Book Two – Shared Services Canada Departmental Business 2019

Shared Services Canada Enterprise (Government-wide) Priorities

Canadians expect to be able to use the latest technology and receive services when and where they need them, including access to online services on their devices. To meet this expectation, Shared Services Canada (SSC) has shifted to an enterprise information technology approach called, "SSC 3.0", which focuses on the consolidation, modernization and standardization of information technology infrastructure services within the Public Service. This approach will help the Government of Canada achieve a digital government that delivers high‑value, essential digital services to Canadians, and will provide federal employees with the tools they need to deliver these services on a modern, reliable and secure information technology platform.

The Department's new approach centres on providing services to the Government of Canada as an enterprise and focuses on key priorities, including:

The following sections touch on the priorities of the Department and the projects and work under way to achieve SSC 3.0.

Network and Cyber Security

Networks and cyber security are the very foundation of digital government and the basis for all Government of Canada services. In this age of technology, networks need to be strong, readily available, reliable, fast, and scalable - based on our changing security needs.

The Government of Canada is continually updating its networks to leverage the latest security measures to better protect personal information, connect seamlessly to cloud and enterprise data centres, and move at a speed and scale that gives users the connectivity they need to do their work in today's digital environment. SSC has been consolidating a multitude of networks into a single common network while improving speed, reliability and security to support an increasing demand for digital services delivered to Canadians.

The Department works in close co‑operation with Treasury Board of Canada Secretariat, the Canadian Centre for Cyber Security and Communications Security Establishment Canada to align the Government of Canada's network renewal with security standards that protect the information of Canadians.

SSC's work to improve the Government of Canada network and cyber security can be highlighted through the two following ongoing projects, Network Services (wide area network and the ongoing management of necessary software upgrades (patch management).

See Annex A below for a list of all network and cyber‑security-related projects.

Network Services (GCNet Wide Area Network)

The Wide Area Network connects computers to each other through Government of Canada intranet, external Internet, as well as application and data hosting servers and cloud solutions. The federal government has approximately 4,000 locations (buildings or other infrastructure) connected to the GCNet Wide Area Network. This network enables departments to effectively transmit information between one and another, and also to Canadians. For SSC, the GCNet Wide Area Network project aims to consolidate, modernize and streamline the existing 50 wide area networks across the government into a single network service supporting both domestic and international operations. The 50 wide area networks support communications for some 377,000 government users nationally and internationally, and all these users will be migrated to the new single network service.

Migrating users to the new network service and shutting down the old wide area networks will result in reduced infrastructure complexity and operating costs, consistent service quality, increased security, and enhanced service to customers. Furthermore, consolidation simplifies and standardizes infrastructure and meets the demand of new and more interactive applications.

To date, about 50% of the 4,000 locations connected to the wide area network have been migrated from the 50 separate wide area networks to the new single network service.

Software and Application Upgrades (Patch Management)

Where new technologies are not available, patches or software changes become critical to ensuring continuity of service. Patches provide improvements to security vulnerabilities, and bug fixes, including the overall enhancements to the functionality, usability and performance of software and applications.

Patch management safeguards the government's data and citizen information, and enables seamless delivery of services to Canadians. Patching operating systems and applications was identified as the second most important information technology security action in Communications Security Establishment Canada's top 10 information technology security actions, which are set out to identify important information technology security action required to help minimize organizational risk of intrusions and impacts on networks. In addition, patch management allows for the Department to mitigate exposing the Government of Canada's information technology infrastructure, systems and data to cyber attacks.

Annex A

The following key projects and programs aim to solidify the Government of Canada's information technology foundation by increasing network reliability and strengthening security.

Other SSC-led Active Projects (2019-2020 and ongoing)

Administrative Access Controls Services: This project will ensure that management of administrative privileges for the 43 customer departments is done government-wide by SSC. Currently, access to systems and controls is provided by individual departments, whereas this project will result in centralized controls for the Government of Canada.

Canada-United States IP Transport: This project implements a new communication network based on current Internet-based technologies to allow for the secure exchange of data between Canada and the United States.

Canadian Network for the Advancement of Research, Industry and Education (CANARIE): This project will implement the Government of Canada Science Network with a secure perimeter, and provide science departments with access to CANARIE.

Cloud and Internet Connectivity Upgrade: This project is designed to provide the secure network capacity and capabilities to support workload migration, cloud first, and digital communications projects by upgrading the capacity of Government Internet and cloud access. The project will also upgrade SSC's network connection to the Internet.

Edge Network Modernization: This project is to develop a single standard, integrated wide area network edge, local area network Wi-Fi Service as a blueprint for enterprise deployment. This blueprint will be deployed to a select number of pilot sites to support SSC's Data Centre Consolidation project.

Endpoint Visibility, Awareness and Security: This project will provide government‑wide visibility of Internet‑connected devices on Government of Canada networks. This will allow the government to quickly and systematically identify information technology vulnerabilities and prioritize the remediation of known vulnerabilities and risks. Vulnerability Management Services will provide the Government of Canada with the ability to provide integrated and automated vulnerability detection and remediation across the government.

Enterprise Monitoring Solution: This project will conduct an assessment of how information technology is monitored within SSC and develop a proposal for next steps.

Enterprise Perimeter Security: This project will enhance the security of the Government of Canada's Internet perimeter through timely and consistent monitoring, detection, and implementation of cyber threat mitigation measures.

