government systems.
- Shared Services Canada (SSC) applies the Buy Canadian Policy in procurements to strengthen Canada’s economic resilience and industrial capacity. The policy supports domestic businesses and workers by prioritizing Canadian suppliers, materials and content wherever feasible.
- Data protection obligations are embedded in contracts with service providers through standardized security clauses, access restrictions and incident reporting requirements.
Key messages
- Digital sovereignty is a critical priority for the GC to protect essential data, reduce risks of foreign interference and strengthen domestic IT capabilities and SSC has been actively working to strengthen IT diversification by reducing vendor concentration and influence in strategic areas, while promoting Canadian-made solutions.
- SSC will also develop a sovereign made-in-Canada AI platform that can be deployed across the government, in partnership with leading Canadian AI companies, and enable greater access to sovereign AI compute.
- SSC is investing in Canadian technology capabilities and strengthening policies to protect critical infrastructure.
- SSC has launched a procurement process to establish Sovereign Canadian Cloud capabilities for the GC through a process that prioritizes Canadian-owned and controlled cloud service providers. These efforts will secure Canadian capacity as part of the GC cloud ecosystem.
If pressed on protections
- The GC applies a range of technical safeguards to protect data, maintain service reliability and ensure continued operation of its systems. These include secure system design; encryption to protect information in storage and in transit; access and identity management; and continuous monitoring to detect and respond to incidents.
If pressed on how SSC strengthens digital sovereignty
- SSC works with Canadian telecommunications companies to provide the GC with a fast, reliable network that operates on Canadian-owned assets and routes traffic within Canada. This helps keep sensitive government data secure and under Canadian control.
- SSC uses state-of-the-art enterprise infrastructure and multiple layers of defence, including cutting-edge sensors designed to identify and eradicate cyber threats.
- SSC delivers hybrid hosting models to meet the GC’s needs for security, scalability and sovereignty. Hosting models range from fully GC-owned data centres (maximum sovereignty) to public cloud services (lower control, higher scalability).
- SSC’s enterprise data centres (EDCs) are located within Canada and operate on Canadian-owned assets. This helps keep important data secure and under Canadian control.
Background
Due to the global dominance of U.S.-based technology vendors and the comparatively small size of Canada’s IT sector, targeted interventions are essential to scale Canadian capabilities. Cloud computing, in particular, is dominated by Amazon Web Services, Google Cloud and Microsoft Azure, posing challenges to operational and technological sovereignty.
Advanced cyber threat actors are increasingly using supply chains to bypass traditional security defences by introducing vulnerabilities. Since 2012, SSC has mitigated this risk through Supply Chain Integrity (SCI) procurement reviews for equipment, software and services. These assessments help departments and agencies to identify and potentially mitigate security vulnerabilities before they impact operations.
The GC has made strategic investments in Canadian IT firms, including a March 2025 announcement by Innovation, Science and Economic Development Canada (ISED) of up to $240 million in funding for Toronto-based Cohere Inc. This investment marks Cohere as the first recipient of the AI Compute Challenge, part of the $2 billion Canadian Sovereign AI Compute Strategy. In August 2025, the GC signed a memorandum of understanding with Cohere to explore opportunities for deploying AI technologies across the GC to enhance operations within the public service and to build out Canada’s commercial capabilities in using and exporting AI.
Government Transformation
Issue
As the Government of Canada’s (GC) common information technology (IT) services provider, Shared Services Canada (SSC) plays a central role in driving government transformation and creating government-wide efficiencies—in close collaboration with the Treasury Board of Canada Secretariat’s (TBS) Office of the Chief Information Officer (OCIO) and Public Services and Procurement Canada (PSPC).
Key facts
- N/A
Key messages
- The GC is committed to transformation, and increasing government productivity while reducing the cost of operations. A more effective and efficient government will result in improved program and service delivery to Canadians and businesses.
