Status report on transformational and major Crown projects 2019-20

Shared Services Canada (SSC) is building a digital platform composed of the underpinning infrastructure and security elements required to enable the deployment of the Microsoft Office 365 (M365) suite of digital tools and services to enable enhanced communications and collaboration for staff as they deliver services to Canadians.

• A digital platform to enable the deployment of M365 tools and services
• A framework to support customer migrations to the M365 suite
• Enhanced communication and collaboration to improve the way staff work with each other in delivering services to Canadians

The services of Canadian-based third-party providers of cloud deployment services will be procured to assist customer organizations in moving to the cloud-based environment.

Shared Services Canada

Shared Services Canada

Shared Services Canada

Microsoft, 100 Queen St. Ottawa, Ontario, Canada

To Be Determined

Phase 3 - Planning (Definition)

• Phase 1: Idea Generation – December 2018
• Phase 2: Initiation – May 2019
• Phase 3: Planning – June 2019
• Phase 4: Operational Readiness – February 2020
• Phase 5: Deployment - August 2020 to January 2021
• Phase 6: Closeout - March 2021

On December 6, 2018, SSC received project approval for the planning (definition) phase for the 1st phase of the Digital Communications and Collaboration Project (initially the Digital Communications Project). The scope of the project at the time covered the migration of the customers on Your Email Service (YES) to Microsoft’s 365 platform.

Over the course of the planning (definition) phase, it was determined that:

• There was a growing appetite among YES and non-YES customers to migrate to the cloud and consume digital communications services beyond email
• The deployment of any of the digital communications tools (Email, SharePoint, Teams, and so on) requires the same foundational elements such as network bandwidth, security, and so on, to be in place prior to onboarding
• Migrating to the cloud is a risky and complex endeavor. An incremental rollout is a more prudent approach than a big-bang implementation
• The key deliverables of this project will be a digital platform and a framework to support customer migrations to the M365 suite

To reduce the risk, the scope of the project was modified and only six pathfinders were selected to move first to the new platform. Those pathfinders are Treasury Board Secretariat, Immigration and Refugee Board of Canada and Transport Canada as Non-Yes clients and Atlantic Canada Opportunities Agency, SSC, and Veterans Affairs Canada as YES clients. The lessons learned from these 6 pathfinder migrations will be used to inform future migrations for all the other YES clients as well as On Premise Email clients.

The EVAS project will implement a new, competitively procured, standard endpoint security solution that will provide an accurate and up-to-date view of all Shared Services Canada (SSC)/Government of Canada (GC) endpoint devices. EVAS will allow SSC partners, as well as GC clients and enterprise service organizations, to ensure endpoint devices on SSC/GC networks are properly tracked, managed and secured.

Partners will be equipped with real-time information to prioritize remediation efforts, and the Treasury Board Secretariat (TBS) will be equipped with an enterprise view of Information Technology (IT) assets to be able to assess true GC exposure to a cyberattack.

• Increase visibility and awareness to improve IT security
• Detect and resolve cyber incidents with minimal human intervention
• Current and comprehensive understanding of all endpoint devices on SSC/GC networks
• Improved IT business planning and forecasting
• Streamline operations with an enterprise solution
• Reduce SSC/GC enterprise risks

By engaging industry, refining requirements and conducting competitive procurement for integrated EVAS system(s) and licenses the GC will benefit from cost savings and an increased security posture.

The project will provide a current and comprehensive understanding of all endpoint devices on GC networks with added protection, detection and mitigation of security incidents and improved situational awareness and proactive defence.

Treasury Board of Canada Secretariat

Shared Services Canada

• Shared Services Canada
• Treasury Board of Canada Secretariat
• Canadian Centre for Cyber Security (Previously the Communications Security Establishment)

N/A

N/A

Phase 3 – Planning

• Phase 1 – Idea Generation – March 2018
• Phase 2 – Initiation – December 2018
• Phase 3 – Planning – April 2021
• Phase 4 – Operational Readiness – August 2021
• Phase 5 – Deployment – April 2024
• Phase 6 – Closeout – September 2024

• EVAS is a pathfinder project for the Cyber Security Procurement Vehicle (CSPV). There is an approved 5-month extension in the schedule to complete the Planning Phase due to delays in procurement.
• The EVAS project completion date is September 2024. The project is currently running within budget.

The Government of Canada Network Wide Area Network (GCNet WAN) project will converge, consolidate and standardize wide area networks to a common, shared, enterprise network, while maintaining required segregation of data through logical (not physical) security domains and zones.