Enterprise Virtual Machine and Compliance: In concert with and complimentary to the Enterprise Perimeter Security project, this project will enhance the monitoring capability of Government of Canada information technology systems. It will enable the ability to proactively monitor for any advanced threats to the government systems and services.

Government of Canada Internal Centralized Authentication Service: This project will provide a new Government‑of‑Canada-wide credential (username, password) that is accessible across departments. It will enable two‑factor authentication similar to what Canadian banks use for secure interaction with their clients.

Government of Canada Secret Infrastructure (GCSI): The Government of Canada Secret Infrastructure project is made up of three components:

Integrated Enterprise Command Centre: This project will consolidate, centralize, and modernize the monitoring of SSC's shared information technology infrastructure. The objective is to consolidate the 11 existing monitoring sites while taking into consideration security, back up requirements, staffing shortages, etc.

Network Device Authentication: This project will centralize life cycle management of non‑person entity certificates and provide reports on authentication, authorization and auditing transactions for the purpose of security auditing as well as compliance and service improvement.

Secure Cloud Enablement and Defence: This project will establish a network security zone to reduce exposure to cyber threats and improve performance and reliability between the Government of Canada and external partners / cloud Service providers for secure cloud enablement. Dedicated connections to cloud service providers will enable secured management, monitoring and access of unclassified and off‑premise cloud services.

Secure Remote Access Migration: This project will provide public servants with the ability to securely connect to their departmental data and information system from a remote location using their government‑furnished laptop, tablet or mobile device.

Security Information and Event Management: This project will implement incident response, cyber threat intelligence feeds and a central logging service functionality. Once implemented, the Security Information and Event Management project will allow the Government of Canada to predict, detect and respond to cyber threats and risks.

Smart Phone for Classified: The project will implement and operate secure mobile communications services for classified (Secret) information. The service will support up to 300 secure communications for senior leadership users.

Collaboration Tools

To ensure that the federal workforce is equipped to meet the needs of Canadians, and as part of SSC's focus on a whole‑of‑government approach to providing information technology services, the Department is modernizing workplace technology used by federal public servants.

Current workplace technology - such as cellphones, software or computers - vary from one department to the next, with little standardization or integration. SSC is moving to a more modern "collaboration" technology suite with tools that integrate email, instant messaging, government-wide social networks, videoconferencing, and Web applications into the office environment. This will enable Government of Canada public servants to work with a variety of tools, in a more interconnected way, regardless of where they are.

Key projects and programs being undertaken by the Department with regard to collaboration tools include the Digital Communications and Collaboration Platform, the Hosted Contact Centre Services project, and the Workplace Communication Services project. A list of other ongoing and planned projects related to collaboration tools can be found in the Annex below.

Digital Communications and Collaboration Platforms (Office 365)

The Digital Communications and Collaboration Platform aims to enable more effective collaboration and service delivery by providing a common set of workplace collaboration tools across the Government of Canada. For example, employees will be able to access the suite of tools available through Office 365. Office 365 will enable seamless communications (email and instant messaging), increase collaboration with tools such as "Teams", and could enable Government of Canada employees to work more effectively and deliver on their respective departmental mandates. Currently, there are six departments that are piloting these technologies - with SSC's technical assistance - and will report on lessons learned for wider adoption throughout the Government of Canada in 2020.

Call Centres (Hosted Contact Centre Services) Project

Call centres are vital channels of communications between Canadians and their government. The technology generally used by contact centres does not provide the variety of communication channels that Canadians have come to expect, voice, Web, text, chat, videoconferencing, and text telephone (i.e. telecommunications device for the deaf).

The Hosted Contact Centre Services project targeted the migration of 8 contact centre types in 34 discrete locations. These were staffed by approximately 30% (4,500) of the total Government of Canada contact centre agents. The migration was from multiple aging Government of Canada infrastructures into a single cloud‑based solution, which is easily scalable and provides partners using the system with flexibility. For example, traditional call centres were limited by the physical space available. The cloud system can add users or decrease the number of users without impact. SSC provides contact centre services for 221 centres in 435 locations throughout Canada, staffed by approximately 15 000 agents. The Department is currently moving the last of the contact centres, which should be completed by March 2020.

Workplace Communication Services Project

The Workplace Communication Services Project aims to replace out‑of‑date telephone equipment with modern technology that utilizes Voice over Internet Protocol, where both voice and data travel securely along the same network connections (Internet) for a more robust and administratively efficient infrastructure. This project, which began in 2014 and is scheduled to be completed by 2026, aims to modernize 204 000 telephone lines throughout Canada.

Annex A

The following key projects and programs aim to modernize collaboration tools to enable, engage and empower employees. By providing a modern and tailored set of workplace tools with accessibility features built in from the outset, SSC will help public servants deliver on their departments' priorities and better serve Canadians.

Other SSC-led Active Projects (2019-2020 and ongoing)

Directory Credential Account Management: This project will ensure that SSC provides partner synchronization to the Microsoft Azure Cloud within the department's enterprise data centre infrastructure. It will provide customer departments with the ability to maintain control of their own validation authority in their respective repositories.

Enterprise Mobile Device Management: In order to address expected shortages of supported mobile devices, and to also address the services' shortcomings, SSC will deploy a new Enterprise Mobile Device Management service, enabling its workforce to be more mobile.

Enterprise Information Technology Service Management Tool: This tool will deliver a technology solution that will allow for the delivery, support, and management of SSC's information technology services. The Information Technology Service Management tool will enable the Department's Service Management Transformation and the associated service strategy.