- SSC is playing a key role in digital transformation across the GC, by facilitating the adoption and scaling of artificial intelligence (AI) across the public service. SSC will also achieve $318.5 million in ongoing savings through efficiencies in its internal operations.
- Aligned to the GC priority to modernize the way government procures goods and services, SSC is reviewing all aspects of its IT procurement by undertaking benchmarking, prioritizing Canadian vendors and sovereign infrastructure and services, and ensuring best value for Canada.
- SSC is enabling AI across government by:
- developing a sovereign made-in-Canada AI platform that can be deployed across the government in partnership with leading Canadian AI companies, the Communications Security Establishment and the Department of National Defence
- leading a competitive procurement process for generative AI productivity tools for government employees, which includes 3 Canadian pre-qualified vendors
- enabling access to sovereign AI compute capacity for public and private research, in collaboration with the National Research Council Canada (NRC)
- applying AI and automation across internal operations to automate common IT support requests and reduce call volumes and costs, while improving the user experience
- SSC is transforming the government’s hosting infrastructure from a sprawling landscape of siloed and outdated systems to modern hosting solutions. This new model combines cloud services and traditional on-premise data centres to optimize performance, reduce costs and provide flexibility.
- SSC will advance a common government-wide desktop solution to transition departments to a standardized, cloud-managed desktop service. This will reduce complexity, standardize IT security, increase portability and result in significant cost savings for Canadians.
- SSC also supports the government’s broader digital transformation agenda through partner-led projects and initiatives, including enabling access to sovereign AI compute capacity in collaboration with NRC; ongoing work to improve human resources and pay for federal public servants; and enabling the Department of National Defence to modernize their systems to support the Canadian Armed Forces at home and abroad.
If pressed on cost savings
- Under the Comprehensive Expenditure Review (CER), SSC will meet up to 15% in savings targets over 3 years, achieving ongoing savings of $318.5 million.
- Specifically, SSC will:
- standardize platforms, including realigning enterprise software offerings to match current needs
- eliminate low-use or redundant licences
- eliminate non-essential telephone fixed lines in all GC buildings, which will reduce expenses, and deploy cost-effective softphones to all workers
- review, consolidate and renegotiate contracts to eliminate duplication, secure better pricing and align spending with enterprise needs
- leverage emerging technologies to automate repetitive tasks, use AI-driven tools to optimize operations and service delivery, automate common IT support requests to reduce call volumes and costs while improving user experience
- build its in-house capacity and expertise to reduce spending on external consultants and contractors for ongoing operations
- simplify the GC cloud footprint by consolidating over 287 departmental partner cloud environments into GC Cloud One, SSC’s enterprise cloud
- reduce and rationalize the remaining 190 legacy data centres across Canada into 4 enterprise data centres, 1 High Performance Computing Centre, 5 consolidation data centres, and approximately 50 edge computing sites
Background
SSC is responsible for modernizing, securing and managing the IT infrastructure that supports departments and agencies. This ensures reliable and effective service delivery to Canadians, both domestically and abroad. TBS’s OCIO sets government-wide direction for data, IT, cyber security and service management, while individual departments and agencies remain responsible for their own applications and data.
Cyber Security
Issue
The Government of Canada (GC), like all organizations worldwide, faces ongoing cyber threats from bad actors, on a national and international level, that require constant attention and strong security measures. Cyber threats are becoming more complex and sophisticated. These include criminal activities such as ransomware attacks and attacks by state-sponsored adversaries.
Key facts
- Shared Services Canada (SSC) blocks approximately 6.5 trillion cyber threats annually, ensuring the uninterrupted operation of government online services.
- Investments in strong cyber security systems reduce the costs associated with service disruptions and recovery.
Key messages
- Together, SSC and the Communications Security Establishment’s (CSE) Canadian Centre for Cyber Security (the Cyber Centre) provide sophisticated cyber security tools, including proprietary sensors that provide additional defence beyond industry capabilities and have no commercial equivalent.