Stream 1: National Internet Protocol (IP)

• Consolidation of approximately 50 different WANs on 12 separate contracts into a single infrastructure on 2 contracts to provide national WAN services to Shared Services Canada’s partners
• IP-based service providing any-to-any network connectivity
• Fully-managed service to 3,500+ sites across Canada

Stream 2: National Transport (Legacy)

• Legacy point-to-point analog and digital services (700+ sites)

Stream 3: International

• Both IP and Transport services
• Service to approximately 220 locations internationally

Private sector vendors will provide goods and services for the new service(s)

Shared Services Canada

Shared Services Canada

Shared Services Canada

• Stream 1 (Contractor 1) – TELUS
  257 Slater Street, 7th floor, Ottawa, Ontario, Canada, K1P 0A6
• Stream 1 (Contractor 2) – Zayo Canada
  150 Laurier Avenue West, 3rd floor, Ottawa, Ontario, Canada, K1P 5J4
• Stream 2 – TELUS
  257 Slater Street, 7th floor, Ottawa, Ontario, Canada, K1P 0A6
• Stream 3 – Bell Canada
  160 Elgin Street, 5th floor, Ottawa, Ontario, Canada, K2P 2C4

N/A

Phase 5 – Deployment

• Phase 1 – Idea Generation – August 2013
• Phase 2 – Initiation – October 2013
• Phase 3 – Planning – August 2017
• Phase 4 – Operational Readiness – August 2017
• Phase 5 – Deployment – January 2022
• Phase 6 – Closeout – March 2022

The overall project health is “red” due to the cumulative effect of various issues and risks that have led to the slippage of the Stream 1 migration schedule.

• Stream 1 – forecast completion date is March 30, 2022
• Stream 2 – completed March 31, 2020
• Stream 3 – forecast completion date is September 30, 2020

The current project authorities ended March 31, 2020. The Line of Business (LOB) is preparing a new Treasury Board Submission to extend the Project Authorities.  The LOB’s appearance at TB will be scheduled in the fall of 2020.  The project has received interim approval to continue migration activities pending the LOB’s appearance before TB.

The GCSI project’s duration is six years with the first 30 months devoted to planning activities. The estimated expanded sites and additional capabilities include adding 2000 users, 900 endpoints, 60 sites across the Government of Canada (GC) and 60 secure meeting rooms with voice and video conferencing equipped to share information classified up to SECRET level. In addition to expanding new sites, new capabilities include high availability, low-to-high notifications and 24/7 support.

The project aims to achieve the following business outcomes:

• GC will have easy access to communicate securely using enterprise secure communications services, minimizing the need to use unmanaged legacy networks and unsecure means
• GC workers will have access to real-time classified (SECRET) communication tools to support operational needs including during times of crisis
• GC will be able to host classified (SECRET) mission-critical services that must be always available
• Deliver an infrastructure system that can resist a data centre level disaster

• Adding 2000 users, 900 endpoints, 60 sites across the GC
• 60 secure meeting rooms with voice and video conferencing equipped to share information classified up to SECRET level
• High availability and disaster recovery
• Low-to-high data transfers and High-to-Low notifications
• 24/7 enterprise support and security monitoring

Treasury Board of Canada Secretariat

Shared Services Canada

• Communications Security Establishment
• Shared Services Canada
• Treasury Board of Canada Secretariat

N/A

N/A

Phase 3 –Planning

• Phase 1 – Idea Generation – March 2018
• Phase 2 – Initiation – December 2018
• Phase 3 – Planning – March 2021
• Phase 4 – Operational Readiness – March 2023
• Phase 5 – Deployment – January 2024
• Phase 6 – Closeout – March 2024

• The GCSI Expansion is achieving defined performance objectives
• The GCSI Expansion is running on budget
• The GCSI Expansion Planning phase is to be completed by March 2021 as per the Treasury Board Submission

SCED will implement Government of Canada (GC) Trusted Interconnection Points on the periphery of the GC network for the secured exchange of data with external organizations. A specialized perimeter will establish a network security zone with one or more private connections to reduce exposure to cyber threats and improve performance and reliability between the GC and external partners, and Cloud Service Providers (CSP) for Secure Cloud Enablement. Dedicated connections to one or more CSPs will enable secured management, monitoring and access of departmental and interdepartmental unclassified and Protected B with Medium Integrity and Medium Availability (PBMM) off-premise cloud services (Software as a Service / Infrastructure as a Service / Platform as a Service (SaaS/IaaS/PaaS))

The security posture of GC services and assets as they are deployed in the public cloud and integrated with on-premise GC enterprise systems will be maintained through:

• Full visibility and monitoring of GC cloud environments through integration into current monitoring and management services for the GC enterprise provided by the Security Operations Centre
• A reduced attack surface by consolidating cloud perimeters
• Secure access from GC network to public cloud
• Central cloud-enabled data loss prevention policies

SCED will provide security and visibility services for communications with GC cloud workloads, allowing GC departments to be more agile in providing services to the Canadian public and businesses through leveraging public cloud services

Shared Services Canada

Shared Services Canada

Shared Services Canada

N/A

N/A

Phase 3 – Planning

• Phase 1 – Idea Generation – March 2018
• Phase 2 – Initiation – February 2019
• Phase 3 – Planning – December 2019
• Phase 4 – Operational Readiness – June 2020
• Phase 5 – Deployment – March 2023
• Phase 6 – Closeout – October 2023

General project uncertainty related to the Treasury Board Submission and Gate 3 approval dependency and process, combined with the unknown planning impacts resulting from emergency COVID-19 intervention (requiring that project resources be redirected from project activities).