Videoconferencing Phase 3: This project is the next phase of the transformation of videoconferencing services for the Government of Canada. Phase 3 will continue efforts to encourage adoption of the SSC Enterprise Videoconferencing Services by partners.

Enterprise Mobile Device Management Evolution: Given the critical importance of mobile communications across the Government of Canada, and the end of the current BlackBerry licensing contract, efforts are under way to examine the next steps of the Enterprise Mobile Device Management service. Information gathering with partners is under way, industry consultations have started, and a request for proposal is expected for the next contract

Information Technology Systems and Application Health

While SSC manages a significant portion of the Government of Canada's information technology infrastructure, departments continue to manage many of their own applications. These applications - roughly 12 000 across the Government of Canada - are critical in delivering services to Canadians. From Canada Pension Plan payments to tax filing, employment insurance and border crossings, information technology applications enable departments to deliver their services to the Canadian public. These applications are often aging, depend on older coding languages and run on legacy information technology infrastructure that require constant maintenance. For these reasons, one of SSC's priorities moving forward is to support the Government of Canada in assessing, prioritizing and ensuring the health and stability of the key applications.

With this in mind, SSC is working with customer departments to identify risks associated with these applications, and the information technology infrastructure that hosts them, in order to mitigate potential service disruptions. This entails supporting individual departments while they modernize and replace older software solutions, and concurrently supporting legacy systems necessary to keep these applications running. SSC is working to ensure that critical applications are migrated off aging infrastructure - whenever possible - and shifted either to cloud‑based hosting solutions, or, when this isn't yet feasible, Government of Canada enterprise data centres.

Some of the key projects and programs being undertaken by the Department with regard to information technology systems and application health include modern cloud solutions, migration of critical applications to more stable hosting environments, and working to update legacy Windows‑based servers.

A list of other ongoing and planned projects related to application health can be found in the Annex below.

Cloud Brokering Services

The Government of Canada has adopted a "Cloud First" policy since it is the modern and flexible method for hosting applications. Government of Canada departments can review, purchase and provide public cloud services through SSC cloud brokering services. Cloud services provide access to shared information technology resources through "pay‑for‑use" models, similar to those for water and electricity utilities. A public cloud is a shared environment where each tenant is isolated from the others. The "Cloud First" policy will reduce dependability on physical space taken up by data centres, which will improve digital service delivery to Canadians. SSC is the liaison between qualified external cloud service providers and Government of Canada departments, and its mandate is to ensure the best possible cloud solution to meet the needs.

Moving Applications

Building on the work to update the Government of Canada use of Windows servers, and to continue to modernize the Government of Canada information technology infrastructure by increasing service reliability, SSC is moving applications from older data centres to modern data centre facilities or the cloud. This program is known as workload migration, and will ensure that critical applications are reliable and data is secure, which in turn will reduce the risk of service disruptions to Canadians.

Planning to migrate critical applications from older hosting solutions to newer and more stable environments requires careful coordination with partner and customer departments since these departments all have their own peak business cycles and blackout periods.

SSC is simultaneously working to consolidate nearly 720 of its original data centres and move the Government of Canada hosting solutions to the Cloud or one of four enterprise data centres. A total of 528 legacy data centres still require consolidation and it is the Department's long-term goal to host as many applications in the cloud as possible.

Modernize Information Technology Infrastructure

To mitigate cyber security and stability risks, SSC works closely with departments to ensure that aging technology is cyclically replaced, and that the Government of Canada does not run unsupported hardware or software unless absolutely necessary. SSC's Information Technology Refresh program aims to move Government of Canada users from Windows 2008 operating systems to Windows 2016, and keeping current information technology infrastructure assets up to date, through hardware and software updates and processes to identify the need to either upgrade or replace an information technology asset.

Of course, cyclical refreshing or replacing of technology is not enough. In an effort to keep pace with the rapidly changing information technology environment, SSC created a Chief Technology Officer Branch in January 2019. The branch's mandate is to ensure federal programs for Canadians benefit from the latest digital technologies available.

Windows Upgrade Projects

As software ages, companies generally support their products with security patches and updates to ensure ongoing performance and stability. Eventually, most software ages beyond a point where it is supported - at which point continuing to use such software begins to carry escalating risks associated with both security and stability. SSC manages certain foundational software licences necessary to run data and application hosting systems. For example, the Department is responsible for the software life cycle of approximately 37 000 operating system licences for Microsoft Windows Server 2008, which are necessary to run many critical data and application hosting systems. As Microsoft ends standard support and updates for this software, SSC is working with all its partners and customers to ensure that servers running these operating systems are either updated with newer supported versions, or where possible, decommissioned.

This work ensures the Government of Canada minimizes costs associated with buying specialized support from Microsoft, as well as mitigates security and stability risks inherent to running outdated software. As part of this work, SSC has also been working closely with departmental chief information officers to take stock of older applications running on these systems and consider replacing them with newer applications that can be hosted either in the cloud, or on more stable servers.

Annex

The following key projects and programs aim to ensure the reliability and security of information technology systems and applications. They will also enable SSC to work with customers to determine the best hosting solutions - whether cloud or enterprise data centres.

Other SSC-led Active Projects (2019-2020 and ongoing)

Cloud Management Platform: Cloud management platforms allow for the management of public, private and hybrid cloud environments. This project will implement hybrid (public and private) cloud‑based compute, storage, network, and security footprint in the established enterprise data centres.