- SSC provides state-of-the-art enterprise infrastructure and employs modern commercial cyber security solutions to defend GC systems against a wide range of cyber threats.
- SSC employs multiple layers of cyber security defences, including firewalls, network defences, anti-denial of service measures, anti-virus and anti-malware tools, encryption, virtual private networking (VPN) and robust identification and authentication services.
- SSC is actively reducing security vulnerabilities by consolidating, standardizing and modernizing IT systems across the GC.
- To strengthen data protection, SSC is implementing zero-trust principles—minimizing reliance on implicit trust within networks and deploying modern, industry-leading security solutions.
- In consultation with the Treasury Board of Canada Secretariat (TBS) and CSE, SSC integrates security and privacy by design when developing new services.
If pressed on supply chain integrity
- Together with the Cyber Centre, SSC has completed over 83,000 Supply Chain Integrity reviews since 2012 to help ensure that components used in systems do not compromise safety or security.
If pressed on quantum computing
- A quantum computer capable of compromising many cryptographic standards could be available in the next 5 to 8 years.
- Departments and agencies will be required to develop customized migration plans to transition their systems to post-quantum cryptography. SSC is developing a comprehensive strategy to ensure its enterprise solutions align with the cryptographic recommendations from the Cyber Centre.
If pressed on small departments and agencies
- SSC is working with 43 small departments and agencies (SDAs) to deliver a targeted set of secure IT services. By the end of 2024-25, 23 SDAs had fully transitioned to government-managed Internet and remote access services, while 15 had adopted the shared government email system.
If pressed on provincial and territorial cooperation
- In September, all 14 federal, provincial and territorial jurisdictions signed a historic cyber security agreement to share real-time intelligence, tools and services to counter cyber threats.
- The agreement strengthens SSC’s cyber security posture through secure intergovernmental collaboration on threat intelligence and incident response.
Background
- Cyber security is a shared responsibility across the GC:
- TBS sets government-wide cyber security policies and leads the response to major cyber incidents.
- SSC builds and manages secure IT systems, monitors key applications and ensures new services are designed with security and privacy in mind.
- CSE is the lead agency for cyber security. It provides defensive capabilities that are not currently available commercially, adding an additional layer of defence unique to the GC.
- All departments and agencies must protect their own systems and applications.
- Public Safety Canada leads the National Cyber Security Strategy, working with partners outside government to protect Canadians and businesses.
- The Royal Canadian Mounted Police (RCMP) investigates cyber crimes that target government systems.
- The Canadian Security Intelligence Service (CSIS) gathers intelligence on threats to national security and supports departments through security screening and foreign intelligence.
- The Canadian Armed Forces (CAF) shares cyber threat intelligence with allies and conducts foreign cyber operations.
- The GC Cyber Security Event Management Plan (GC CSEMP) outlines how different departments respond to cyber incidents. Smaller issues are handled by the affected department, while serious ones are managed by teams led by TBS and the Cyber Centre. SSC’s responsibilities during a cyber security event include watching for unusual network activity, blocking cyber threat activity, assessing service impacts, reporting through the Cyber Centre and implementing prevention, mitigation and recovery efforts, such as emergency patching and isolating infrastructure.
Shared Services Canada procurement
Issue
- This note explains Shared Services Canada’s (SSC) general procurement practices and achievements.
- Procurement is essential to government operations, ensuring the best value for Canadians. SSC plays a central role by managing the purchase of IT tools and services—software, hardware, and support—for shared government systems.
Key facts
- N/A
Key messages
- SSC follows a fair, open and transparent procurement process, guided by well-established rules and controls.
- Most SSC contracts are awarded through competitive bidding to ensure best value for Canadians.
- SSC occasionally awards non-competitive contracts, which are subject to the same rigorous review as competitive ones, based on their risk and value.