Response: Team is focused on named emergency priorities. Schedule impacts will be assessed once emergency priorities completed. (N.B. These emergency response activities fall outside of the scope of SCED.) Will respond to Treasury Board Secretariat enquiries with the shortest possible delay to expedite the approval process.

Focussed on replacing legacy landline telephony systems with next-generation, network-based communications services that bundle Voice over Internet Protocol (VoIP) telephone, Instant Messaging, Presence, and Desktop Videoconferencing, WCS will converge voice and data onto a common, enterprise network to deliver an enhanced service offering at a lower operational cost. WCS will support Blueprint 2020 and Workplace 2.0 objectives for increased productivity, mobility and collaboration, while meeting urgent requirements to replace end-of-life legacy equipment and ensure service continuity for partner program delivery.

• Establish an enterprise WCS contract and ensure relationships with industry that are open, transparent and fair
• Modernise traditional telephony technologies by migrating to VoIP technology that will carry interdepartmental communications over Canada’s transformed wide area network (Government of Canada Network Wide Area Network)
• Execute an efficient transition with minimal business impacts
• Reduce infrastructure complexity through standardisation to an enterprise service, and provide greater telecommunication capacity, reliability and capability to enable partners and clients to deliver optimum support service to Canadians
• Improve service availability and increase customer satisfaction
• Reduce administrative duplication (for example, invoice processing) and standardised IT service management processes by transforming from multiple telephone service contracts in silos to a shared service
• Provide increased communication capabilities (that is, Desktop Videoconferencing, Instant Messaging, Presence and Desktop Sharing)
• Support an improved Government of Canada security posture through standardised security measures and controls
• Yield ongoing service delivery efficiencies at target state

The services provided by the WCS contract will involve delivery to locations subject to Comprehensive Land Claim Agreements (CLCAs). Therefore, the WCS Request for Proposal included rated criteria for the provision of a CLCA plan promoting indigenous participation in the performance of the work. As a result of this, the WCS contract contains a mandatory requirement for TELUS to implement, and report, on the CLCA plan which was submitted by TELUS and evaluated by Canada as a part of its bid. The annual CLCA report must cover:

• the number of Aboriginal persons employed in each CLCA for which a commitment was made in the CLCA Plan
• a description of the Contractor’s recruitment process (including any subcontractor recruitment processes) currently in use and any plans for changing the recruitment process during the coming year
• a description of the Contractor’s retention process (including any subcontractor retention processes) currently in use and any plans for changing the retention process during the coming year
• the nature of the work performed in each CLCA over the course of the year and any plans for changing the nature of that work during the coming year
• the types of positions filled by Aboriginal persons over the course of the year
• the type of on-the-job training and skills provided by Aboriginal persons performing any portion of the Work in CLCAs

Shared Services Canada

Shared Services Canada

Shared Services Canada

TELUS

N/A

Phase 4 – Operational Readiness

• Phase 1 – Idea Generation – January 2014
• Phase 2 – Initiation – April 2014
• Phase 3 – Planning – June 2017
• Phase 4 – Operational Readiness – TBD
• Phase 5 – Deployment – August 2026
• Phase 6 – Closeout – September 2026

• Department of National Defence (DND) site restrictions resulting from COVID-19, and Vendor delays in completing Security Assessment and Authorization (SA&A) Gate 3 activities, continue to cause scheduling delays, setting the project status to “red”.
• Project efforts have continued with a focus on planning and preparedness. Of 19 DND critical sites, 14 Phase 1 site visits and reports are completed. 32 of 57 Build Books are completed and site design engineering is underway. Service Orders have been placed for 29 DND sites, representing an end count of 16,755 lines.
• DND has approved 11 sites for migration and has recently opened access to some of their sites for onsite work and Personal Protection Equipment (PPE) has been sourced to facilitate onsite work. The WCS service vendor successfully installed and tested equipment in June 2020 onsite at the DND Health Care Centre Pilot site.
• Remediation efforts are underway with the WCS vendor to support the completion of SA&A Gate 3, a requirement of attaining Approval to Operate and to re-baseline the project schedule.