Database as a Service: This project will establish database as an optional service for customer departments and explore opportunities for government departments to work together.

Enterprise Data Centre Borden Facility Expansion and Information Technology Establishment Projects: Facility enhancements will be achieved through a public/private partnership, and will be constructed in a modular design providing maximum flexibility to SSC for future upgrades. The Information Technology Establishment project will implement Data Centre Enabling Services to provide improved customer services. It will implement initial compute, storage, network, and security footprint in the newly established Enterprise Data Centre Borden.

Enterprise Data Centre Montréal Facility Establishment and Information Technology Establishment Projects: Facility enhancements will be achieved through a contract with a private sector provider to house the specialized information technology server, storage and network infrastructure for computing intensive workloads associated with Government of Canada scientific applications. The Information Technology Establishment project will implement Data Centre Enabling Services to provide improved customer services. This project will implement initial compute, storage, network, and security footprint in the newly established Enterprise Data Centre Montréal. Additionally this project will implement infrastructure to streamline preparations for the Dorval Data Centre migration project.

Government of Canada Cluster: This project will group customer departments by infrastructure requirements (business and technology clusters) and explore opportunities for government departments to work together.

SAP HANA Implementation: This project will establish a standardized platform to support the Government of Canada SAP HANA financial software implementation, and will support departments that are planning to migrate to this latest version of the software in the next two to four years.

Software Asset Management: This project will implement an enterprise software asset management system, including a tool to improve the management of licenses for data centre, network, email and security software. Once operational, software asset management will generate savings by avoiding costs associated with paying for vacant or unused software licences.

Workload Migration of Customer Departments: This project is the workload migration activities required to move the partner workloads from legacy data centres to enterprise data centres for the following departments:

Projects with Customer Departments

Customer-led Active Projects (2019-2020 and ongoing)

2019-2020 Departmental Plan Summary

Context

The 2019−2020 Departmental Plan for SSC was tabled in Parliament on April 11, 2019. It outlines the organization's priorities, core responsibilities and the resources planned to deliver results.

Overview

The four strategic priorities of SSC are to:

Deliver Customer Service Excellence

Central to the Department's Information Technology Service Management approach is improving customer experience through greater engagement and better performance reporting. One initiative - the procurement of a modern Information Technology Service Management tool - will provide SSC with a unified view of all service and incidence management requests, as well as consolidated performance reporting for the Department and its customers.

Modernize Government of Canada Digital Infrastructure

SSC will continue to establish cloud expertise, and identify the challenges customer organizations may face in migrating to the cloud. The platforms for cloud management will assist in the management of public, private and hybrid cloud environments. In moving to the new digital era, service delivery will be user centric and agile. For example, digital communications initiatives will ensure email services continue with movement into the cloud providing a foundation for digital communication capabilities.

Strengthen Cyber and Information Technology Security

Cyber attacks against the Government of Canada are more frequent and becoming increasingly sophisticated. Protecting the Government of Canada's programs and services from these attacks is of the utmost importance.

Build and Enable the Workforce

SSC will continue the implementation of its People Strategy, which focuses on attracting, recruiting and keeping the right talent, and facilitating job mobility within a safe, healthy, respectful and supportive workplace.

Key Considerations

SSC plans to use best practices in service delivery and leverage strong customer relationships in order to deliver customer service excellence

The Chief Technology Officer Branch was established to assist the Department in keeping pace with the rapid changes in technology and the evolving digital environment, thus ensuring programs and services for Canadians benefit from the latest digital technologies available.

This will further strengthen the cyber and information technology security required to defend Government of Canada information, networks and systems from cyber threats.

Key initiatives for 2019-2020 to protect the Government of Canada's programs and services from cyber attacks include:

Several initiatives will be implemented in the following areas to ensure employees are able to thrive within the digital government workplace and to better serve our customers and Canadians. These areas are:

2019-2020 Departmental Results Framework

Core Responsibilities

Email and Workplace Technology

Shared Services Canada procures, manages and protects email services for its customer organizations. The Department also acquires and provides hardware and software for workplace devices.

Departmental Results and Indicators
Programs

Data Centres

Shared Services Canada provides modern, secure and reliable data centre services to customer organizations for the remote storing, processing and distribution of data, including cloud storage and computing services.

Departmental Results and Indicators
Programs

Telecommunications

Shared Services Canada delivers data, voice and video communication services within and across the Government of Canada. The Department also provides the Government of Canada’s contact centre information technology infrastructure, cellular and toll free services.

Departmental Results and Indicators

Customer organizations receive modern and reliable network and telecommunications services:

Programs

Cyber and IT Security

Shared Services Canada works with other Government of Canada departments to provide secure information technology infrastructure services to ensure the confidentiality, integrity and availability of electronic information stored, processed and transmitted by the Government of Canada.

Departmental Results and Indicators

Government of Canada data and technology assets are protected by secure information technology infrastructure:

Programs

Customer Relationships and Service Management

Shared Services Canada provides customer relationship and service management functions to ensure customers are supported and engaged and their information technology services are well managed throughout their life cycle.

Departmental Results and Indicators
Programs

Source: Departmental Results Report 2017-18

2018-2019 Deloitte Audit
Implementation Plan

Key Issue

SSC's exceptional contracting authority limits have been suspended since March 2018. These limits include the ability to enter into and amend:

In February 2019, the Treasury Board of Canada Secretariat shared a decision letter with SSC concerning the recommendations of the Deloitte Audit on procurement, and the re‑establishment of its exceptional contracting authority limits.