- Justifications for these contracts are grounded in clear criteria, such as urgency, intellectual propriety (IP) considerations or national interest.
- SSC is advancing an information technology (IT) diversification strategy to increase vendor diversity, reduce reliance on foreign technologies, and promote Canadian-made solutions in our IT infrastructure and services.
If pressed on Buy Canadian
- Under the new Buy Canadian Policy, departments and agencies prioritize Canadian suppliers and Canadian content in their purchasing decisions.
- During bid evaluations, eligible Canadian suppliers receive either addition points or credit towards their financial proposal.
- This currently applies to purchases $25 million or more, and $5 million or more effective June 15, 2026.
- Exceptions are permitted only in specific cases, such as unreasonable cost increases or where application of the policy would not be in the public interest. Exceptions must be approved by the responsible minister and fully documented to ensure accountability and transparency.
If pressed on the interim Policy on Reciprocal Procurement
- The Policy on Reciprocal Procurement limits access to suppliers from countries that restrict Canadian participation in their own government contracts. It builds on the existing Interim Policy on Reciprocal Procurement.
- It prioritizes Canadian suppliers and those from trusted trading partners, helping to strengthen domestic supply chains and support Canadian businesses.
- Currently, eligibility is based on the location of suppliers. In spring 2026, it is expected that eligibility will be determined by the origin of goods and services.
If pressed on no substitution
- Due to operational requirements, SSC will occasionally purchase equipment from a manufacturer to ensure compatibility with existing systems, in circumstances where there is no possible alternative.
- When this happens, SSC provides a technical reason to support the decision. In some cases, the contract is still competed—but only among authorized resellers of the specific equipment.
If pressed on outsourcing
- SSC uses professional services to help deliver programs and projects; to meet delivery targets; or to provide outside expertise on a particular project.
- Spending on professional services was reduced by $81 million, from $477 million in 2022–23 to $396 million in 2024–25. Oversight has been strengthened to ensure services are used only when operationally justified.
- As part of Budget 2025, SSC has committed to reduce spending on professional services by a further 17% over three years ($68 million, for a total reduction of 31% since 2022-23).
- As part of this effort, SSC is continuing to improve its ability to manage work internally, build institutional knowledge and reduce contracted service costs.
- As outlined in Budget 2025, SSC continues to build in-house capacity and expertise by investing in skills development, re-skilling employees, and optimizing how we allocate our resources.
If pressed on procurement ombud “bait and switch” report
- SSC typically engages consultants using Public Service and Procurement Canada’s (PSPC) established methods of supply. To ensure quality and compliance, SSC verifies that proposed individual resources meet or exceed both PSPC’s minimum qualifications and SSC’s specific requirements.
- SSC has strengthened its guidance to procurement officers by updating instructions to clarify the process and enhance the consistency and completeness of the documentation.
If pressed on supply arrangements
- SSC has established supply arrangements that promote Indigenous business participation, including measures such as Indigenous Participation Plans to support subcontracting, employment and skills development.
- Contracts over $5 million undergo governance reviews to ensure meaningful consideration of Indigenous businesses in the procurement process.
Background
- GC contracting is governed by well-established laws, regulations and government-wide policies.
- SSC complies with the Financial Administration Act, the Government Contracts Regulations, the Directive on the Management of Procurement, the Policy on the Planning and Management of Investments, the Code of Conduct for Procurement, trade agreements, court decisions, the Policy on Green Procurement, the Procurement Strategy for Indigenous Business and the Nunavut Directive.
Comprehensive Expenditure Review
Issue
The Comprehensive Expenditure Review (CER) is a government-wide exercise to reduce duplication and inefficiencies and realign activities toward the core federal mandate. It will reduce the public service population by 10% from its peak in 2023‑24 and achieve savings of $9 billion in 2026–27, $10 billion in 2027–28 and $13 billion in 2028–29.