The re-establishment of SSC's exceptional contracting limits are vital, as procurement and project planning are critical enablers to the successful delivery of the Department's mandate. These exceptional contracting limits would increase the department's efficiency as the department would not be required to draft Treasury Board submissions related to procurement.

Background

In 2018, the Office of the Comptroller General of Canada engaged Deloitte to undertake an independent audit of procurement and the initiation of projects in SSC. In November 2018, Deloitte identified nine recommendations for SSC, related to:

The report provided a sound basis upon which SSC can continue to evolve its procurement and project management functions to better meet the mandate of the Department and the needs of its customers across the Government of Canada. A management action plan has been put in place to address the audit observations, findings and recommendations. This management action plan includes change management practices, and builds incremental improvements in procurement and project management, based on clear deliverables and time frames for implementation, aligned with the risk assessment of the audit recommendations.

Current Status

SSC has been providing updates on a quarterly basis to the Departmental Audit Committee on the progress made by the Corporate Services (procurement) and the Project Management and Delivery branches on the Management Action Plan.

The Departmental Audit Committee is an essential component of the governance structure of SSC, and is a critical aspect of a strong and credible internal audit regime. It is independent from SSC's management. Members of SSC's Departmental Audit Committee are Richard Dicerni (Chair), Paul Glover, Roxanne Anderson, and Ken Cochrane. Their biographies are attached.

The most recent progress update, on September 23, 2019, demonstrated that SSC is progressing well on delivering on actions related to all nine of the recommendations; five of them have been met, and the Department anticipates that the remaining four will be met by March 31, 2020.

SSC will continue to report on progress on its management action plan to the President, the Executive Vice‑President, and the senior management team, on a quarterly basis. The Department's Departmental Audit Committee will continue to carefully monitor the progress of the Management Action Plan. With regard to the re‑establishment of exceptional contracting limits, there is an opportunity for SSC to proceed with a submission to Treasury Board for this purpose. The goal is to take a holistic view of the Department and to request the authorities that would enable the Department to deliver on its mandate.

Shared Services Canada Departmental Audit Committee

Member Biographies

Richard Dicerni, Chair

Richard Dicerni

Richard Dicerni recently retired as the Deputy Minister, Alberta Executive Council and Head of the Alberta Public Service. Prior to accepting this position in October 2014, Mr. Dicerni was Adjunct Research Professor at the Ivey Business School and sat on various boards.

Born and raised in Montréal, Mr. Dicerni graduated from the Collège Sainte‑Marie de Montréal in 1969 with a Bachelor of Arts. He pursued graduate studies at the Harvard Kennedy School of Government where he earned a Master's in Public Administration in 1981.

Mr. Dicerni started his career with the federal government in 1969. In the 1970s and 1980s, he held a number of executive positions in the federal Public Service, including Senior Assistant Deputy Minister, Health and Welfare; and Deputy Secretary to the Cabinet. In 1992 he joined the Ontario Government as Deputy Minister of Environment and Energy. In 1995 he assumed the position of Deputy Minister, Education and Training.

In 1996, Mr. Dicerni was appointed President and Chief Executive Officer of the newly established Canadian Newspaper Association. Mr. Dicerni left this position in 1998 to become Senior Vice‑President at Ontario Power Generation. He stayed at Ontario Power Generation for the next seven years and led the company between 2003 and 2005.

He rejoined the Canadian Government as Deputy Minister of Industry where he served from 2006 to 2012.

He has served on the boards of Trent University, the Credit Valley Hospital, Atomic Energy of Canada Ltd., and the Public Policy Forum. He currently sits on the Board of Directors of Alberta Health Services.

In November 2016, Mr. Dicerni was appointed member of the Departmental Audit Committee for Shared Services Canada. In May 2017, he was appointed Chair of the Departmental Audit Committee.


Roxanne L. Anderson, Member

Roxanne L. Anderson

Roxanne Anderson is the Chief Executive Officer of March Advisory Inc., a retired managing partner of PricewaterhouseCoopers LLP (PwC), and the past Chair of the Board of the Institute of Mental Health Research at the University of Ottawa. Currently, Ms. Anderson sits on a number of private sector boards, the Institute of Mental Health Research Board, and is a member of the Executive Committee of the Institute of Corporate Directors for the Ottawa Chapter.

Ms. Anderson is focused on turnaround, transformation and governance. She was named as one of the top five turnaround specialists in Canada by Canadian Business Magazine.

Ms. Anderson has been engaged in turnaround and transformation in the private and public sectors. While at PwC, Ms. Anderson was the National Leader of the firm's Canadian Federal Government Services Practice, and consequently understands the issues of the federal government and the viewpoints of the communities affected. She has led a wide range of multidisciplinary projects to assist the federal government in the areas of business transformation as well as policy and strategic advice.

Ms. Anderson is Chartered Professional Accountant and Chartered Accountant (1987), and holds a Bachelor of Commerce and a Masters of Business Administration (1988). She is a graduate of the Institute of Corporate Directors and Rotman School of Management's Directors Education Program. She is a Licensed Insolvency Trustee and a Chartered Insolvency and Restructuring Professional.


Ken Cochrane, Member

Ken Cochrane

As a senior executive and management consultant, Ken Cochrane's career spans the financial services industry, government and the management consulting industry. Over a 35‑year period, he has held numerous roles, including:

President and Managing Partner of Southside Solutions Group Inc. (2009 to 2010, and 2014 to present), a private consultancy providing strategic planning, advice and guidance to senior leadership in the private sector, public sector and academia.

Partner-KPMG (2010 to 2014), as a Canadian Partner who led the firm's Canadian government information technology practice, and was lead Partner for Defence in Canada and Partner-in-Charge of ITnet Ottawa Inc., an information technology services company providing consulting and technology services to more than 30 federal departments.

Federal Chief Information Officer for Canada (2006 to 2008), as Federal Chief Information Officer within the Treasury Board of Canada Secretariat, and set strategy, policy and direction for all federal departments and agencies in the policy areas of information technology, information management, access to information, privacy, security (cyber, physical, personnel, contracting, information) and service delivery to citizens/businesses. He led development of the current suite of Treasury Board management policies and the management accountability framework for these policies, including the development and launch of GCpedia, designed to connect all federal public servants for information sharing and idea development.

Chief Executive Officer for IT Shared Service (2004 to 2006), as a Chief Executive Officer within Public Works and Government Services Canada, and led the establishment and transition to the Government of Canada's "first-generation" information technology Shared Services organization, initially planned to be established as a Special Operating Agency.

Chief Information Officer of Canada Customs and Revenue Agency (1999 to 2003), and led the transition from the large‑scale information technology organizations within Revenue Canada and Canada Customs to the then new Canada Customs and Revenue Agency in 2000.

Vice-President, Chief Information Officer and other key leadership roles for the Metropolitan Life Insurance Company/MetLife (1980 to 1999), spanning a 20‑year period, led information technology, personal insurance business-line operations and enterprise-wide business transformation initiatives. He held the roles of Chief Information Officer for MetLife-Canada and Vice President-in-Charge of Insurance/Mutual Fund, Savings and Sales-Force point of-sale systems for MetLife-USA.

Mr. Cochrane has both chaired and been a member of many (community, government and industry) committees, councils and boards. A graduate of Carleton University (Political Science) and Algonquin College (Information Technology). He has been an active public speaker locally, nationally and internationally speaking on a range of topics relating to information technology, leadership of information technology related projects, and project management. In November 2016, Mr. Cochrane was appointed member of the Departmental Audit Committee for Shared Services Canada.


2019-2020 Shared Services Canada Financial Outlook

2019-2020 Authorities as of September 24, 2019

Gross Appropriations - 2,586,937,014
Revenues credited to the Vote - (665,000,000)
Total Net Authorities* - 1,921,937,014

* Excludes EBP - ($94.1M)

Net Authorities for 2019-2020**

**Note: Authorities = Main Estimates

2019-2020 Authorities as of September 24, 2019

Consisting of:

Sub-Total - 1,921,937,014

Statutory (EBP) - 94,086,352
Total Authorities*** - 2,016,023,366

***Note that these figures exclude frozen allotment 

Total Revenues - 665,000,000

Revenues Consisting of:

Financial Authorities by Core Responsibilities as of September 24, 2019

"Information Technology Infrastructure Services (includes Operating, Capital and EBP, net of revenues)"

Sub-total - 2,016,023,366 (includes Operating, Capital, EBP and net of Revenues)

Revenues - 665,000,000 (includes Revenues only)

Total Gross Authorities (w/EBP & Revenues) - 2,681,023,366 (includes Operating, Capital, EBP and Revenues)

Departmental Plan 2019-2020 (Main Estimates, excluding Budget Implementation Vote - BIV) - Financial and Full-Time Employee (FTE) information by Core Responsibilities

Budgetary - Information Technology (IT)

Total Information Technology - 1,701,071,812

Internal Services (IS) - 199,818,129

Total SSC (net of revenues) - 1,900,889,941

FTE - Information Technology (IT)

Total IT - 5,521

Internal Services (IS) - 1,189

Total SSC - 6,710

1Budget Implementation Vote - BIV of $1.6 million for the Accessibility, Accommodations and Adaptive Computer Technology (AAACT) Program is included in the 2019-2020 Main Estimates but is excluded in the 2019-2020 Departmental Plan as per Treasury Board of Canada Secretariat guidelines.

Summaries of Key Government of Canada Digital Strategies

2018-2022 Digital Operations Strategic Plan

Purpose

The Digital Operations Strategic Plan establishes the direction for enabling the Government of Canada to become a digital leader, including digital transformation, service delivery, security, information management, and information technology. The plan provides a list of strategic actions and outlines the roles and responsibilities of various departments, including SSC.

Adapting to New Technologies

The world has undergone fundamental technological changes over the last 20 or 30 years and continues to face disruptive change. Expectations of government services are not static, and as external services become easier to use, Canadians expect government services to follow.

Adapting government to leverage new technologies and ways of working is both the major digital challenge and opportunity. New ways of doing things has the potential to enable the Government of Canada to work more efficiently and effectively while providing faster, better, more responsive services to Canadians. Some of the change drivers include:

Digital Standards

In addition to the specific strategic actions identified in the plan, achieving the digital government vision will require government to working differently. To this end, in September 2018, the government announced a set of ten digital standards to set the norm for how government works in the digital era and to guide the development of policy, programs, and services in government.