Key facts
- Under the CER, SSC will reduce its expenditures by:
- $159.3 million in 2026–27
- $212.4 million in 2027–28
- $318.5 million in 2028–29 (ongoing)
- These targets include planned savings from Budget 2024’s Refocusing Government Spending initiative
Key messages
- Under the CER, SSC will meet up to 15% in savings targets over three years, achieving ongoing savings of $318.5 million
- Specifically, SSC will:
- standardize platforms and realign enterprise software offerings to match current needs
- eliminate low-use or redundant licences
- eliminate non-essential fixed telephone lines in all Government of Canada (GC) buildings, which will reduce expenses, and deploy cost-effective softphones to all workers
- review, consolidate and renegotiate contracts to eliminate duplication, secure better pricing and align spending with enterprise needs
- leverage emerging technologies to automate repetitive tasks, use AI-driven tools to optimize operations and service delivery, automate common IT support requests to reduce call volumes and costs while improving user experience
- build its in-house capacity and expertise to reduce spending on external consultants and contractors for ongoing operations
- simplify the cloud footprint by consolidating over 287 partners’ cloud environments into SSC’s enterprise cloud (GC Cloud One)
- reduce and rationalize the remaining 190 legacy data centres across Canada into 4 enterprise data centres, 1 high-performance computing centre, 5 consolidation data centres, and approximately 50 edge computing sites
- Further, SSC is streamlining its organizational structure and processes, simplifying oversight and reducing layers
- 31% of employee reductions are management
- CER will result in a 5% reduction in the number of SSC employees
If pressed on operational impacts
- There may be short-term pressure on service. However, SSC will mitigate this through prioritization, automation and reskilling, with the goal of maintaining or improving service levels over the long term
- Operational IT capacity is largely preserved, with less than 3% of reductions coming from front-line IT staff
If pressed on employees
- SSC has invoked workforce adjustment and career transition for executives to meet its expenditure reduction targets and deliver on its ambitious digital agenda.
- On January 13, 2026, 1,339 employees, including 49 executives, were informed their positions may be impacted. SSC is aiming to reduce its workforce by approximately 477 positions to meet CER objectives
- The goal is to reach this reduction by considering all available options, including the Early Retirement Initiative, a voluntary departure program, the selection of employees for retention or lay-off, and workforce adjustment. Minimizing the impact on employees is the top priority.
- About 1,786 SSC employees received notice they are eligible for the Early Retirement Incentive program. This program’s approval is with Parliament
- SSC is dedicated to supporting employees during this transition. Programs and resources are available to help employees navigate career transitions and maintain their well-being, including an internal portal (Gateway to Mobility Portal) to ensure priority consideration is given to impacted SSC employees when staffing positions
- SSC actively engaged with stakeholders, including management and bargaining agents, to ensure transparency with respect to the workforce reduction plans
- SSC understands the impacts of CER can be stressful and is committed to supporting its employees. SSC employees are encouraged to speak with their manager, the SSC Office of the Ombuds or the Employee Assistance Program for support
Background
Budget 2025 noted that:
To meet up to 15% in savings targets over three years, Shared Services Canada (SSC) will implement efficiencies government-wide by standardizing platforms, including realigning enterprise software offerings, to match current needs; eliminating low-use or redundant licences; and removing non-essential fixed lines.
SSC will also retire outdated technologies, systems and infrastructure that are costly to operate, difficult to secure and that limit innovation. This includes migrating workloads and hardware from remaining legacy data centres into modern facilities to reduce outage risks in the support of critical services and to shrink the government’s costly legacy IT footprint. SSC will review, consolidate and renegotiate contracts to eliminate duplication, secure better pricing and align spending with enterprise needs. SSC will achieve significant savings by transitioning to modern, cost-effective solutions and ending or reducing support for legacy systems, which are often expensive to maintain and operate due to outdated technologies and higher risks of system failure.