The standards are as follows:

Role of SSC

The Plan identifies priorities and initiatives that are required of internal service providers, including SSC, the Treasury Board of Canada Secretariat and Public Services and Procurement Canada to modernize service delivery, promote digital government, and to enable departments in moving toward digital programs and service delivery for Canadians. These initiatives include, among others, moving from outdated to new infrastructure in either enterprise data centres or cloud services, completing telecommunications and network consolidation, procurement modernization, and cloud procurement.

Objectives of the Plan

The integrated strategy outlined in the plan is divided into six themes:

  1. A service-oriented government with a user‑centred approach that puts people and their needs as the primary focus;
  2. An open, collaborative and accessible government that is accountable to Canadians, shares information and engages them in policy development and service co‑design;
  3. A digital‑first and digitally‑enabled government that is available anytime, anywhere, through any service window;
  4. Modern technology and modern information practices, embracing innovation and responsible use of new technologies, managing security and privacy, and being data driven;
  5. A digitally‑enabled Public Service with the skills, tools, values and mindset public servants need to enable a digital government, to deliver digital services, and to work openly and collaboratively; and
  6. Good digital governance that ensures proper project oversight and strategic prioritization, enabling innovation and experimentation, and that means promoting digital leadership, and managing succession.

August 2, 2019 Policy on Service and Digital

Introduction and Background

The Policy on Service and Digital and its supporting instruments are pivotal to SSC's operations. The documents serve as an integrated set of rules that articulate how the Government of Canada manages service delivery and the effectiveness of Government of Canada operations through the strategic management of information, data and information technology. They also specify the requirements for privacy, official languages and accessibility.

The policy outlines the roles and responsibilities of key Government of Canada organizations involved in the implementation of the policy and its instruments, as well as of individual departments and agencies. This includes the relationship between the Treasury Board of Canada Secretariat's Office of the Chief Information Officer and SSC. This policy will take effect on April 1, 2020 and it will replace several other Treasury Board of Canada Secretariat policies and instruments.

SSC's Responsibilities

This policy will require collaborative work and shared responsibilities among the Secretary of the Treasury Board of Canada Secretariat, the Chief Information Officer of Canada and deputy heads, including the President of SSC. The President of SSC will specifically be responsible for:

SSC will also be responsible for the following:

Next Steps

Developed through extensive engagement and collaboration, this policy and accompanying instruments are expected to help improve Government of Canada services and operations by:

While this new policy and directive consolidate requirements from existing Treasury Board policy instruments, they also introduce changes in the following five key areas:

2018 Cloud Adoption Strategy

Purpose

The Government of Canada is constantly transforming its information technology landscape to meet the expectations of Canadians. This began with the consolidation of data centres, networks and emails when SSC was created. One of the next evolutions is the move to cloud computing. Cloud computing is an on‑demand storage service obtained from a third party, which offers possible economies of scale and supports adaptability to address the evolution of information technology.

Role of SSC

SSC procures the services that departments and agencies are going to be using for cloud computing and the Department also supports these organizations to access these contracts. This support is referred to as cloud brokering. SSC monitors the usage of cloud services, including consumption, and providing an inventory of virtual assets.

Public Services and Procurement Canada may also implement contracts for cloud services, and it will work closely with SSC to leverage capabilities to collaboratively build contracting terms and security requirements. Departments and agencies will be responsible for security, deployment and service model selection, exit strategy, service authorization, and continual management of the cloud service to ensure that business and security requirements are met.

Why Cloud? Vision for Adoption

The three goals for the cloud adoption strategy are:

Public cloud services provide benefits such as performance monitoring, security, innovative features, the agility required to carry out any projects to completion, and on‑demand storage space that can grow and expand, as needed.

The Government of Canada is proposing a Cloud First adoption strategy, meaning that the Government of Canada has an order of preference when selecting a cloud deployment model, but recognizes that no one deployment model meets all of its needs. Different deployment and service delivery models will provide the benefits the Government of Canada is seeking from cloud. Ultimately, chief information officers will decide which applications are suitable for the cloud and which deployment is best for each application.

Cloud Security

In the cloud‑computing delivery model, the Government of Canada collaborates with the provider on many aspects of security and privacy, but departments and agencies remain accountable for the confidentiality and availability of information technology services. For this reason, departments and agencies will adopt a structured risk‑management approach that takes into account the integration of cloud services into their information technology services. Cloud also offers security certifications and third‑party security audits that allow for visibility and transparency in the cloud service provider's security practices. Providers can then reuse these certifications to provide the Government of Canada with the required security evidence.

Next Steps

SSC's awarding of contracts has allowed departments and agencies to explore platforms for application development, adaptable computing and storage for both research and enterprise use, and new technologies such as artificial intelligence. The lessons learned from procuring public cloud services at the unclassified level will be applied to protected cloud services. SSC will also build network connections directly to major cloud service providers and thereby remove stress from Internet connections and ensure a higher degree of availability for cloud‑based services. As the adoption of cloud matures, departments and agencies will invest in cloud centres of excellence to create a hub for cloud talent to help them tackle new challenges and adopt new roles, responsibilities and ways of organizing work.

SSC Legislative Framework

Overview

SSC provides information technology services to other government departments. SSC's mandate is to provide services related to email, data centres, networks and end‑user information technology. The Department has both mandatory and optional customers.

SSC's mandatory customer base is divided into two groups. There are 43 departments that must use the Department's full range of services, with an additional group of departments, and agencies that must use a subset of SSC's services.