To modernize workflows, reduce manual effort and optimize service delivery, SSC will leverage emerging technologies to automate repetitive tasks; use AI-driven tools to optimize operations and service delivery; and automate common IT support requests to reduce call volumes and costs while improving user experience.
SSC will also build up its in-house capacity and expertise to reduce spending on external consultants and contractors for ongoing operations. By developing internal skills, reskilling staff and optimizing resource allocation, SSC will lower contracted service costs while strengthening institutional knowledge.
Shared Services Canada’s 2024-25 Departmental Results Report
Issue
Services Canada’s (SSC) 2024-25 Departmental Results Report (DRR) provides details on SSC’s mandate, commitments and results.
Key facts
- In 2024-25, SSC employed 9,346 full-time equivalents (FTEs), had net expenditures of $2,617 million, and met 20 of 25 results indicators.
Key messages
- SSC’s accomplishments in 2024-25 included:
- Deploying over 500 Low Earth Orbit satellite terminals
- Expanding enterprise Wi-Fi to more than 250 government buildings
- Strengthening cyber defences through the new Secure Cloud to Ground service, Cyber Security Program Management Office, and the implementation of integrated enterprise monitoring tools
- Expanding the use of artificial intelligence and automation to improve service delivery and internal operations
- Delivering $20 million in savings through initiatives such as bulk procurement of mobile devices, the rationalization of fixed phone lines, and the deployment of softphones.
- As part of work to incorporate agile procurement principles into its broader contracting, SSC used an agile process for procuring cloud services. This involved iterative solicitation design and development, and collaboration with industry to achieve the best possible outcome for Canadians.
- SSC surpassed the government’s 5% Indigenous procurement target, achieving a result of 9.8%.
- Furthermore, SSC onboarded one-third of the department to Docuverse, a SharePoint solution modernizing business processes. This streamlined collaboration, improved coordination, and strengthened governance.
- SSC launched an efficient and user-friendly Employee Service Portal to automate corporate requests and improve onboarding and offboarding of employees.
If pressed on unmet Departmental Results indicators
- Number of partners that migrated their email in the cloud: target 39
- Result: 37. For SSC to complete email migrations, partners must complete all the preparatory work. More complex departments took longer than expected, and this caused delays.
- Percentage of time that Enterprise Mobile Device Management (EMDM) service is available: target 99.9%
- Result: 99.19%. In 2024-25, there were three EMDM outages due to major infrastructure-related incidents. To mitigate future risks, SSC is working to enhance coordination, improve alerting and monitoring processes, and strengthen validation protocols for third-party infrastructure changes.
- Partner Satisfaction with cloud brokering and cloud advisory services (five-point scale): target 3.6
- Result: 3.5. While service levels were sustained, the new Application Hosting Strategy changed the accountability for cloud operations from partners to SSC, which may have reduced satisfaction. To address these challenges, improvements are underway to enhance service and streamline cloud intake processes.
- Percentage of SSC-led and customer-led projects rated as on time, on scope and on budget: target 70%
- Result: 65%. Cybersecurity projects experienced delays due to evolving requirements and the rapid evolution of the cybersecurity landscape. This made it challenging to deliver effectively using traditional waterfall approaches, in which all planning is done at the start. SSC is moving towards Agile project practices, in which planning and delivery are done iteratively.
- Percentage of critical incidents under SSC control resolved within established service level standards: target 60%
- Result: 55.04%. SSC is addressing three root causes of this outcome. To improve the implementation of improvements to higher complexity systems, SSC is assessing adjustments to its processes. To address extended wait times for replacing hardware, SSC is assessing an emergency replacement service for critical equipment at some sites. To better service remote locations, SSC is investigating opportunities to pre-identify additional remote supports.
Background
The Departmental Results Report informs parliamentarians and Canadians of the results achieved by SSC for Canadians, and the resources used to achieve those results. A retrospective view is provided for 2024-25 against the plans, priorities and expected results that were set out in the corresponding 2024-25 Departmental Plan. The Departmental Results Report is based on the approved 2024-25 Departmental Results Framework and Program Inventory.
Office of the Auditor General of Canada (OAG)’s Contact centres report
Issue
- In this report, the Auditor General found the Canada Revenue Agency’s (CRA) contact centres failed to consistently provide callers with accurate and timely information.
- The report highlighted deficiencies in the management of the Hosted Contact Centre Service (HCCS) platform provided through a contract with Shared Services Canada (SSC).
Key facts
- The HCCS contract has a $50‑million minimum revenue guarantee over 10 years. SSC’s authorities permit spending up to $300 million for this contract and the current expenditure forecast is $190 million.
- The contract was awarded in 2015, implemented for CRA and other departments in November 2018 and runs until 2027.
- In 2025, following a competitive process, SSC awarded a 5‑year contract (with one 5‑year option) to Bell Canada for its Genesys Cloud CX platform. The initial contract is valued at $7 million, which will grow over time as the services are consumed. As the design and implementation of the new contract is in development, its expected total cost is not yet available.
Key messages
- The contract is within its budget. As of June 2025, the total one-time costs and forecasted monthly costs for the first 10 years of the contract is $190 million. SSC’s procurement authorities for this are a maximum of $300 million.
- SSC welcomes the Auditor General’s findings. Modern contact centres are essential for partners to deliver services to Canadians.
- SSC generally agrees with the recommendations, has already implemented many and is working to address the remaining items.
- Using learnings from the previous contract, SSC awarded a new contract in July 2025 to replace the existing IT services for CRA’s contact centres. The new solution will allow CRA to leverage current and emerging technologies, which are scalable and flexible over the life of the contract, to support effective service delivery.
- SSC remains committed to sound stewardship and accountability. SSC, in collaboration with CRA, continues to strengthen contract management practices with clearly defined roles, responsibilities and processes.
If pressed on new contract
- Partner departments, including CRA, were fully engaged in defining requirements and evaluating the new contact centre solution. Under the new contract, CRA will benefit from:
- greater autonomy to deploy and test features, allowing for more agile service improvements
- detailed billing information, which simplifies invoicing and increases clarity when certifying the receipt of goods and services and authorizing payment
- The new Contact Centre as a Service (CCaaS) is an on-demand, flexible and scalable commercial solution to manage client interactions across various channels, such as phone, email, chat and social media.
If pressed on value
- The government only paid for the features and consumption that it used.
- Increases to the contract value reflect increases in usage over time, such as exercising option years, adding new contact centres, increasing use or capacity in the pandemic, and are not changes to pricing.
If pressed on cost conflation
- The $50‑million minimum was never a total estimated contract value but rather the minimum commitment to assure the vendor they would recoup their initial infrastructure and set-up investment. Once consumption began, service orders were placed and the contract value was amended accordingly.
- Not all features available under contract were initially activated. Some were added later, resulting in contract amendments. This allowed the service to address the evolving need of the department.
- Rather than award the full estimated contract value at the outset, SSC used the best-practice approach of awarding smaller service orders in increments based on predictable consumption and feature implementation forecasts. This established controls and gating to ensure that the contract and spending was regularly reviewed internally and with our partners. Amendments increasing the overall value of the contract were simply a reflection of the service orders as consumption took place.
Background
In 2013, the Government of Canada pursued a consolidated contact centre solution. In 2015, SSC awarded a contract to IBM for the HCSS system. It included new functions such as call-routing to agents with relevant knowledge, nation-wide call queuing, an integrated voice-response system, estimated wait times and workforce management functionalities. The contract was designed to include many features that CRA and other departments could choose to implement as their business requirements evolved over the life of the contract.
Office of the Auditor General of Canada’s (OAG) Cyber security of government networks and systems report
Issue
- On October 21, 2025, the Auditor General tabled a report on the cyber security of federal networks and systems. It found the government “had tools in place to defend” its networks and its cyber security plan was “sound and comprehensive.”
- However, the report raised concerns about delays to key projects to improve the visibility of cyber events and coordinate the response to incidents. It highlighted shortcomings in the management of equipment and noted that certain small departments and agencies (SDA) were not using Shared Services Canada’s (SSC) cyber security services.
Key facts
- The report noted that of the 204 organizations in the Government of Canada:
- 85 were required by Treasury Board of Canada Secretariat (TBS) policies to use SSC’s Internet service; however, 22 did not comply and instead used the Communications Security Establishment’s (CSE) cyber security defence sensors.
- 119 organizations were not required to use SSC’s Internet service; among these: 24 chose to use SSC’s services and a majority—76 organizations—used CSE’s sensors.
Key messages
- SSC appreciates the Auditor General’s work, recognizing that countering cyber threats requires constant vigilance and robust security measures.
- SSC agrees with the findings and is working to address the identified issues. Specifically, SSC:
- is committed to completing a project to provide greater visibility of suspicious cyber events
- has initiated work to strengthen asset management practices
- is completing an inventory of network endpoints to improve oversight and control
- will work with TBS to update the government’s cyber event management plan this fall
- These actions will strengthen SSC’s cyber defences, which block 6.5trillion cyber threats annually.
If pressed on the Global Affairs Canada (GAC) cyber attack “7-day” delay
- On Friday, January 19, 2024, the Canadian Centre for Cyber Security (the Cyber Centre) officially requested specific VPN-related security information from SSC. The request was approved within an hour and all parties (SSC, GAC and the Cyber Centre) agreed to make the transfer on Monday, January 22, 2024.
- While this kind of transfer is typically not required, SSC has included this process in its standard operating procedures to ensure that future requests are treated more rapidly.
If pressed on cyber attack on GAC
- SSC is providing responsive support to departments to defend against cyber attacks.
- We recognize the importance of enhanced communication during a cyber event, and SSC works continuously with the Cyber Centre and TBS to improve communications.
- SSC and GAC jointly developed a Remediation Action Plan to enhance network security and collaboration. The plan reflects our shared commitment to effective coordination and strengthened security practices.
- It reaffirms decision-making authorities, defines respective roles and responsibilities, establishes a process for sharing information and identifies mechanisms to resolve issues quickly.
If pressed on security information and event management (SIEM)
- The Government of Canada (GC) is conducting a collaborative and competitive procurement process for a security information and event management (SIEM) solution.
- These efforts will allow the GC to better predict, detect and respond to cyber threats.
- For example, integrating threat intelligence feeds will facilitate the response to cyber incidents.
- A centralized solution will collect data to enable faster responses to potential threats.
If pressed on the endpoint visibility, awareness and security (EVAS) project
- SSC’s Endpoint, Visibility and Awareness Security (EVAS) project will enable a real‑time view of all endpoint devices connected to GC networks, such as desktops and servers.
- It will also enhance security capabilities, including protection to block file-based malware and other malicious activity, and continuous monitoring at endpoints with an automated response to cyber events.
- The project is under way and completion is expected by March 2028.
If pressed on vulnerability and patch management
- SSC continues to improve its vulnerability and patch management processes across all its systems and services. These improvements will reduce exposure to cyber attacks, minimize lost productivity and protect data and infrastructure.
If pressed on small departments and agencies (SDA)
- SSC is working to provide connectivity and security services to 43
- By the end of 2024-25, 23SDAs had fully transitioned to government-managed Internet and remote access services, while 15 had adopted the shared email system.
- By the end of 2025-26, 6additional SDAs are expected to fully transition.
Background
The GC, like all organizations worldwide, faces ongoing cyber threats from bad actors on a national and international level that require constant attention and strong security measures. Cyber threats are becoming more complex and sophisticated. These include criminal activities such as ransomware attacks and attacks by state-sponsored adversaries.