Current Status

The Shared Services Canada Act

The Shared Services Canada Act came into effect June 29, 2012. The Act is different than other departmental Acts as it establishes a framework of powers, duties and functions, but does not describe the services that SSC provides.

According to the Act, the Governor in Council defines both the services to be provided by SSC and the recipients of those services. Unlike many other departmental Acts, the Shared Services Canada Act itself does not name the Minister of SSC, but rather gives the Governor in Council the authority to name the Minister. The Governor in Council exercises these authorities by issuing orders‑in‑council.

One of the orders‑in‑council names the Minister of Public Works and Government Services Canada as the Minister of SSC. Another order‑in‑council establishes the services that SSC provides, as well as the customers who use these services, and whether they are optional or mandatory clients.

SSC's Mandate - Order‑in‑Council 2015‑1071

SSC is currently mandated to provide services related to:

  1. End‑user information technology;
  2. Email;
  3. Data centres; and
  4. Networks services.

SSC's Customers - Mandatory and Optional

The order‑in‑council groups SSC's services in three categories when it comes to the customers that it serves:

  1. End‑user information technology (approximately 84 mandatory customers, not including those that are optional);
  2. All shared services related to email, data centres and networks services (currently 43 customers, including SSC itself, and 39 small departmental agencies); and
  3. A subset of shared services related to email, data centres and network services (approximately 39 mandatory customers, not including those that are optional).

The Department has 43 mandatory customers that must use the complete set of services provided by SSC. Additionally, there are groups of customers that must use SSC's end‑user information technology services as well as the subset of shared services related to email, data centres and networks services. SSC may provide customers in these groups with all the shared services related to email, data centres and network services, if they would like to use the Department's full suite of services.

Lastly, on an optional basis, SSC may provide services to the following entities:

  1. Crown corporations;
  2. Any other person or other organization for whom a federal Minister is accountable to Parliament; and
  3. A government of a province or municipality in Canada, a Canadian aid agency, a public health organization, an intergovernmental organization or a foreign government, so long as there are no additional costs incurred by, or additional resources allocated by SSC.

The funding for SSC to provide these customer services are provided to the Department either through a central budget allocation or through cost recovery.

Ability to Delegate and Authorize

The Minister may grant an authorization to a department exempting it from some portion of SSC's mandate provided there are exceptional circumstances justifying it. The authorization can either relate to a part of the customer department, or a part of SSC's mandate (but the Minister cannot grant an authorization excluding a full department from SSC's entire mandate). The Minister for SSC must personally authorize the exemption. For example, the Minister for SSC has authorized Global Affairs Canada's missions abroad to obtain part of SSC's services.

The Shared Services Canada Act gives the Minister the authority to enable procurement. This means that SSC has the authority to procure on behalf of other departments, but only for the purpose of providing one of its services. The Minister may delegate this authority to another Minister. A delegation does not authorize a customer to provide itself with one of SSC's services, but does allow it to acquire goods or services related to SSC's mandate using SSC procurement instruments.

Delegation of Signing Authorities

Background

As the Minister responsible for SSC, you have been conferred spending and financial authorities. In order for the Department to function, key authorities are delegated from the Minister to their senior officials, and from those senior officials to all other necessary functional positions within the Department.

These formal delegations are done through delegation charts, which identify positions (not individuals), the extent of the authorities delegated (full or restricted) and each type of spending and financial authority.

As per the Treasury Board Directive on Delegation of Spending and Financial Authorities, the departmental delegation chart must be updated and the Minister's signature must be sought when a change in Minister occurs. The revised delegation chart is to be submitted for the Minister's signature within 90 calendar days of their appointment date.

This note aims to provide a high‑level overview of the Delegation Matrix and some examples of key authorities that the Minister responsible for SSC will have to delegate once in office.

Types of Authorities Typically Delegated

Some of the key authorities delegated through this instruction include the following:

Spending Authorities

  1. Expenditure Initiation Authority: authority to incur an expenditure (to spend funds) or to make an obligation to obtain goods or services that will result in the eventual expenditure of funds;
  2. Commitment Authority (Section 32 of the Financial Administration Act): authority to ensure that there is a sufficient unencumbered balance available before entering into a contract or other arrangement; and
  3. Transaction Authority: authority to enter into contracts, including acquisition card purchases, or approval on legal entitlements (e.g., employment insurance payments).

Financial Authorities

  1. Certification Authority (Section 34 of the Financial Administration Act): authority to certify contract performance and price, entitlement or eligibility of the payment; and
  2. Payment Authority (Section 33 of the Financial Administration Act): authority to requisition payments according to section 33 of the Financial Administration Act.

Other Relevant Authorities:

  1. Other Authorities: includes authorities (whether restricted or full) to amend the Delegation of Signing Authority Instruments, authorize settlements of a debt owed to the Crown, disposal of materiel, service agreements, loss of public money or property, waive/reduce interest, write‑off debts and materiel, and real property transactions and agreements.

Next Steps

As required by the Treasury Board Directive, the instruments will be reviewed, updated, and presented to the Minister within 90 calendar days of their appointment date.

Until the new instruments are approved, the delegation instrument that is currently being used will remain as the key instrument that allows for the delegation of authorities to flow through the respective executive positions.

This allows the Department to continue to execute its mandate under the current approved delegation levels until the transition to a new Minister is finalized.

Should there be any substantial changes to the delegation matrix, after the time that the newly appointed Minister provides a signature, the Minister may be required to sign a new matrix.


Lexicon

Page details

Date modified: